pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744183682__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +1 -0
  2. pulumi_vault/_inputs.py +554 -553
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +253 -252
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +337 -336
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +113 -112
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +183 -182
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +239 -238
  38. pulumi_vault/azure/backend_role.py +141 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +2525 -2524
  53. pulumi_vault/database/outputs.py +1529 -1528
  54. pulumi_vault/database/secret_backend_connection.py +169 -168
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +179 -178
  57. pulumi_vault/database/secrets_mount.py +267 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +260 -259
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +232 -231
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +8 -7
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +588 -587
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +554 -553
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +56 -55
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +1 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -30
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +141 -140
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -27
  191. pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +715 -714
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
  203. pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +1 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +93 -92
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +1 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +54 -53
  257. pulumi_vault/transit/get_verify.py +60 -59
  258. pulumi_vault/transit/secret_backend_key.py +274 -273
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/METADATA +1 -1
  261. pulumi_vault-6.7.0a1744183682.dist-info/RECORD +265 -0
  262. pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
  263. {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/WHEEL +0 -0
  264. {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744183682.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,75 +20,75 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
19
20
  @pulumi.input_type
20
21
  class SecretBackendRoleArgs:
21
22
  def __init__(__self__, *,
22
- backend: pulumi.Input[str],
23
- credential_type: pulumi.Input[str],
24
- default_sts_ttl: Optional[pulumi.Input[int]] = None,
25
- external_id: Optional[pulumi.Input[str]] = None,
26
- iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
- iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
28
- max_sts_ttl: Optional[pulumi.Input[int]] = None,
29
- name: Optional[pulumi.Input[str]] = None,
30
- namespace: Optional[pulumi.Input[str]] = None,
31
- permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
32
- policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
33
- policy_document: Optional[pulumi.Input[str]] = None,
34
- role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
- session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
36
- user_path: Optional[pulumi.Input[str]] = None):
23
+ backend: pulumi.Input[builtins.str],
24
+ credential_type: pulumi.Input[builtins.str],
25
+ default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
26
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
27
+ iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
28
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
29
+ max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
30
+ name: Optional[pulumi.Input[builtins.str]] = None,
31
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
32
+ permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
33
+ policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
34
+ policy_document: Optional[pulumi.Input[builtins.str]] = None,
35
+ role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
36
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
37
+ user_path: Optional[pulumi.Input[builtins.str]] = None):
37
38
  """
38
39
  The set of arguments for constructing a SecretBackendRole resource.
39
- :param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
40
+ :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
40
41
  with no leading or trailing `/`s.
41
- :param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
42
+ :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
42
43
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
43
44
  `federation_token`.
44
- :param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
45
+ :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
45
46
  When a TTL is not specified when STS credentials are requested,
46
47
  and a default TTL is specified on the role,
47
48
  then this default TTL will be used. Valid only when `credential_type` is one of
48
49
  `assumed_role` or `federation_token`.
49
- :param pulumi.Input[str] external_id: External ID to set for assume role creds.
50
+ :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
50
51
  Valid only when `credential_type` is set to `assumed_role`.
51
- :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
52
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
52
53
  against this vault role will be added to these IAM Groups. For a credential
53
54
  type of `assumed_role` or `federation_token`, the policies sent to the
54
55
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
55
56
  policies from each group in `iam_groups` combined with the `policy_document`
56
57
  and `policy_arns` parameters.
57
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
58
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
58
59
  to be used as tags for any IAM user that is created by this role.
59
- :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
60
+ :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
60
61
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
61
62
  one of `assumed_role` or `federation_token`.
62
- :param pulumi.Input[str] name: The name to identify this role within the backend.
63
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
63
64
  Must be unique within the backend.
64
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
65
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
65
66
  The value should not contain leading or trailing forward slashes.
66
67
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
67
68
  *Available only for Vault Enterprise*.
68
- :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
69
+ :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
69
70
  Boundary to attach to IAM users created in the role. Valid only when
70
71
  `credential_type` is `iam_user`. If not specified, then no permissions boundary
71
72
  policy will be attached.
72
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
73
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
73
74
  behavior depends on the credential type. With `iam_user`, the policies will be
74
75
  attached to IAM users when they are requested. With `assumed_role` and
75
76
  `federation_token`, the policy ARNs will act as a filter on what the credentials
76
77
  can do, similar to `policy_document`. When `credential_type` is `iam_user` or
77
78
  `federation_token`, at least one of `policy_document` or `policy_arns` must
78
79
  be specified.
79
- :param pulumi.Input[str] policy_document: The IAM policy document for the role. The
80
+ :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
80
81
  behavior depends on the credential type. With `iam_user`, the policy document
81
82
  will be attached to the IAM user generated and augment the permissions the IAM
82
83
  user has. With `assumed_role` and `federation_token`, the policy document will
83
84
  act as a filter on what the credentials can do, similar to `policy_arns`.
84
- :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
85
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
85
86
  is allowed to assume. Required when `credential_type` is `assumed_role` and
86
87
  prohibited otherwise.
87
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
88
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
88
89
  during assume role creds creation. Valid only when `credential_type` is set to
89
90
  `assumed_role`.
90
- :param pulumi.Input[str] user_path: The path for the user name. Valid only when
91
+ :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
91
92
  `credential_type` is `iam_user`. Default is `/`.
92
93
  """
93
94
  pulumi.set(__self__, "backend", backend)
@@ -121,7 +122,7 @@ class SecretBackendRoleArgs:
121
122
 
122
123
  @property
123
124
  @pulumi.getter
124
- def backend(self) -> pulumi.Input[str]:
125
+ def backend(self) -> pulumi.Input[builtins.str]:
125
126
  """
126
127
  The path the AWS secret backend is mounted at,
127
128
  with no leading or trailing `/`s.
@@ -129,12 +130,12 @@ class SecretBackendRoleArgs:
129
130
  return pulumi.get(self, "backend")
130
131
 
