pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +1 -0
  2. pulumi_vault/_inputs.py +554 -553
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +253 -252
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +337 -336
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +113 -112
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +183 -182
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +239 -238
  38. pulumi_vault/azure/backend_role.py +141 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +2525 -2524
  53. pulumi_vault/database/outputs.py +1529 -1528
  54. pulumi_vault/database/secret_backend_connection.py +169 -168
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +179 -178
  57. pulumi_vault/database/secrets_mount.py +267 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +260 -259
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +232 -231
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +8 -7
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +588 -587
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +554 -553
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +56 -55
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +1 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -30
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +141 -140
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -27
  191. pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +715 -714
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
  203. pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +1 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +93 -92
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +1 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +54 -53
  257. pulumi_vault/transit/get_verify.py +60 -59
  258. pulumi_vault/transit/secret_backend_key.py +274 -273
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
  261. pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
  262. pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
  263. {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
  264. {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,45 +20,45 @@ __all__ = ['SyncAwsDestinationArgs', 'SyncAwsDestination']
19
20
  @pulumi.input_type
20
21
  class SyncAwsDestinationArgs:
21
22
  def __init__(__self__, *,
22
- access_key_id: Optional[pulumi.Input[str]] = None,
23
- custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
24
- external_id: Optional[pulumi.Input[str]] = None,
25
- granularity: Optional[pulumi.Input[str]] = None,
26
- name: Optional[pulumi.Input[str]] = None,
27
- namespace: Optional[pulumi.Input[str]] = None,
28
- region: Optional[pulumi.Input[str]] = None,
29
- role_arn: Optional[pulumi.Input[str]] = None,
30
- secret_access_key: Optional[pulumi.Input[str]] = None,
31
- secret_name_template: Optional[pulumi.Input[str]] = None):
23
+ access_key_id: Optional[pulumi.Input[builtins.str]] = None,
24
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
25
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
26
+ granularity: Optional[pulumi.Input[builtins.str]] = None,
27
+ name: Optional[pulumi.Input[builtins.str]] = None,
28
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
29
+ region: Optional[pulumi.Input[builtins.str]] = None,
30
+ role_arn: Optional[pulumi.Input[builtins.str]] = None,
31
+ secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
32
+ secret_name_template: Optional[pulumi.Input[builtins.str]] = None):
32
33
  """
33
34
  The set of arguments for constructing a SyncAwsDestination resource.
34
- :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
35
+ :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
35
36
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
36
37
  variable.
37
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
38
- :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
38
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
39
+ :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
39
40
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
40
41
  The field is mutable with no special condition, but users must be careful that the new value fits with the trust
41
42
  relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
42
43
  denied errors. Ignored if the `role_arn` field is empty.
43
- :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
44
+ :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
44
45
  at the destination. Supports `secret-path` and `secret-key`.
45
- :param pulumi.Input[str] name: Unique name of the AWS destination.
46
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
46
+ :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
47
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
47
48
  The value should not contain leading or trailing forward slashes.
48
49
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
49
- :param pulumi.Input[str] region: Region where to manage the secrets manager entries.
50
+ :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
50
51
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
51
52
  variable.
52
- :param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
53
+ :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
53
54
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
54
55
  exist for Vault to be able to assume this role. The role can be in a different account.
55
56
  The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
56
57
  It is possible to provide both an access key pair and a role to assume.
57
- :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
58
+ :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
58
59
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
59
60
  variable.
60
- :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
61
+ :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
61
62
  Supports a subset of the Go Template syntax.
62
63
  """
63
64
  if access_key_id is not None:
@@ -83,7 +84,7 @@ class SyncAwsDestinationArgs:
83
84
 
84
85
  @property
85
86
  @pulumi.getter(name="accessKeyId")
86
- def access_key_id(self) -> Optional[pulumi.Input[str]]:
87
+ def access_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
87
88
  """
88
89
  Access key id to authenticate against the AWS secrets manager.
89
90
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
@@ -92,24 +93,24 @@ class SyncAwsDestinationArgs:
92
93
  return pulumi.get(self, "access_key_id")
93
94
 
