pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +1 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +253 -252
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +337 -336
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +113 -112
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +183 -182
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +239 -238
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +2525 -2524
  53. pulumi_vault/database/outputs.py +1529 -1528
  54. pulumi_vault/database/secret_backend_connection.py +169 -168
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +179 -178
  57. pulumi_vault/database/secrets_mount.py +267 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +260 -259
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +232 -231
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +588 -587
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +554 -553
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +1 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -30
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +141 -140
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -27
  191. pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +715 -714
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
  203. pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +1 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +93 -92
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +1 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +54 -53
  257. pulumi_vault/transit/get_verify.py +60 -59
  258. pulumi_vault/transit/secret_backend_key.py +274 -273
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
  264. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -60,12 +61,12 @@ class GetAuthBackendConfigResult:
60
61
 
61
62
  @property
62
63
  @pulumi.getter
63
- def backend(self) -> Optional[str]:
64
+ def backend(self) -> Optional[builtins.str]:
64
65
  return pulumi.get(self, "backend")
65
66
 
66
67
  @property
67
68
  @pulumi.getter(name="disableIssValidation")
68
- def disable_iss_validation(self) -> bool:
69
+ def disable_iss_validation(self) -> builtins.bool:
69
70
  """
70
71
  (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
71
72
  """
@@ -73,7 +74,7 @@ class GetAuthBackendConfigResult:
73
74
 
74
75
  @property
75
76
  @pulumi.getter(name="disableLocalCaJwt")
76
- def disable_local_ca_jwt(self) -> bool:
77
+ def disable_local_ca_jwt(self) -> builtins.bool:
77
78
  """
78
79
  (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
79
80
  """
@@ -81,7 +82,7 @@ class GetAuthBackendConfigResult:
81
82
 
82
83
  @property
83
84
  @pulumi.getter
84
- def id(self) -> str:
85
+ def id(self) -> builtins.str:
85
86
  """
86
87
  The provider-assigned unique ID for this managed resource.
87
88
  """
@@ -89,7 +90,7 @@ class GetAuthBackendConfigResult:
89
90
 
90
91
  @property
91
92
  @pulumi.getter
92
- def issuer(self) -> str:
93
+ def issuer(self) -> builtins.str:
93
94
  """
94
95
  Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
95
96
  """
@@ -97,7 +98,7 @@ class GetAuthBackendConfigResult:
97
98
 
98
99
  @property
99
100
  @pulumi.getter(name="kubernetesCaCert")
100
- def kubernetes_ca_cert(self) -> str:
101
+ def kubernetes_ca_cert(self) -> builtins.str:
101
102
  """
102
103
  PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
103
104
  """
@@ -105,7 +106,7 @@ class GetAuthBackendConfigResult:
105
106
 
106
107
  @property
107
108
  @pulumi.getter(name="kubernetesHost")
108
- def kubernetes_host(self) -> str:
109
+ def kubernetes_host(self) -> builtins.str:
109
110
  """
110
111
  Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
111
112
  """
@@ -113,12 +114,12 @@ class GetAuthBackendConfigResult:
113
114
 
114
115
  @property
115
116
  @pulumi.getter
116
- def namespace(self) -> Optional[str]:
117
+ def namespace(self) -> Optional[builtins.str]:
117
118
  return pulumi.get(self, "namespace")
118
119
 
119
120
  @property
120
121
  @pulumi.getter(name="pemKeys")
121
- def pem_keys(self) -> Sequence[str]:
122
+ def pem_keys(self) -> Sequence[builtins.str]:
122
123
  """
123
124
  Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
124
125
  """
@@ -126,7 +127,7 @@ class GetAuthBackendConfigResult:
126
127
 
127
128
  @property
128
129
  @pulumi.getter(name="useAnnotationsAsAliasMetadata")
129
- def use_annotations_as_alias_metadata(self) -> bool:
130
+ def use_annotations_as_alias_metadata(self) -> builtins.bool:
130
131
  """
131
132
  (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
132
133
  """
@@ -151,15 +152,15 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
151
152
  use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
152
153
 