131
132
  @backend.setter
132
- def backend(self, value: pulumi.Input[str]):
133
+ def backend(self, value: pulumi.Input[builtins.str]):
133
134
  pulumi.set(self, "backend", value)
134
135
 
135
136
  @property
136
137
  @pulumi.getter(name="credentialType")
137
- def credential_type(self) -> pulumi.Input[str]:
138
+ def credential_type(self) -> pulumi.Input[builtins.str]:
138
139
  """
139
140
  Specifies the type of credential to be used when
140
141
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
@@ -143,12 +144,12 @@ class SecretBackendRoleArgs:
143
144
  return pulumi.get(self, "credential_type")
144
145
 
145
146
  @credential_type.setter
146
- def credential_type(self, value: pulumi.Input[str]):
147
+ def credential_type(self, value: pulumi.Input[builtins.str]):
147
148
  pulumi.set(self, "credential_type", value)
148
149
 
149
150
  @property
150
151
  @pulumi.getter(name="defaultStsTtl")
151
- def default_sts_ttl(self) -> Optional[pulumi.Input[int]]:
152
+ def default_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
152
153
  """
153
154
  The default TTL in seconds for STS credentials.
154
155
  When a TTL is not specified when STS credentials are requested,
@@ -159,12 +160,12 @@ class SecretBackendRoleArgs:
159
160
  return pulumi.get(self, "default_sts_ttl")
160
161
 
161
162
  @default_sts_ttl.setter
162
- def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
163
+ def default_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
163
164
  pulumi.set(self, "default_sts_ttl", value)
164
165
 
165
166
  @property
166
167
  @pulumi.getter(name="externalId")
167
- def external_id(self) -> Optional[pulumi.Input[str]]:
168
+ def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
168
169
  """
169
170
  External ID to set for assume role creds.
170
171
  Valid only when `credential_type` is set to `assumed_role`.
@@ -172,12 +173,12 @@ class SecretBackendRoleArgs:
172
173
  return pulumi.get(self, "external_id")
173
174
 
174
175
  @external_id.setter
175
- def external_id(self, value: Optional[pulumi.Input[str]]):
176
+ def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
176
177
  pulumi.set(self, "external_id", value)
177
178
 
178
179
  @property
179
180
  @pulumi.getter(name="iamGroups")
180
- def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
181
+ def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
181
182
  """
182
183
  A list of IAM group names. IAM users generated
183
184
  against this vault role will be added to these IAM Groups. For a credential
@@ -189,12 +190,12 @@ class SecretBackendRoleArgs:
189
190
  return pulumi.get(self, "iam_groups")
190
191
 
191
192
  @iam_groups.setter
192
- def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
193
+ def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
193
194
  pulumi.set(self, "iam_groups", value)
194
195
 
195
196
  @property
196
197
  @pulumi.getter(name="iamTags")
197
- def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
198
+ def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
198
199
  """
199
200
  A map of strings representing key/value pairs
200
201
  to be used as tags for any IAM user that is created by this role.
@@ -202,12 +203,12 @@ class SecretBackendRoleArgs:
202
203
  return pulumi.get(self, "iam_tags")
203
204
 
204
205
  @iam_tags.setter
205
- def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
206
+ def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
206
207
  pulumi.set(self, "iam_tags", value)
207
208
 
208
209
  @property
209
210
  @pulumi.getter(name="maxStsTtl")
210
- def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
211
+ def max_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
211
212
  """
212
213
  The max allowed TTL in seconds for STS credentials
213
214
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
@@ -216,12 +217,12 @@ class SecretBackendRoleArgs:
216
217
  return pulumi.get(self, "max_sts_ttl")
217
218
 
218
219
  @max_sts_ttl.setter
219
- def max_sts_ttl(self, value: Optional[pulumi.Input[int]]):
220
+ def max_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
220
221
  pulumi.set(self, "max_sts_ttl", value)
221
222
 
222
223
  @property
223
224
  @pulumi.getter
224
- def name(self) -> Optional[pulumi.Input[str]]:
225
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
225
226
  """
226
227
  The name to identify this role within the backend.
227
228
  Must be unique within the backend.
@@ -229,12 +230,12 @@ class SecretBackendRoleArgs:
229
230
  return pulumi.get(self, "name")
230
231
 
231
232
  @name.setter
232
- def name(self, value: Optional[pulumi.Input[str]]):
233
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
233
234
  pulumi.set(self, "name", value)
234
235
 
235
236
  @property
236
237
  @pulumi.getter
237
- def namespace(self) -> Optional[pulumi.Input[str]]:
238
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
238
239
  """
239
240
  The namespace to provision the resource in.
240
241
  The value should not contain leading or trailing forward slashes.
@@ -244,12 +245,12 @@ class SecretBackendRoleArgs:
244
245
  return pulumi.get(self, "namespace")
245
246
 
246
247
  @namespace.setter
247
- def namespace(self, value: Optional[pulumi.Input[str]]):
248
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
248
249
  pulumi.set(self, "namespace", value)
249
250
 
250
251
  @property
251
252
  @pulumi.getter(name="permissionsBoundaryArn")
252
- def permissions_boundary_arn(self) -> Optional[pulumi.Input[str]]:
253
+ def permissions_boundary_arn(self) -> Optional[pulumi.Input[builtins.str]]:
253
254
  """
254
255
  The ARN of the AWS Permissions
255
256
  Boundary to attach to IAM users created in the role. Valid only when
@@ -259,12 +260,12 @@ class SecretBackendRoleArgs:
259
260
  return pulumi.get(self, "permissions_boundary_arn")
260
261
 
261
262
  @permissions_boundary_arn.setter
262
- def permissions_boundary_arn(self, value: Optional[pulumi.Input[str]]):
263
+ def permissions_boundary_arn(self, value: Optional[pulumi.Input[builtins.str]]):
263
264
  pulumi.set(self, "permissions_boundary_arn", value)
264
265
 