94
95
  @access_key_id.setter
95
- def access_key_id(self, value: Optional[pulumi.Input[str]]):
96
+ def access_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
96
97
  pulumi.set(self, "access_key_id", value)
97
98
 
98
99
  @property
99
100
  @pulumi.getter(name="customTags")
100
- def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
101
+ def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
101
102
  """
102
103
  Custom tags to set on the secret managed at the destination.
103
104
  """
104
105
  return pulumi.get(self, "custom_tags")
105
106
 
106
107
  @custom_tags.setter
107
- def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
108
+ def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
108
109
  pulumi.set(self, "custom_tags", value)
109
110
 
110
111
  @property
111
112
  @pulumi.getter(name="externalId")
112
- def external_id(self) -> Optional[pulumi.Input[str]]:
113
+ def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
113
114
  """
114
115
  Optional extra protection that must match the trust policy granting access to the
115
116
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
@@ -120,12 +121,12 @@ class SyncAwsDestinationArgs:
120
121
  return pulumi.get(self, "external_id")
121
122
 
122
123
  @external_id.setter
123
- def external_id(self, value: Optional[pulumi.Input[str]]):
124
+ def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
124
125
  pulumi.set(self, "external_id", value)
125
126
 
126
127
  @property
127
128
  @pulumi.getter
128
- def granularity(self) -> Optional[pulumi.Input[str]]:
129
+ def granularity(self) -> Optional[pulumi.Input[builtins.str]]:
129
130
  """
130
131
  Determines what level of information is synced as a distinct resource
131
132
  at the destination. Supports `secret-path` and `secret-key`.
@@ -133,24 +134,24 @@ class SyncAwsDestinationArgs:
133
134
  return pulumi.get(self, "granularity")
134
135
 
135
136
  @granularity.setter
136
- def granularity(self, value: Optional[pulumi.Input[str]]):
137
+ def granularity(self, value: Optional[pulumi.Input[builtins.str]]):
137
138
  pulumi.set(self, "granularity", value)
138
139
 
139
140
  @property
140
141
  @pulumi.getter
141
- def name(self) -> Optional[pulumi.Input[str]]:
142
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
142
143
  """
143
144
  Unique name of the AWS destination.
144
145
  """
145
146
  return pulumi.get(self, "name")
146
147
 
147
148
  @name.setter
148
- def name(self, value: Optional[pulumi.Input[str]]):
149
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
149
150
  pulumi.set(self, "name", value)
150
151
 
151
152
  @property
152
153
  @pulumi.getter
153
- def namespace(self) -> Optional[pulumi.Input[str]]:
154
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
154
155
  """
155
156
  The namespace to provision the resource in.
156
157
  The value should not contain leading or trailing forward slashes.
@@ -159,12 +160,12 @@ class SyncAwsDestinationArgs:
159
160
  return pulumi.get(self, "namespace")
160
161
 
161
162
  @namespace.setter
162
- def namespace(self, value: Optional[pulumi.Input[str]]):
163
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
163
164
  pulumi.set(self, "namespace", value)
164
165
 
165
166
  @property
166
167
  @pulumi.getter
167
- def region(self) -> Optional[pulumi.Input[str]]:
168
+ def region(self) -> Optional[pulumi.Input[builtins.str]]:
168
169
  """
169
170
  Region where to manage the secrets manager entries.
170
171
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
@@ -173,12 +174,12 @@ class SyncAwsDestinationArgs:
173
174
  return pulumi.get(self, "region")
174
175
 
175
176
  @region.setter
176
- def region(self, value: Optional[pulumi.Input[str]]):
177
+ def region(self, value: Optional[pulumi.Input[builtins.str]]):
177
178
  pulumi.set(self, "region", value)
178
179
 