153
154
 
154
- def get_auth_backend_config(backend: Optional[str] = None,
155
- disable_iss_validation: Optional[bool] = None,
156
- disable_local_ca_jwt: Optional[bool] = None,
157
- issuer: Optional[str] = None,
158
- kubernetes_ca_cert: Optional[str] = None,
159
- kubernetes_host: Optional[str] = None,
160
- namespace: Optional[str] = None,
161
- pem_keys: Optional[Sequence[str]] = None,
162
- use_annotations_as_alias_metadata: Optional[bool] = None,
155
+ def get_auth_backend_config(backend: Optional[builtins.str] = None,
156
+ disable_iss_validation: Optional[builtins.bool] = None,
157
+ disable_local_ca_jwt: Optional[builtins.bool] = None,
158
+ issuer: Optional[builtins.str] = None,
159
+ kubernetes_ca_cert: Optional[builtins.str] = None,
160
+ kubernetes_host: Optional[builtins.str] = None,
161
+ namespace: Optional[builtins.str] = None,
162
+ pem_keys: Optional[Sequence[builtins.str]] = None,
163
+ use_annotations_as_alias_metadata: Optional[builtins.bool] = None,
163
164
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
164
165
  """
165
166
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -167,19 +168,19 @@ def get_auth_backend_config(backend: Optional[str] = None,
167
168
  information.
168
169
 
169
170
 
170
- :param str backend: The unique name for the Kubernetes backend the config to
171
+ :param builtins.str backend: The unique name for the Kubernetes backend the config to
171
172
  retrieve Role attributes for resides in. Defaults to "kubernetes".
172
- :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
173
- :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
174
- :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
175
- :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
176
- :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
177
- :param str namespace: The namespace of the target resource.
173
+ :param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
174
+ :param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
175
+ :param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
176
+ :param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
177
+ :param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
178
+ :param builtins.str namespace: The namespace of the target resource.
178
179
  The value should not contain leading or trailing forward slashes.
179
180
  The `namespace` is always relative to the provider's configured namespace.
180
181
  *Available only for Vault Enterprise*.
181
- :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
182
- :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
182
+ :param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
183
+ :param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
183
184
  """
184
185
  __args__ = dict()
185
186
  __args__['backend'] = backend
@@ -205,15 +206,15 @@ def get_auth_backend_config(backend: Optional[str] = None,
205
206
  namespace=pulumi.get(__ret__, 'namespace'),
206
207
  pem_keys=pulumi.get(__ret__, 'pem_keys'),
207
208
  use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
208
- def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]] = None,
209
- disable_iss_validation: Optional[pulumi.Input[Optional[bool]]] = None,
210
- disable_local_ca_jwt: Optional[pulumi.Input[Optional[bool]]] = None,
211
- issuer: Optional[pulumi.Input[Optional[str]]] = None,
212
- kubernetes_ca_cert: Optional[pulumi.Input[Optional[str]]] = None,
213
- kubernetes_host: Optional[pulumi.Input[Optional[str]]] = None,
214
- namespace: Optional[pulumi.Input[Optional[str]]] = None,
215
- pem_keys: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
216
- use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[bool]]] = None,
209
+ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
210
+ disable_iss_validation: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
211
+ disable_local_ca_jwt: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
212
+ issuer: Optional[pulumi.Input[Optional[builtins.str]]] = None,
213
+ kubernetes_ca_cert: Optional[pulumi.Input[Optional[builtins.str]]] = None,
214
+ kubernetes_host: Optional[pulumi.Input[Optional[builtins.str]]] = None,
215
+ namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
216
+ pem_keys: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
217
+ use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
217
218
  opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
218
219
  """
219
220
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -221,19 +222,19 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[str]]
221
222
  information.
222
223
 
223
224
 
224
- :param str backend: The unique name for the Kubernetes backend the config to
225
+ :param builtins.str backend: The unique name for the Kubernetes backend the config to
225
226
  retrieve Role attributes for resides in. Defaults to "kubernetes".
226
- :param bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
227
- :param bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
228
- :param str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
229
- :param str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
230
- :param str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
231
- :param str namespace: The namespace of the target resource.
227
+ :param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
228
+ :param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
229
+ :param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
230
+ :param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
231
+ :param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
232
+ :param builtins.str namespace: The namespace of the target resource.
232
233
  The value should not contain leading or trailing forward slashes.
233
234
  The `namespace` is always relative to the provider's configured namespace.
234
235
  *Available only for Vault Enterprise*.
235
- :param Sequence[str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
236
- :param bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
236
+ :param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
237
+ :param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
237
238
  """
238
239
  __args__ = dict()
239
240
  __args__['backend'] = backend
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -81,7 +82,7 @@ class GetAuthBackendRoleResult:
81
82
 