265
266
  @property
266
267
  @pulumi.getter(name="policyArns")
267
- def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
268
+ def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
268
269
  """
269
270
  Specifies a list of AWS managed policy ARNs. The
270
271
  behavior depends on the credential type. With `iam_user`, the policies will be
@@ -277,12 +278,12 @@ class SecretBackendRoleArgs:
277
278
  return pulumi.get(self, "policy_arns")
278
279
 
279
280
  @policy_arns.setter
280
- def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
281
+ def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
281
282
  pulumi.set(self, "policy_arns", value)
282
283
 
283
284
  @property
284
285
  @pulumi.getter(name="policyDocument")
285
- def policy_document(self) -> Optional[pulumi.Input[str]]:
286
+ def policy_document(self) -> Optional[pulumi.Input[builtins.str]]:
286
287
  """
287
288
  The IAM policy document for the role. The
288
289
  behavior depends on the credential type. With `iam_user`, the policy document
@@ -293,12 +294,12 @@ class SecretBackendRoleArgs:
293
294
  return pulumi.get(self, "policy_document")
294
295
 
295
296
  @policy_document.setter
296
- def policy_document(self, value: Optional[pulumi.Input[str]]):
297
+ def policy_document(self, value: Optional[pulumi.Input[builtins.str]]):
297
298
  pulumi.set(self, "policy_document", value)
298
299
 
299
300
  @property
300
301
  @pulumi.getter(name="roleArns")
301
- def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
302
+ def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
302
303
  """
303
304
  Specifies the ARNs of the AWS roles this Vault role
304
305
  is allowed to assume. Required when `credential_type` is `assumed_role` and
@@ -307,12 +308,12 @@ class SecretBackendRoleArgs:
307
308
  return pulumi.get(self, "role_arns")
308
309
 
309
310
  @role_arns.setter
310
- def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
311
+ def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
311
312
  pulumi.set(self, "role_arns", value)
312
313
 
313
314
  @property
314
315
  @pulumi.getter(name="sessionTags")
315
- def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
316
+ def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
316
317
  """
317
318
  A map of strings representing key/value pairs to be set
318
319
  during assume role creds creation. Valid only when `credential_type` is set to
@@ -321,12 +322,12 @@ class SecretBackendRoleArgs:
321
322
  return pulumi.get(self, "session_tags")
322
323
 
323
324
  @session_tags.setter
324
- def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
325
+ def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
325
326
  pulumi.set(self, "session_tags", value)
326
327
 
327
328
  @property
328
329
  @pulumi.getter(name="userPath")
329
- def user_path(self) -> Optional[pulumi.Input[str]]:
330
+ def user_path(self) -> Optional[pulumi.Input[builtins.str]]:
330
331
  """
331
332
  The path for the user name. Valid only when
332
333
  `credential_type` is `iam_user`. Default is `/`.
@@ -334,82 +335,82 @@ class SecretBackendRoleArgs:
334
335
  return pulumi.get(self, "user_path")
335
336
 
336
337
  @user_path.setter
337
- def user_path(self, value: Optional[pulumi.Input[str]]):
338
+ def user_path(self, value: Optional[pulumi.Input[builtins.str]]):
338
339
  pulumi.set(self, "user_path", value)
339
340
 
340
341
 
341
342
  @pulumi.input_type
342
343
  class _SecretBackendRoleState:
343
344
  def __init__(__self__, *,
344
- backend: Optional[pulumi.Input[str]] = None,
345
- credential_type: Optional[pulumi.Input[str]] = None,
346
- default_sts_ttl: Optional[pulumi.Input[int]] = None,
347
- external_id: Optional[pulumi.Input[str]] = None,
348
- iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
349
- iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
350
- max_sts_ttl: Optional[pulumi.Input[int]] = None,
351
- name: Optional[pulumi.Input[str]] = None,
352
- namespace: Optional[pulumi.Input[str]] = None,
353
- permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
354
- policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
355
- policy_document: Optional[pulumi.Input[str]] = None,
356
- role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
357
- session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
358
- user_path: Optional[pulumi.Input[str]] = None):
345
+ backend: Optional[pulumi.Input[builtins.str]] = None,
346
+ credential_type: Optional[pulumi.Input[builtins.str]] = None,
347
+ default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
348
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
349
+ iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
350
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
351
+ max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
352
+ name: Optional[pulumi.Input[builtins.str]] = None,
353
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
354
+ permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
355
+ policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
356
+ policy_document: Optional[pulumi.Input[builtins.str]] = None,
357
+ role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
358
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
359
+ user_path: Optional[pulumi.Input[builtins.str]] = None):
359
360
  """
360
361
  Input properties used for looking up and filtering SecretBackendRole resources.
361
- :param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
362
+ :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
362
363
  with no leading or trailing `/`s.
363
- :param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
364
+ :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
364
365
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
365
366
  `federation_token`.
366
- :param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
367
+ :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
367
368
  When a TTL is not specified when STS credentials are requested,
368
369
  and a default TTL is specified on the role,
369
370
  then this default TTL will be used. Valid only when `credential_type` is one of
370
371
  `assumed_role` or `federation_token`.
371
- :param pulumi.Input[str] external_id: External ID to set for assume role creds.
372
+ :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
372
373
  Valid only when `credential_type` is set to `assumed_role`.
373
- :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
374
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
374
375
  against this vault role will be added to these IAM Groups. For a credential
375
376
  type of `assumed_role` or `federation_token`, the policies sent to the
376
377
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
377
378
  policies from each group in `iam_groups` combined with the `policy_document`
378
379
  and `policy_arns` parameters.
379
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
380
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
380
381
  to be used as tags for any IAM user that is created by this role.
381
- :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
382
+ :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
382
383
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
383
384
  one of `assumed_role` or `federation_token`.
384
- :param pulumi.Input[str] name: The name to identify this role within the backend.
385
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
385
386
  Must be unique within the backend.
386
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
387
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
387
388
  The value should not contain leading or trailing forward slashes.
388
389
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
389
390
  *Available only for Vault Enterprise*.
390
- :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
391
+ :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
391
392
  Boundary to attach to IAM users created in the role. Valid only when
392
393
  `credential_type` is `iam_user`. If not specified, then no permissions boundary
393
394
  policy will be attached.
394
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
395
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
395
396
  behavior depends on the credential type. With `iam_user`, the policies will be
396
397
  attached to IAM users when they are requested. With `assumed_role` and
397
398
  `federation_token`, the policy ARNs will act as a filter on what the credentials
398
399
  can do, similar to `policy_document`. When `credential_type` is `iam_user` or
399
400
  `federation_token`, at least one of `policy_document` or `policy_arns` must
400
401
  be specified.
401
- :param pulumi.Input[str] policy_document: The IAM policy document for the role. The
402
+ :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
402
403
  behavior depends on the credential type. With `iam_user`, the policy document
403
404
  will be attached to the IAM user generated and augment the permissions the IAM
404
405
  user has. With `assumed_role` and `federation_token`, the policy document will
405
406
  act as a filter on what the credentials can do, similar to `policy_arns`.
406
- :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
407
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
407
408
  is allowed to assume. Required when `credential_type` is `assumed_role` and
408
409
  prohibited otherwise.
409
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
410
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
410
411
  during assume role creds creation. Valid only when `credential_type` is set to
411
412
  `assumed_role`.
412
- :param pulumi.Input[str] user_path: The path for the user name. Valid only when
413
+ :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
413
414
  `credential_type` is `iam_user`. Default is `/`.
414
415
  """
415
416
  if backend is not None:
@@ -445,7 +446,7 @@ class _SecretBackendRoleState:
445
446
 