179
180
  @property
180
181
  @pulumi.getter(name="roleArn")
181
- def role_arn(self) -> Optional[pulumi.Input[str]]:
182
+ def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
182
183
  """
183
184
  Specifies a role to assume when connecting to AWS. When assuming a role,
184
185
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
@@ -189,12 +190,12 @@ class SyncAwsDestinationArgs:
189
190
  return pulumi.get(self, "role_arn")
190
191
 
191
192
  @role_arn.setter
192
- def role_arn(self, value: Optional[pulumi.Input[str]]):
193
+ def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
193
194
  pulumi.set(self, "role_arn", value)
194
195
 
195
196
  @property
196
197
  @pulumi.getter(name="secretAccessKey")
197
- def secret_access_key(self) -> Optional[pulumi.Input[str]]:
198
+ def secret_access_key(self) -> Optional[pulumi.Input[builtins.str]]:
198
199
  """
199
200
  Secret access key to authenticate against the AWS secrets manager.
200
201
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
@@ -203,12 +204,12 @@ class SyncAwsDestinationArgs:
203
204
  return pulumi.get(self, "secret_access_key")
204
205
 
205
206
  @secret_access_key.setter
206
- def secret_access_key(self, value: Optional[pulumi.Input[str]]):
207
+ def secret_access_key(self, value: Optional[pulumi.Input[builtins.str]]):
207
208
  pulumi.set(self, "secret_access_key", value)
208
209
 
209
210
  @property
210
211
  @pulumi.getter(name="secretNameTemplate")
211
- def secret_name_template(self) -> Optional[pulumi.Input[str]]:
212
+ def secret_name_template(self) -> Optional[pulumi.Input[builtins.str]]:
212
213
  """
213
214
  Template describing how to generate external secret names.
214
215
  Supports a subset of the Go Template syntax.
@@ -216,55 +217,55 @@ class SyncAwsDestinationArgs:
216
217
  return pulumi.get(self, "secret_name_template")
217
218
 
218
219
  @secret_name_template.setter
219
- def secret_name_template(self, value: Optional[pulumi.Input[str]]):
220
+ def secret_name_template(self, value: Optional[pulumi.Input[builtins.str]]):
220
221
  pulumi.set(self, "secret_name_template", value)
221
222
 
222
223
 
223
224
  @pulumi.input_type
224
225
  class _SyncAwsDestinationState:
225
226
  def __init__(__self__, *,
226
- access_key_id: Optional[pulumi.Input[str]] = None,
227
- custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
228
- external_id: Optional[pulumi.Input[str]] = None,
229
- granularity: Optional[pulumi.Input[str]] = None,
230
- name: Optional[pulumi.Input[str]] = None,
231
- namespace: Optional[pulumi.Input[str]] = None,
232
- region: Optional[pulumi.Input[str]] = None,
233
- role_arn: Optional[pulumi.Input[str]] = None,
234
- secret_access_key: Optional[pulumi.Input[str]] = None,
235
- secret_name_template: Optional[pulumi.Input[str]] = None,
236
- type: Optional[pulumi.Input[str]] = None):
227
+ access_key_id: Optional[pulumi.Input[builtins.str]] = None,
228
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
229
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
230
+ granularity: Optional[pulumi.Input[builtins.str]] = None,
231
+ name: Optional[pulumi.Input[builtins.str]] = None,
232
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
233
+ region: Optional[pulumi.Input[builtins.str]] = None,
234
+ role_arn: Optional[pulumi.Input[builtins.str]] = None,
235
+ secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
236
+ secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
237
+ type: Optional[pulumi.Input[builtins.str]] = None):
237
238
  """
238
239
  Input properties used for looking up and filtering SyncAwsDestination resources.
239
- :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
240
+ :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
240
241
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
241
242
  variable.
242
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
243
- :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
243
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
244
+ :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
244
245
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
245
246
  The field is mutable with no special condition, but users must be careful that the new value fits with the trust
246
247
  relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
247
248
  denied errors. Ignored if the `role_arn` field is empty.
248
- :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
249
+ :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
249
250
  at the destination. Supports `secret-path` and `secret-key`.
250
- :param pulumi.Input[str] name: Unique name of the AWS destination.
251
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
251
+ :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
252
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
252
253
  The value should not contain leading or trailing forward slashes.
253
254
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
254
- :param pulumi.Input[str] region: Region where to manage the secrets manager entries.
255
+ :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
255
256
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
256
257
  variable.
257
- :param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
258
+ :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
258
259
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
259
260
  exist for Vault to be able to assume this role. The role can be in a different account.
260
261
  The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
261
262
  It is possible to provide both an access key pair and a role to assume.
262
- :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
263
+ :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
263
264
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
264
265
  variable.
265
- :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
266
+ :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
266
267
  Supports a subset of the Go Template syntax.
267
- :param pulumi.Input[str] type: The type of the secrets destination (`aws-sm`).
268
+ :param pulumi.Input[builtins.str] type: The type of the secrets destination (`aws-sm`).
268
269
  """
269
270
  if access_key_id is not None:
270
271
  pulumi.set(__self__, "access_key_id", access_key_id)
@@ -291,7 +292,7 @@ class _SyncAwsDestinationState:
291
292
 