82
83
  @property
83
84
  @pulumi.getter(name="aliasNameSource")
84
- def alias_name_source(self) -> str:
85
+ def alias_name_source(self) -> builtins.str:
85
86
  """
86
87
  Method used for generating identity aliases. (vault-1.9+)
87
88
  """
@@ -89,7 +90,7 @@ class GetAuthBackendRoleResult:
89
90
 
90
91
  @property
91
92
  @pulumi.getter
92
- def audience(self) -> Optional[str]:
93
+ def audience(self) -> Optional[builtins.str]:
93
94
  """
94
95
  Audience claim to verify in the JWT.
95
96
  """
@@ -97,12 +98,12 @@ class GetAuthBackendRoleResult:
97
98
 
98
99
  @property
99
100
  @pulumi.getter
100
- def backend(self) -> Optional[str]:
101
+ def backend(self) -> Optional[builtins.str]:
101
102
  return pulumi.get(self, "backend")
102
103
 
103
104
  @property
104
105
  @pulumi.getter(name="boundServiceAccountNames")
105
- def bound_service_account_names(self) -> Sequence[str]:
106
+ def bound_service_account_names(self) -> Sequence[builtins.str]:
106
107
  """
107
108
  List of service account names able to access this role. If set to "*" all names are allowed, both this and bound_service_account_namespaces can not be "*".
108
109
  """
@@ -110,7 +111,7 @@ class GetAuthBackendRoleResult:
110
111
 
111
112
  @property
112
113
  @pulumi.getter(name="boundServiceAccountNamespaces")
113
- def bound_service_account_namespaces(self) -> Sequence[str]:
114
+ def bound_service_account_namespaces(self) -> Sequence[builtins.str]:
114
115
  """
115
116
  List of namespaces allowed to access this role. If set to "*" all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
116
117
  """
@@ -118,7 +119,7 @@ class GetAuthBackendRoleResult:
118
119
 
119
120
  @property
120
121
  @pulumi.getter
121
- def id(self) -> str:
122
+ def id(self) -> builtins.str:
122
123
  """
123
124
  The provider-assigned unique ID for this managed resource.
124
125
  """
@@ -126,17 +127,17 @@ class GetAuthBackendRoleResult:
126
127
 
127
128
  @property
128
129
  @pulumi.getter
129
- def namespace(self) -> Optional[str]:
130
+ def namespace(self) -> Optional[builtins.str]:
130
131
  return pulumi.get(self, "namespace")
131
132
 
132
133
  @property
133
134
  @pulumi.getter(name="roleName")
134
- def role_name(self) -> str:
135
+ def role_name(self) -> builtins.str:
135
136
  return pulumi.get(self, "role_name")
136
137
 
137
138
  @property
138
139
  @pulumi.getter(name="tokenBoundCidrs")
139
- def token_bound_cidrs(self) -> Optional[Sequence[str]]:
140
+ def token_bound_cidrs(self) -> Optional[Sequence[builtins.str]]:
140
141
  """
141
142
  List of CIDR blocks; if set, specifies blocks of IP
142
143
  addresses which can authenticate successfully, and ties the resulting token to these blocks
@@ -146,7 +147,7 @@ class GetAuthBackendRoleResult:
146
147
 
147
148
  @property
148
149
  @pulumi.getter(name="tokenExplicitMaxTtl")
149
- def token_explicit_max_ttl(self) -> Optional[int]:
150
+ def token_explicit_max_ttl(self) -> Optional[builtins.int]:
150
151
  """
151
152
  If set, will encode an
152
153
  [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
@@ -157,7 +158,7 @@ class GetAuthBackendRoleResult:
157
158
 