446
447
  @property
447
448
  @pulumi.getter
448
- def backend(self) -> Optional[pulumi.Input[str]]:
449
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
449
450
  """
450
451
  The path the AWS secret backend is mounted at,
451
452
  with no leading or trailing `/`s.
@@ -453,12 +454,12 @@ class _SecretBackendRoleState:
453
454
  return pulumi.get(self, "backend")
454
455
 
455
456
  @backend.setter
456
- def backend(self, value: Optional[pulumi.Input[str]]):
457
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
457
458
  pulumi.set(self, "backend", value)
458
459
 
459
460
  @property
460
461
  @pulumi.getter(name="credentialType")
461
- def credential_type(self) -> Optional[pulumi.Input[str]]:
462
+ def credential_type(self) -> Optional[pulumi.Input[builtins.str]]:
462
463
  """
463
464
  Specifies the type of credential to be used when
464
465
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
@@ -467,12 +468,12 @@ class _SecretBackendRoleState:
467
468
  return pulumi.get(self, "credential_type")
468
469
 
469
470
  @credential_type.setter
470
- def credential_type(self, value: Optional[pulumi.Input[str]]):
471
+ def credential_type(self, value: Optional[pulumi.Input[builtins.str]]):
471
472
  pulumi.set(self, "credential_type", value)
472
473
 
473
474
  @property
474
475
  @pulumi.getter(name="defaultStsTtl")
475
- def default_sts_ttl(self) -> Optional[pulumi.Input[int]]:
476
+ def default_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
476
477
  """
477
478
  The default TTL in seconds for STS credentials.
478
479
  When a TTL is not specified when STS credentials are requested,
@@ -483,12 +484,12 @@ class _SecretBackendRoleState:
483
484
  return pulumi.get(self, "default_sts_ttl")
484
485
 
485
486
  @default_sts_ttl.setter
486
- def default_sts_ttl(self, value: Optional[pulumi.Input[int]]):
487
+ def default_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
487
488
  pulumi.set(self, "default_sts_ttl", value)
488
489
 
489
490
  @property
490
491
  @pulumi.getter(name="externalId")
491
- def external_id(self) -> Optional[pulumi.Input[str]]:
492
+ def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
492
493
  """
493
494
  External ID to set for assume role creds.
494
495
  Valid only when `credential_type` is set to `assumed_role`.
@@ -496,12 +497,12 @@ class _SecretBackendRoleState:
496
497
  return pulumi.get(self, "external_id")
497
498
 
498
499
  @external_id.setter
499
- def external_id(self, value: Optional[pulumi.Input[str]]):
500
+ def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
500
501
  pulumi.set(self, "external_id", value)
501
502
 
502
503
  @property
503
504
  @pulumi.getter(name="iamGroups")
504
- def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
505
+ def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
505
506
  """
506
507
  A list of IAM group names. IAM users generated
507
508
  against this vault role will be added to these IAM Groups. For a credential
@@ -513,12 +514,12 @@ class _SecretBackendRoleState:
513
514
  return pulumi.get(self, "iam_groups")
514
515
 
515
516
  @iam_groups.setter
516
- def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
517
+ def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
517
518
  pulumi.set(self, "iam_groups", value)
518
519
 
519
520
  @property
520
521
  @pulumi.getter(name="iamTags")
521
- def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
522
+ def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
522
523
  """
523
524
  A map of strings representing key/value pairs
524
525
  to be used as tags for any IAM user that is created by this role.
@@ -526,12 +527,12 @@ class _SecretBackendRoleState:
526
527
  return pulumi.get(self, "iam_tags")
527
528
 
528
529
  @iam_tags.setter
529
- def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
530
+ def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
530
531
  pulumi.set(self, "iam_tags", value)
531
532
 
532
533
  @property
533
534
  @pulumi.getter(name="maxStsTtl")
534
- def max_sts_ttl(self) -> Optional[pulumi.Input[int]]:
535
+ def max_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
535
536
  """
536
537
  The max allowed TTL in seconds for STS credentials
537
538
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
@@ -540,12 +541,12 @@ class _SecretBackendRoleState:
540
541
  return pulumi.get(self, "max_sts_ttl")
541
542
 
542
543
  @max_sts_ttl.setter
543
- def max_sts_ttl(self, value: Optional[pulumi.Input[int]]):
544
+ def max_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
544
545
  pulumi.set(self, "max_sts_ttl", value)
545
546
 