292
293
  @property
293
294
  @pulumi.getter(name="accessKeyId")
294
- def access_key_id(self) -> Optional[pulumi.Input[str]]:
295
+ def access_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
295
296
  """
296
297
  Access key id to authenticate against the AWS secrets manager.
297
298
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
@@ -300,24 +301,24 @@ class _SyncAwsDestinationState:
300
301
  return pulumi.get(self, "access_key_id")
301
302
 
302
303
  @access_key_id.setter
303
- def access_key_id(self, value: Optional[pulumi.Input[str]]):
304
+ def access_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
304
305
  pulumi.set(self, "access_key_id", value)
305
306
 
306
307
  @property
307
308
  @pulumi.getter(name="customTags")
308
- def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
309
+ def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
309
310
  """
310
311
  Custom tags to set on the secret managed at the destination.
311
312
  """
312
313
  return pulumi.get(self, "custom_tags")
313
314
 
314
315
  @custom_tags.setter
315
- def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
316
+ def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
316
317
  pulumi.set(self, "custom_tags", value)
317
318
 
318
319
  @property
319
320
  @pulumi.getter(name="externalId")
320
- def external_id(self) -> Optional[pulumi.Input[str]]:
321
+ def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
321
322
  """
322
323
  Optional extra protection that must match the trust policy granting access to the
323
324
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
@@ -328,12 +329,12 @@ class _SyncAwsDestinationState:
328
329
  return pulumi.get(self, "external_id")
329
330
 
330
331
  @external_id.setter
331
- def external_id(self, value: Optional[pulumi.Input[str]]):
332
+ def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
332
333
  pulumi.set(self, "external_id", value)
333
334
 
334
335
  @property
335
336
  @pulumi.getter
336
- def granularity(self) -> Optional[pulumi.Input[str]]:
337
+ def granularity(self) -> Optional[pulumi.Input[builtins.str]]:
337
338
  """
338
339
  Determines what level of information is synced as a distinct resource
339
340
  at the destination. Supports `secret-path` and `secret-key`.
@@ -341,24 +342,24 @@ class _SyncAwsDestinationState:
341
342
  return pulumi.get(self, "granularity")
342
343
 
343
344
  @granularity.setter
344
- def granularity(self, value: Optional[pulumi.Input[str]]):
345
+ def granularity(self, value: Optional[pulumi.Input[builtins.str]]):
345
346
  pulumi.set(self, "granularity", value)
346
347
 
347
348
  @property
348
349
  @pulumi.getter
349
- def name(self) -> Optional[pulumi.Input[str]]:
350
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
350
351
  """
351
352
  Unique name of the AWS destination.
352
353
  """
353
354
  return pulumi.get(self, "name")
354
355
 
355
356
  @name.setter
356
- def name(self, value: Optional[pulumi.Input[str]]):
357
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
357
358
  pulumi.set(self, "name", value)
358
359
 