158
159
  @property
159
160
  @pulumi.getter(name="tokenMaxTtl")
160
- def token_max_ttl(self) -> Optional[int]:
161
+ def token_max_ttl(self) -> Optional[builtins.int]:
161
162
  """
162
163
  The maximum lifetime for generated tokens in number of seconds.
163
164
  Its current value will be referenced at renewal time.
@@ -166,7 +167,7 @@ class GetAuthBackendRoleResult:
166
167
 
167
168
  @property
168
169
  @pulumi.getter(name="tokenNoDefaultPolicy")
169
- def token_no_default_policy(self) -> Optional[bool]:
170
+ def token_no_default_policy(self) -> Optional[builtins.bool]:
170
171
  """
171
172
  If set, the default policy will not be set on
172
173
  generated tokens; otherwise it will be added to the policies set in token_policies.
@@ -175,7 +176,7 @@ class GetAuthBackendRoleResult:
175
176
 
176
177
  @property
177
178
  @pulumi.getter(name="tokenNumUses")
178
- def token_num_uses(self) -> Optional[int]:
179
+ def token_num_uses(self) -> Optional[builtins.int]:
179
180
  """
180
181
  The
181
182
  [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
@@ -185,7 +186,7 @@ class GetAuthBackendRoleResult:
185
186
 
186
187
  @property
187
188
  @pulumi.getter(name="tokenPeriod")
188
- def token_period(self) -> Optional[int]:
189
+ def token_period(self) -> Optional[builtins.int]:
189
190
  """
190
191
  (Optional) If set, indicates that the
191
192
  token generated using this role should never expire. The token should be renewed within the
@@ -196,7 +197,7 @@ class GetAuthBackendRoleResult:
196
197
 
197
198
  @property
198
199
  @pulumi.getter(name="tokenPolicies")
199
- def token_policies(self) -> Optional[Sequence[str]]:
200
+ def token_policies(self) -> Optional[Sequence[builtins.str]]:
200
201
  """
201
202
  List of policies to encode onto generated tokens. Depending
202
203
  on the auth method, this list may be supplemented by user/group/other values.
@@ -205,7 +206,7 @@ class GetAuthBackendRoleResult:
205
206
 
206
207
  @property
207
208
  @pulumi.getter(name="tokenTtl")
208
- def token_ttl(self) -> Optional[int]:
209
+ def token_ttl(self) -> Optional[builtins.int]:
209
210
  """
210
211
  The incremental lifetime for generated tokens in number of seconds.
211
212
  Its current value will be referenced at renewal time.
@@ -214,7 +215,7 @@ class GetAuthBackendRoleResult:
214
215
 
215
216
  @property
216
217
  @pulumi.getter(name="tokenType")
217
- def token_type(self) -> Optional[str]:
218
+ def token_type(self) -> Optional[builtins.str]:
218
219
  """
219
220
  The type of token that should be generated. Can be `service`,
220
221
  `batch`, or `default` to use the mount's tuned default (which unless changed will be
@@ -250,19 +251,19 @@ class AwaitableGetAuthBackendRoleResult(GetAuthBackendRoleResult):
250
251
  token_type=self.token_type)
251
252
 
252
253
 
253
- def get_auth_backend_role(audience: Optional[str] = None,
254
- backend: Optional[str] = None,
255
- namespace: Optional[str] = None,
256
- role_name: Optional[str] = None,
257
- token_bound_cidrs: Optional[Sequence[str]] = None,
258
- token_explicit_max_ttl: Optional[int] = None,
259
- token_max_ttl: Optional[int] = None,
260
- token_no_default_policy: Optional[bool] = None,
261
- token_num_uses: Optional[int] = None,
262
- token_period: Optional[int] = None,
263
- token_policies: Optional[Sequence[str]] = None,
264
- token_ttl: Optional[int] = None,
265
- token_type: Optional[str] = None,
254
+ def get_auth_backend_role(audience: Optional[builtins.str] = None,
255
+ backend: Optional[builtins.str] = None,
256
+ namespace: Optional[builtins.str] = None,
257
+ role_name: Optional[builtins.str] = None,
258
+ token_bound_cidrs: Optional[Sequence[builtins.str]] = None,
259
+ token_explicit_max_ttl: Optional[builtins.int] = None,
260
+ token_max_ttl: Optional[builtins.int] = None,
261
+ token_no_default_policy: Optional[builtins.bool] = None,
262
+ token_num_uses: Optional[builtins.int] = None,
263
+ token_period: Optional[builtins.int] = None,
264
+ token_policies: Optional[Sequence[builtins.str]] = None,
265
+ token_ttl: Optional[builtins.int] = None,
266
+ token_type: Optional[builtins.str] = None,
266
267
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendRoleResult:
267
268
  """
268
269
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -270,37 +271,37 @@ def get_auth_backend_role(audience: Optional[str] = None,
270
271
  information.
271
272
 