546
547
  @property
547
548
  @pulumi.getter
548
- def name(self) -> Optional[pulumi.Input[str]]:
549
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
549
550
  """
550
551
  The name to identify this role within the backend.
551
552
  Must be unique within the backend.
@@ -553,12 +554,12 @@ class _SecretBackendRoleState:
553
554
  return pulumi.get(self, "name")
554
555
 
555
556
  @name.setter
556
- def name(self, value: Optional[pulumi.Input[str]]):
557
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
557
558
  pulumi.set(self, "name", value)
558
559
 
559
560
  @property
560
561
  @pulumi.getter
561
- def namespace(self) -> Optional[pulumi.Input[str]]:
562
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
562
563
  """
563
564
  The namespace to provision the resource in.
564
565
  The value should not contain leading or trailing forward slashes.
@@ -568,12 +569,12 @@ class _SecretBackendRoleState:
568
569
  return pulumi.get(self, "namespace")
569
570
 
570
571
  @namespace.setter
571
- def namespace(self, value: Optional[pulumi.Input[str]]):
572
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
572
573
  pulumi.set(self, "namespace", value)
573
574
 
574
575
  @property
575
576
  @pulumi.getter(name="permissionsBoundaryArn")
576
- def permissions_boundary_arn(self) -> Optional[pulumi.Input[str]]:
577
+ def permissions_boundary_arn(self) -> Optional[pulumi.Input[builtins.str]]:
577
578
  """
578
579
  The ARN of the AWS Permissions
579
580
  Boundary to attach to IAM users created in the role. Valid only when
@@ -583,12 +584,12 @@ class _SecretBackendRoleState:
583
584
  return pulumi.get(self, "permissions_boundary_arn")
584
585
 
585
586
  @permissions_boundary_arn.setter
586
- def permissions_boundary_arn(self, value: Optional[pulumi.Input[str]]):
587
+ def permissions_boundary_arn(self, value: Optional[pulumi.Input[builtins.str]]):
587
588
  pulumi.set(self, "permissions_boundary_arn", value)
588
589
 
589
590
  @property
590
591
  @pulumi.getter(name="policyArns")
591
- def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
592
+ def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
592
593
  """
593
594
  Specifies a list of AWS managed policy ARNs. The
594
595
  behavior depends on the credential type. With `iam_user`, the policies will be
@@ -601,12 +602,12 @@ class _SecretBackendRoleState:
601
602
  return pulumi.get(self, "policy_arns")
602
603
 
603
604
  @policy_arns.setter
604
- def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
605
+ def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
605
606
  pulumi.set(self, "policy_arns", value)
606
607
 
607
608
  @property
608
609
  @pulumi.getter(name="policyDocument")
609
- def policy_document(self) -> Optional[pulumi.Input[str]]:
610
+ def policy_document(self) -> Optional[pulumi.Input[builtins.str]]:
610
611
  """
611
612
  The IAM policy document for the role. The
612
613
  behavior depends on the credential type. With `iam_user`, the policy document
@@ -617,12 +618,12 @@ class _SecretBackendRoleState:
617
618
  return pulumi.get(self, "policy_document")
618
619
 
619
620
  @policy_document.setter
620
- def policy_document(self, value: Optional[pulumi.Input[str]]):
621
+ def policy_document(self, value: Optional[pulumi.Input[builtins.str]]):
621
622
  pulumi.set(self, "policy_document", value)
622
623
 
623
624
  @property
624
625
  @pulumi.getter(name="roleArns")
625
- def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
626
+ def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
626
627
  """
627
628
  Specifies the ARNs of the AWS roles this Vault role
628
629
  is allowed to assume. Required when `credential_type` is `assumed_role` and
@@ -631,12 +632,12 @@ class _SecretBackendRoleState:
631
632
  return pulumi.get(self, "role_arns")
632
633
 
633
634
  @role_arns.setter
634
- def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
635
+ def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
635
636
  pulumi.set(self, "role_arns", value)
636
637
 
637
638
  @property
638
639
  @pulumi.getter(name="sessionTags")
639
- def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
640
+ def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
640
641
  """
641
642
  A map of strings representing key/value pairs to be set
642
643
  during assume role creds creation. Valid only when `credential_type` is set to
@@ -645,12 +646,12 @@ class _SecretBackendRoleState:
645
646
  return pulumi.get(self, "session_tags")
646
647
 
647
648
  @session_tags.setter
648
- def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
649
+ def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
649
650
  pulumi.set(self, "session_tags", value)
650
651
 
651
652
  @property
652
653
  @pulumi.getter(name="userPath")
653
- def user_path(self) -> Optional[pulumi.Input[str]]:
654
+ def user_path(self) -> Optional[pulumi.Input[builtins.str]]:
654
655
  """
655
656
  The path for the user name. Valid only when
656
657
  `credential_type` is `iam_user`. Default is `/`.
@@ -658,7 +659,7 @@ class _SecretBackendRoleState:
658
659
  return pulumi.get(self, "user_path")
659
660
 
660
661
  @user_path.setter
661
- def user_path(self, value: Optional[pulumi.Input[str]]):
662
+ def user_path(self, value: Optional[pulumi.Input[builtins.str]]):
662
663
  pulumi.set(self, "user_path", value)
663
664
 