359
360
  @property
360
361
  @pulumi.getter
361
- def namespace(self) -> Optional[pulumi.Input[str]]:
362
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
362
363
  """
363
364
  The namespace to provision the resource in.
364
365
  The value should not contain leading or trailing forward slashes.
@@ -367,12 +368,12 @@ class _SyncAwsDestinationState:
367
368
  return pulumi.get(self, "namespace")
368
369
 
369
370
  @namespace.setter
370
- def namespace(self, value: Optional[pulumi.Input[str]]):
371
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
371
372
  pulumi.set(self, "namespace", value)
372
373
 
373
374
  @property
374
375
  @pulumi.getter
375
- def region(self) -> Optional[pulumi.Input[str]]:
376
+ def region(self) -> Optional[pulumi.Input[builtins.str]]:
376
377
  """
377
378
  Region where to manage the secrets manager entries.
378
379
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
@@ -381,12 +382,12 @@ class _SyncAwsDestinationState:
381
382
  return pulumi.get(self, "region")
382
383
 
383
384
  @region.setter
384
- def region(self, value: Optional[pulumi.Input[str]]):
385
+ def region(self, value: Optional[pulumi.Input[builtins.str]]):
385
386
  pulumi.set(self, "region", value)
386
387
 
387
388
  @property
388
389
  @pulumi.getter(name="roleArn")
389
- def role_arn(self) -> Optional[pulumi.Input[str]]:
390
+ def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
390
391
  """
391
392
  Specifies a role to assume when connecting to AWS. When assuming a role,
392
393
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
@@ -397,12 +398,12 @@ class _SyncAwsDestinationState:
397
398
  return pulumi.get(self, "role_arn")
398
399
 
399
400
  @role_arn.setter
400
- def role_arn(self, value: Optional[pulumi.Input[str]]):
401
+ def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
401
402
  pulumi.set(self, "role_arn", value)
402
403
 
403
404
  @property
404
405
  @pulumi.getter(name="secretAccessKey")
405
- def secret_access_key(self) -> Optional[pulumi.Input[str]]:
406
+ def secret_access_key(self) -> Optional[pulumi.Input[builtins.str]]:
406
407
  """
407
408
  Secret access key to authenticate against the AWS secrets manager.
408
409
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
@@ -411,12 +412,12 @@ class _SyncAwsDestinationState:
411
412
  return pulumi.get(self, "secret_access_key")
412
413
 
413
414
  @secret_access_key.setter
414
- def secret_access_key(self, value: Optional[pulumi.Input[str]]):
415
+ def secret_access_key(self, value: Optional[pulumi.Input[builtins.str]]):
415
416
  pulumi.set(self, "secret_access_key", value)
416
417
 
417
418
  @property
418
419
  @pulumi.getter(name="secretNameTemplate")
419
- def secret_name_template(self) -> Optional[pulumi.Input[str]]:
420
+ def secret_name_template(self) -> Optional[pulumi.Input[builtins.str]]:
420
421
  """
421
422
  Template describing how to generate external secret names.
422
423
  Supports a subset of the Go Template syntax.
@@ -424,19 +425,19 @@ class _SyncAwsDestinationState:
424
425
  return pulumi.get(self, "secret_name_template")
425
426
 
426
427
  @secret_name_template.setter
427
- def secret_name_template(self, value: Optional[pulumi.Input[str]]):
428
+ def secret_name_template(self, value: Optional[pulumi.Input[builtins.str]]):
428
429
  pulumi.set(self, "secret_name_template", value)
429
430
 
430
431
  @property
431
432
  @pulumi.getter
432
- def type(self) -> Optional[pulumi.Input[str]]:
433
+ def type(self) -> Optional[pulumi.Input[builtins.str]]:
433
434
  """
434
435
  The type of the secrets destination (`aws-sm`).
435
436
  """
436
437
  return pulumi.get(self, "type")
437
438
 
438
439
  @type.setter
439
- def type(self, value: Optional[pulumi.Input[str]]):
440
+ def type(self, value: Optional[pulumi.Input[builtins.str]]):
440
441
  pulumi.set(self, "type", value)
441
442
 