272
273
 
273
- :param str audience: Audience claim to verify in the JWT.
274
- :param str backend: The unique name for the Kubernetes backend the role to
274
+ :param builtins.str audience: Audience claim to verify in the JWT.
275
+ :param builtins.str backend: The unique name for the Kubernetes backend the role to
275
276
  retrieve Role attributes for resides in. Defaults to "kubernetes".
276
- :param str namespace: The namespace of the target resource.
277
+ :param builtins.str namespace: The namespace of the target resource.
277
278
  The value should not contain leading or trailing forward slashes.
278
279
  The `namespace` is always relative to the provider's configured namespace.
279
280
  *Available only for Vault Enterprise*.
280
- :param str role_name: The name of the role to retrieve the Role attributes for.
281
- :param Sequence[str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
281
+ :param builtins.str role_name: The name of the role to retrieve the Role attributes for.
282
+ :param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
282
283
  addresses which can authenticate successfully, and ties the resulting token to these blocks
283
284
  as well.
284
- :param int token_explicit_max_ttl: If set, will encode an
285
+ :param builtins.int token_explicit_max_ttl: If set, will encode an
285
286
  [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
286
287
  onto the token in number of seconds. This is a hard cap even if `token_ttl` and
287
288
  `token_max_ttl` would otherwise allow a renewal.
288
- :param int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
289
+ :param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
289
290
  Its current value will be referenced at renewal time.
290
- :param bool token_no_default_policy: If set, the default policy will not be set on
291
+ :param builtins.bool token_no_default_policy: If set, the default policy will not be set on
291
292
  generated tokens; otherwise it will be added to the policies set in token_policies.
292
- :param int token_num_uses: The
293
+ :param builtins.int token_num_uses: The
293
294
  [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
294
295
  if any, in number of seconds to set on the token.
295
- :param int token_period: (Optional) If set, indicates that the
296
+ :param builtins.int token_period: (Optional) If set, indicates that the
296
297
  token generated using this role should never expire. The token should be renewed within the
297
298
  duration specified by this value. At each renewal, the token's TTL will be set to the
298
299
  value of this field. Specified in seconds.
299
- :param Sequence[str] token_policies: List of policies to encode onto generated tokens. Depending
300
+ :param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
300
301
  on the auth method, this list may be supplemented by user/group/other values.
301
- :param int token_ttl: The incremental lifetime for generated tokens in number of seconds.
302
+ :param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
302
303
  Its current value will be referenced at renewal time.
303
- :param str token_type: The type of token that should be generated. Can be `service`,
304
+ :param builtins.str token_type: The type of token that should be generated. Can be `service`,
304
305
  `batch`, or `default` to use the mount's tuned default (which unless changed will be
305
306
  `service` tokens). For token store roles, there are two additional possibilities:
306
307
  `default-service` and `default-batch` which specify the type to return unless the client
@@ -341,19 +342,19 @@ def get_auth_backend_role(audience: Optional[str] = None,
341
342
  token_policies=pulumi.get(__ret__, 'token_policies'),
342
343
  token_ttl=pulumi.get(__ret__, 'token_ttl'),
343
344
  token_type=pulumi.get(__ret__, 'token_type'))
344
- def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]] = None,
345
- backend: Optional[pulumi.Input[Optional[str]]] = None,
346
- namespace: Optional[pulumi.Input[Optional[str]]] = None,
347
- role_name: Optional[pulumi.Input[str]] = None,
348
- token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
349
- token_explicit_max_ttl: Optional[pulumi.Input[Optional[int]]] = None,
350
- token_max_ttl: Optional[pulumi.Input[Optional[int]]] = None,
351
- token_no_default_policy: Optional[pulumi.Input[Optional[bool]]] = None,
352
- token_num_uses: Optional[pulumi.Input[Optional[int]]] = None,
353
- token_period: Optional[pulumi.Input[Optional[int]]] = None,
354
- token_policies: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
355
- token_ttl: Optional[pulumi.Input[Optional[int]]] = None,
356
- token_type: Optional[pulumi.Input[Optional[str]]] = None,
345
+ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[builtins.str]]] = None,
346
+ backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
347
+ namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
348
+ role_name: Optional[pulumi.Input[builtins.str]] = None,
349
+ token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
350
+ token_explicit_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
351
+ token_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
352
+ token_no_default_policy: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
353
+ token_num_uses: Optional[pulumi.Input[Optional[builtins.int]]] = None,
354
+ token_period: Optional[pulumi.Input[Optional[builtins.int]]] = None,
355
+ token_policies: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
356
+ token_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
357
+ token_type: Optional[pulumi.Input[Optional[builtins.str]]] = None,
357
358
  opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
358
359
  """
359
360
  Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -361,37 +362,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[str]]]
361
362
  information.
362
363
 