664
665
 
@@ -667,21 +668,21 @@ class SecretBackendRole(pulumi.CustomResource):
667
668
  def __init__(__self__,
668
669
  resource_name: str,
669
670
  opts: Optional[pulumi.ResourceOptions] = None,
670
- backend: Optional[pulumi.Input[str]] = None,
671
- credential_type: Optional[pulumi.Input[str]] = None,
672
- default_sts_ttl: Optional[pulumi.Input[int]] = None,
673
- external_id: Optional[pulumi.Input[str]] = None,
674
- iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
675
- iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
676
- max_sts_ttl: Optional[pulumi.Input[int]] = None,
677
- name: Optional[pulumi.Input[str]] = None,
678
- namespace: Optional[pulumi.Input[str]] = None,
679
- permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
680
- policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
681
- policy_document: Optional[pulumi.Input[str]] = None,
682
- role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
683
- session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
684
- user_path: Optional[pulumi.Input[str]] = None,
671
+ backend: Optional[pulumi.Input[builtins.str]] = None,
672
+ credential_type: Optional[pulumi.Input[builtins.str]] = None,
673
+ default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
674
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
675
+ iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
676
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
677
+ max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
678
+ name: Optional[pulumi.Input[builtins.str]] = None,
679
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
680
+ permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
681
+ policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
682
+ policy_document: Optional[pulumi.Input[builtins.str]] = None,
683
+ role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
684
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
685
+ user_path: Optional[pulumi.Input[builtins.str]] = None,
685
686
  __props__=None):
686
687
  """
687
688
  ## Example Usage
@@ -720,58 +721,58 @@ class SecretBackendRole(pulumi.CustomResource):
720
721
 