442
443
 
@@ -445,16 +446,16 @@ class SyncAwsDestination(pulumi.CustomResource):
445
446
  def __init__(__self__,
446
447
  resource_name: str,
447
448
  opts: Optional[pulumi.ResourceOptions] = None,
448
- access_key_id: Optional[pulumi.Input[str]] = None,
449
- custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
450
- external_id: Optional[pulumi.Input[str]] = None,
451
- granularity: Optional[pulumi.Input[str]] = None,
452
- name: Optional[pulumi.Input[str]] = None,
453
- namespace: Optional[pulumi.Input[str]] = None,
454
- region: Optional[pulumi.Input[str]] = None,
455
- role_arn: Optional[pulumi.Input[str]] = None,
456
- secret_access_key: Optional[pulumi.Input[str]] = None,
457
- secret_name_template: Optional[pulumi.Input[str]] = None,
449
+ access_key_id: Optional[pulumi.Input[builtins.str]] = None,
450
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
451
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
452
+ granularity: Optional[pulumi.Input[builtins.str]] = None,
453
+ name: Optional[pulumi.Input[builtins.str]] = None,
454
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
455
+ region: Optional[pulumi.Input[builtins.str]] = None,
456
+ role_arn: Optional[pulumi.Input[builtins.str]] = None,
457
+ secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
458
+ secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
458
459
  __props__=None):
459
460
  """
460
461
  ## Example Usage
@@ -486,33 +487,33 @@ class SyncAwsDestination(pulumi.CustomResource):
486
487
 