363
364
 
364
- :param str audience: Audience claim to verify in the JWT.
365
- :param str backend: The unique name for the Kubernetes backend the role to
365
+ :param builtins.str audience: Audience claim to verify in the JWT.
366
+ :param builtins.str backend: The unique name for the Kubernetes backend the role to
366
367
  retrieve Role attributes for resides in. Defaults to "kubernetes".
367
- :param str namespace: The namespace of the target resource.
368
+ :param builtins.str namespace: The namespace of the target resource.
368
369
  The value should not contain leading or trailing forward slashes.
369
370
  The `namespace` is always relative to the provider's configured namespace.
370
371
  *Available only for Vault Enterprise*.
371
- :param str role_name: The name of the role to retrieve the Role attributes for.
372
- :param Sequence[str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
372
+ :param builtins.str role_name: The name of the role to retrieve the Role attributes for.
373
+ :param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
373
374
  addresses which can authenticate successfully, and ties the resulting token to these blocks
374
375
  as well.
375
- :param int token_explicit_max_ttl: If set, will encode an
376
+ :param builtins.int token_explicit_max_ttl: If set, will encode an
376
377
  [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
377
378
  onto the token in number of seconds. This is a hard cap even if `token_ttl` and
378
379
  `token_max_ttl` would otherwise allow a renewal.
379
- :param int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
380
+ :param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
380
381
  Its current value will be referenced at renewal time.
381
- :param bool token_no_default_policy: If set, the default policy will not be set on
382
+ :param builtins.bool token_no_default_policy: If set, the default policy will not be set on
382
383
  generated tokens; otherwise it will be added to the policies set in token_policies.
383
- :param int token_num_uses: The
384
+ :param builtins.int token_num_uses: The
384
385
  [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
385
386
  if any, in number of seconds to set on the token.
386
- :param int token_period: (Optional) If set, indicates that the
387
+ :param builtins.int token_period: (Optional) If set, indicates that the
387
388
  token generated using this role should never expire. The token should be renewed within the
388
389
  duration specified by this value. At each renewal, the token's TTL will be set to the
389
390
  value of this field. Specified in seconds.
390
- :param Sequence[str] token_policies: List of policies to encode onto generated tokens. Depending
391
+ :param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
391
392
  on the auth method, this list may be supplemented by user/group/other values.
392
- :param int token_ttl: The incremental lifetime for generated tokens in number of seconds.
393
+ :param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
393
394
  Its current value will be referenced at renewal time.
394
- :param str token_type: The type of token that should be generated. Can be `service`,
395
+ :param builtins.str token_type: The type of token that should be generated. Can be `service`,
395
396
  `batch`, or `default` to use the mount's tuned default (which unless changed will be
396
397
  `service` tokens). For token store roles, there are two additional possibilities:
397
398
  `default-service` and `default-batch` which specify the type to return unless the client