721
722
  :param str resource_name: The name of the resource.
722
723
  :param pulumi.ResourceOptions opts: Options for the resource.
723
- :param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
724
+ :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
724
725
  with no leading or trailing `/`s.
725
- :param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
726
+ :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
726
727
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
727
728
  `federation_token`.
728
- :param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
729
+ :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
729
730
  When a TTL is not specified when STS credentials are requested,
730
731
  and a default TTL is specified on the role,
731
732
  then this default TTL will be used. Valid only when `credential_type` is one of
732
733
  `assumed_role` or `federation_token`.
733
- :param pulumi.Input[str] external_id: External ID to set for assume role creds.
734
+ :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
734
735
  Valid only when `credential_type` is set to `assumed_role`.
735
- :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
736
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
736
737
  against this vault role will be added to these IAM Groups. For a credential
737
738
  type of `assumed_role` or `federation_token`, the policies sent to the
738
739
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
739
740
  policies from each group in `iam_groups` combined with the `policy_document`
740
741
  and `policy_arns` parameters.
741
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
742
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
742
743
  to be used as tags for any IAM user that is created by this role.
743
- :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
744
+ :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
744
745
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
745
746
  one of `assumed_role` or `federation_token`.
746
- :param pulumi.Input[str] name: The name to identify this role within the backend.
747
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
747
748
  Must be unique within the backend.
748
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
749
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
749
750
  The value should not contain leading or trailing forward slashes.
750
751
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
751
752
  *Available only for Vault Enterprise*.
752
- :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
753
+ :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
753
754
  Boundary to attach to IAM users created in the role. Valid only when
754
755
  `credential_type` is `iam_user`. If not specified, then no permissions boundary
755
756
  policy will be attached.
756
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
757
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
757
758
  behavior depends on the credential type. With `iam_user`, the policies will be
758
759
  attached to IAM users when they are requested. With `assumed_role` and
759
760
  `federation_token`, the policy ARNs will act as a filter on what the credentials
760
761
  can do, similar to `policy_document`. When `credential_type` is `iam_user` or
761
762
  `federation_token`, at least one of `policy_document` or `policy_arns` must
762
763
  be specified.
763
- :param pulumi.Input[str] policy_document: The IAM policy document for the role. The
764
+ :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
764
765
  behavior depends on the credential type. With `iam_user`, the policy document
765
766
  will be attached to the IAM user generated and augment the permissions the IAM
766
767
  user has. With `assumed_role` and `federation_token`, the policy document will
767
768
  act as a filter on what the credentials can do, similar to `policy_arns`.
768
- :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
769
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
769
770
  is allowed to assume. Required when `credential_type` is `assumed_role` and
770
771
  prohibited otherwise.
771
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
772
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
772
773
  during assume role creds creation. Valid only when `credential_type` is set to
773
774
  `assumed_role`.
774
- :param pulumi.Input[str] user_path: The path for the user name. Valid only when
775
+ :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
775
776
  `credential_type` is `iam_user`. Default is `/`.
776
777
  """
777
778
  ...
@@ -830,21 +831,21 @@ class SecretBackendRole(pulumi.CustomResource):
830
831
  def _internal_init(__self__,
831
832
  resource_name: str,
832
833
  opts: Optional[pulumi.ResourceOptions] = None,
833
- backend: Optional[pulumi.Input[str]] = None,
834
- credential_type: Optional[pulumi.Input[str]] = None,
835
- default_sts_ttl: Optional[pulumi.Input[int]] = None,
836
- external_id: Optional[pulumi.Input[str]] = None,
837
- iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
838
- iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
839
- max_sts_ttl: Optional[pulumi.Input[int]] = None,
840
- name: Optional[pulumi.Input[str]] = None,
841
- namespace: Optional[pulumi.Input[str]] = None,
842
- permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
843
- policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
844
- policy_document: Optional[pulumi.Input[str]] = None,
845
- role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
846
- session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
847
- user_path: Optional[pulumi.Input[str]] = None,
834
+ backend: Optional[pulumi.Input[builtins.str]] = None,
835
+ credential_type: Optional[pulumi.Input[builtins.str]] = None,
836
+ default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
837
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
838
+ iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
839
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
840
+ max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
841
+ name: Optional[pulumi.Input[builtins.str]] = None,
842
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
843
+ permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
844
+ policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
845
+ policy_document: Optional[pulumi.Input[builtins.str]] = None,
846
+ role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
847
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
848
+ user_path: Optional[pulumi.Input[builtins.str]] = None,
848
849
  __props__=None):
849
850
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
850
851
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -883,21 +884,21 @@ class SecretBackendRole(pulumi.CustomResource):
883
884
  def get(resource_name: str,
884
885
  id: pulumi.Input[str],
885
886
  opts: Optional[pulumi.ResourceOptions] = None,
886
- backend: Optional[pulumi.Input[str]] = None,
887
- credential_type: Optional[pulumi.Input[str]] = None,
888
- default_sts_ttl: Optional[pulumi.Input[int]] = None,
889
- external_id: Optional[pulumi.Input[str]] = None,
890
- iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
891
- iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
892
- max_sts_ttl: Optional[pulumi.Input[int]] = None,
893
- name: Optional[pulumi.Input[str]] = None,
894
- namespace: Optional[pulumi.Input[str]] = None,
895
- permissions_boundary_arn: Optional[pulumi.Input[str]] = None,
896
- policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
897
- policy_document: Optional[pulumi.Input[str]] = None,
898
- role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
899
- session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
900
- user_path: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
887
+ backend: Optional[pulumi.Input[builtins.str]] = None,
888
+ credential_type: Optional[pulumi.Input[builtins.str]] = None,
889
+ default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
890
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
891
+ iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
892
+ iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
893
+ max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
894
+ name: Optional[pulumi.Input[builtins.str]] = None,
895
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
896
+ permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
897
+ policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
898
+ policy_document: Optional[pulumi.Input[builtins.str]] = None,
899
+ role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
900
+ session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
901
+ user_path: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendRole':
901
902
  """
902
903
  Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
903
904
  properties used to qualify the lookup.
@@ -905,58 +906,58 @@ class SecretBackendRole(pulumi.CustomResource):
905
906
  :param str resource_name: The unique name of the resulting resource.
906
907
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
907
908
  :param pulumi.ResourceOptions opts: Options for the resource.
908
- :param pulumi.Input[str] backend: The path the AWS secret backend is mounted at,
909
+ :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
909
910
  with no leading or trailing `/`s.
910
- :param pulumi.Input[str] credential_type: Specifies the type of credential to be used when
911
+ :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
911
912
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
912
913
  `federation_token`.
913
- :param pulumi.Input[int] default_sts_ttl: The default TTL in seconds for STS credentials.
914
+ :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
914
915
  When a TTL is not specified when STS credentials are requested,
915
916
  and a default TTL is specified on the role,
916
917
  then this default TTL will be used. Valid only when `credential_type` is one of
917
918
  `assumed_role` or `federation_token`.
918
- :param pulumi.Input[str] external_id: External ID to set for assume role creds.
919
+ :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds.
919
920
  Valid only when `credential_type` is set to `assumed_role`.
920
- :param pulumi.Input[Sequence[pulumi.Input[str]]] iam_groups: A list of IAM group names. IAM users generated
921
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
921
922
  against this vault role will be added to these IAM Groups. For a credential
922
923
  type of `assumed_role` or `federation_token`, the policies sent to the
923
924
  corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
924
925
  policies from each group in `iam_groups` combined with the `policy_document`
925
926
  and `policy_arns` parameters.
926
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] iam_tags: A map of strings representing key/value pairs
927
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
927
928
  to be used as tags for any IAM user that is created by this role.
928
- :param pulumi.Input[int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
929
+ :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
929
930
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
930
931
  one of `assumed_role` or `federation_token`.
931
- :param pulumi.Input[str] name: The name to identify this role within the backend.
932
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
932
933
  Must be unique within the backend.
933
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
934
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
934
935
  The value should not contain leading or trailing forward slashes.
935
936
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
936
937
  *Available only for Vault Enterprise*.
937
- :param pulumi.Input[str] permissions_boundary_arn: The ARN of the AWS Permissions
938
+ :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions
938
939
  Boundary to attach to IAM users created in the role. Valid only when
939
940
  `credential_type` is `iam_user`. If not specified, then no permissions boundary
940
941
  policy will be attached.
941
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
942
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
942
943
  behavior depends on the credential type. With `iam_user`, the policies will be
943
944
  attached to IAM users when they are requested. With `assumed_role` and
944
945
  `federation_token`, the policy ARNs will act as a filter on what the credentials
945
946
  can do, similar to `policy_document`. When `credential_type` is `iam_user` or
946
947
  `federation_token`, at least one of `policy_document` or `policy_arns` must
947
948
  be specified.
948
- :param pulumi.Input[str] policy_document: The IAM policy document for the role. The
949
+ :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
949
950
  behavior depends on the credential type. With `iam_user`, the policy document
950
951
  will be attached to the IAM user generated and augment the permissions the IAM
951
952
  user has. With `assumed_role` and `federation_token`, the policy document will
952
953
  act as a filter on what the credentials can do, similar to `policy_arns`.
953
- :param pulumi.Input[Sequence[pulumi.Input[str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
954
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
954
955
  is allowed to assume. Required when `credential_type` is `assumed_role` and
955
956
  prohibited otherwise.
956
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] session_tags: A map of strings representing key/value pairs to be set
957
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
957
958
  during assume role creds creation. Valid only when `credential_type` is set to
958
959
  `assumed_role`.
959
- :param pulumi.Input[str] user_path: The path for the user name. Valid only when
960
+ :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when
960
961
  `credential_type` is `iam_user`. Default is `/`.
961
962
  """
962
963
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -982,7 +983,7 @@ class SecretBackendRole(pulumi.CustomResource):
982
983
 
983
984
  @property
984
985
  @pulumi.getter
985
- def backend(self) -> pulumi.Output[str]:
986
+ def backend(self) -> pulumi.Output[builtins.str]:
986
987
  """
987
988
  The path the AWS secret backend is mounted at,
988
989
  with no leading or trailing `/`s.
@@ -991,7 +992,7 @@ class SecretBackendRole(pulumi.CustomResource):
991
992
 
992
993
  @property
993
994
  @pulumi.getter(name="credentialType")
994
- def credential_type(self) -> pulumi.Output[str]:
995
+ def credential_type(self) -> pulumi.Output[builtins.str]:
995
996
  """
996
997
  Specifies the type of credential to be used when
997
998
  retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
@@ -1001,7 +1002,7 @@ class SecretBackendRole(pulumi.CustomResource):
1001
1002
 
1002
1003
  @property
1003
1004
  @pulumi.getter(name="defaultStsTtl")
1004
- def default_sts_ttl(self) -> pulumi.Output[int]:
1005
+ def default_sts_ttl(self) -> pulumi.Output[builtins.int]:
1005
1006
  """
1006
1007
  The default TTL in seconds for STS credentials.
1007
1008
  When a TTL is not specified when STS credentials are requested,
@@ -1013,7 +1014,7 @@ class SecretBackendRole(pulumi.CustomResource):
1013
1014
 
1014
1015
  @property
1015
1016
  @pulumi.getter(name="externalId")
1016
- def external_id(self) -> pulumi.Output[Optional[str]]:
1017
+ def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
1017
1018
  """
1018
1019
  External ID to set for assume role creds.
1019
1020
  Valid only when `credential_type` is set to `assumed_role`.
@@ -1022,7 +1023,7 @@ class SecretBackendRole(pulumi.CustomResource):
1022
1023
 
1023
1024
  @property
1024
1025
  @pulumi.getter(name="iamGroups")
1025
- def iam_groups(self) -> pulumi.Output[Optional[Sequence[str]]]:
1026
+ def iam_groups(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1026
1027
  """
1027
1028
  A list of IAM group names. IAM users generated
1028
1029
  against this vault role will be added to these IAM Groups. For a credential
@@ -1035,7 +1036,7 @@ class SecretBackendRole(pulumi.CustomResource):
1035
1036
 
1036
1037
  @property
1037
1038
  @pulumi.getter(name="iamTags")
1038
- def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1039
+ def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
1039
1040
  """
1040
1041
  A map of strings representing key/value pairs
1041
1042
  to be used as tags for any IAM user that is created by this role.
@@ -1044,7 +1045,7 @@ class SecretBackendRole(pulumi.CustomResource):
1044
1045
 
1045
1046
  @property
1046
1047
  @pulumi.getter(name="maxStsTtl")
1047
- def max_sts_ttl(self) -> pulumi.Output[int]:
1048
+ def max_sts_ttl(self) -> pulumi.Output[builtins.int]:
1048
1049
  """
1049
1050
  The max allowed TTL in seconds for STS credentials
1050
1051
  (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
@@ -1054,7 +1055,7 @@ class SecretBackendRole(pulumi.CustomResource):
1054
1055
 
1055
1056
  @property
1056
1057
  @pulumi.getter
1057
- def name(self) -> pulumi.Output[str]:
1058
+ def name(self) -> pulumi.Output[builtins.str]:
1058
1059
  """
1059
1060
  The name to identify this role within the backend.
1060
1061
  Must be unique within the backend.
@@ -1063,7 +1064,7 @@ class SecretBackendRole(pulumi.CustomResource):
1063
1064
 
1064
1065
  @property
1065
1066
  @pulumi.getter
1066
- def namespace(self) -> pulumi.Output[Optional[str]]:
1067
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1067
1068
  """
1068
1069
  The namespace to provision the resource in.
1069
1070
  The value should not contain leading or trailing forward slashes.
@@ -1074,7 +1075,7 @@ class SecretBackendRole(pulumi.CustomResource):
1074
1075
 
1075
1076
  @property
1076
1077
  @pulumi.getter(name="permissionsBoundaryArn")
1077
- def permissions_boundary_arn(self) -> pulumi.Output[Optional[str]]:
1078
+ def permissions_boundary_arn(self) -> pulumi.Output[Optional[builtins.str]]:
1078
1079
  """
1079
1080
  The ARN of the AWS Permissions
1080
1081
  Boundary to attach to IAM users created in the role. Valid only when
@@ -1085,7 +1086,7 @@ class SecretBackendRole(pulumi.CustomResource):
1085
1086
 
1086
1087
  @property
1087
1088
  @pulumi.getter(name="policyArns")
1088
- def policy_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
1089
+ def policy_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1089
1090
  """
1090
1091
  Specifies a list of AWS managed policy ARNs. The
1091
1092
  behavior depends on the credential type. With `iam_user`, the policies will be
@@ -1099,7 +1100,7 @@ class SecretBackendRole(pulumi.CustomResource):
1099
1100
 
1100
1101
  @property
1101
1102
  @pulumi.getter(name="policyDocument")
1102
- def policy_document(self) -> pulumi.Output[Optional[str]]:
1103
+ def policy_document(self) -> pulumi.Output[Optional[builtins.str]]:
1103
1104
  """
1104
1105
  The IAM policy document for the role. The
1105
1106
  behavior depends on the credential type. With `iam_user`, the policy document
@@ -1111,7 +1112,7 @@ class SecretBackendRole(pulumi.CustomResource):
1111
1112
 
1112
1113
  @property
1113
1114
  @pulumi.getter(name="roleArns")
1114
- def role_arns(self) -> pulumi.Output[Optional[Sequence[str]]]:
1115
+ def role_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1115
1116
  """
1116
1117
  Specifies the ARNs of the AWS roles this Vault role
1117
1118
  is allowed to assume. Required when `credential_type` is `assumed_role` and
@@ -1121,7 +1122,7 @@ class SecretBackendRole(pulumi.CustomResource):
1121
1122
 
1122
1123
  @property
1123
1124
  @pulumi.getter(name="sessionTags")
1124
- def session_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1125
+ def session_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
1125
1126
  """
1126
1127
  A map of strings representing key/value pairs to be set
1127
1128
  during assume role creds creation. Valid only when `credential_type` is set to
@@ -1131,7 +1132,7 @@ class SecretBackendRole(pulumi.CustomResource):
1131
1132
 
1132
1133
  @property
1133
1134
  @pulumi.getter(name="userPath")
1134
- def user_path(self) -> pulumi.Output[Optional[str]]:
1135
+ def user_path(self) -> pulumi.Output[Optional[builtins.str]]:
1135
1136
  """
1136
1137
  The path for the user name. Valid only when
1137
1138
  `credential_type` is `iam_user`. Default is `/`.