487
488
  :param str resource_name: The name of the resource.
488
489
  :param pulumi.ResourceOptions opts: Options for the resource.
489
- :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
490
+ :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
490
491
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
491
492
  variable.
492
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
493
- :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
493
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
494
+ :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
494
495
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
495
496
  The field is mutable with no special condition, but users must be careful that the new value fits with the trust
496
497
  relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
497
498
  denied errors. Ignored if the `role_arn` field is empty.
498
- :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
499
+ :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
499
500
  at the destination. Supports `secret-path` and `secret-key`.
500
- :param pulumi.Input[str] name: Unique name of the AWS destination.
501
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
501
+ :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
502
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
502
503
  The value should not contain leading or trailing forward slashes.
503
504
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
504
- :param pulumi.Input[str] region: Region where to manage the secrets manager entries.
505
+ :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
505
506
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
506
507
  variable.
507
- :param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
508
+ :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
508
509
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
509
510
  exist for Vault to be able to assume this role. The role can be in a different account.
510
511
  The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
511
512
  It is possible to provide both an access key pair and a role to assume.
512
- :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
513
+ :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
513
514
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
514
515
  variable.
515
- :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
516
+ :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
516
517
  Supports a subset of the Go Template syntax.
517
518
  """
518
519
  ...
@@ -564,16 +565,16 @@ class SyncAwsDestination(pulumi.CustomResource):
564
565
  def _internal_init(__self__,
565
566
  resource_name: str,
566
567
  opts: Optional[pulumi.ResourceOptions] = None,
567
- access_key_id: Optional[pulumi.Input[str]] = None,
568
- custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
569
- external_id: Optional[pulumi.Input[str]] = None,
570
- granularity: Optional[pulumi.Input[str]] = None,
571
- name: Optional[pulumi.Input[str]] = None,
572
- namespace: Optional[pulumi.Input[str]] = None,
573
- region: Optional[pulumi.Input[str]] = None,
574
- role_arn: Optional[pulumi.Input[str]] = None,
575
- secret_access_key: Optional[pulumi.Input[str]] = None,
576
- secret_name_template: Optional[pulumi.Input[str]] = None,
568
+ access_key_id: Optional[pulumi.Input[builtins.str]] = None,
569
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
570
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
571
+ granularity: Optional[pulumi.Input[builtins.str]] = None,
572
+ name: Optional[pulumi.Input[builtins.str]] = None,
573
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
574
+ region: Optional[pulumi.Input[builtins.str]] = None,
575
+ role_arn: Optional[pulumi.Input[builtins.str]] = None,
576
+ secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
577
+ secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
577
578
  __props__=None):
578
579
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
579
580
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -606,17 +607,17 @@ class SyncAwsDestination(pulumi.CustomResource):
606
607
  def get(resource_name: str,
607
608
  id: pulumi.Input[str],
608
609
  opts: Optional[pulumi.ResourceOptions] = None,
609
- access_key_id: Optional[pulumi.Input[str]] = None,
610
- custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
611
- external_id: Optional[pulumi.Input[str]] = None,
612
- granularity: Optional[pulumi.Input[str]] = None,
613
- name: Optional[pulumi.Input[str]] = None,
614
- namespace: Optional[pulumi.Input[str]] = None,
615
- region: Optional[pulumi.Input[str]] = None,
616
- role_arn: Optional[pulumi.Input[str]] = None,
617
- secret_access_key: Optional[pulumi.Input[str]] = None,
618
- secret_name_template: Optional[pulumi.Input[str]] = None,
619
- type: Optional[pulumi.Input[str]] = None) -> 'SyncAwsDestination':
610
+ access_key_id: Optional[pulumi.Input[builtins.str]] = None,
611
+ custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
612
+ external_id: Optional[pulumi.Input[builtins.str]] = None,
613
+ granularity: Optional[pulumi.Input[builtins.str]] = None,
614
+ name: Optional[pulumi.Input[builtins.str]] = None,
615
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
616
+ region: Optional[pulumi.Input[builtins.str]] = None,
617
+ role_arn: Optional[pulumi.Input[builtins.str]] = None,
618
+ secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
619
+ secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
620
+ type: Optional[pulumi.Input[builtins.str]] = None) -> 'SyncAwsDestination':
620
621
  """
621
622
  Get an existing SyncAwsDestination resource's state with the given name, id, and optional extra
622
623
  properties used to qualify the lookup.
@@ -624,35 +625,35 @@ class SyncAwsDestination(pulumi.CustomResource):
624
625
  :param str resource_name: The unique name of the resulting resource.
625
626
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
626
627
  :param pulumi.ResourceOptions opts: Options for the resource.
627
- :param pulumi.Input[str] access_key_id: Access key id to authenticate against the AWS secrets manager.
628
+ :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
628
629
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
629
630
  variable.
630
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_tags: Custom tags to set on the secret managed at the destination.
631
- :param pulumi.Input[str] external_id: Optional extra protection that must match the trust policy granting access to the
631
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
632
+ :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
632
633
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
633
634
  The field is mutable with no special condition, but users must be careful that the new value fits with the trust
634
635
  relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
635
636
  denied errors. Ignored if the `role_arn` field is empty.
636
- :param pulumi.Input[str] granularity: Determines what level of information is synced as a distinct resource
637
+ :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource
637
638
  at the destination. Supports `secret-path` and `secret-key`.
638
- :param pulumi.Input[str] name: Unique name of the AWS destination.
639
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
639
+ :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
640
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
640
641
  The value should not contain leading or trailing forward slashes.
641
642
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
642
- :param pulumi.Input[str] region: Region where to manage the secrets manager entries.
643
+ :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
643
644
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
644
645
  variable.
645
- :param pulumi.Input[str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
646
+ :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role,
646
647
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
647
648
  exist for Vault to be able to assume this role. The role can be in a different account.
648
649
  The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
649
650
  It is possible to provide both an access key pair and a role to assume.
650
- :param pulumi.Input[str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
651
+ :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
651
652
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
652
653
  variable.
653
- :param pulumi.Input[str] secret_name_template: Template describing how to generate external secret names.
654
+ :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
654
655
  Supports a subset of the Go Template syntax.
655
- :param pulumi.Input[str] type: The type of the secrets destination (`aws-sm`).
656
+ :param pulumi.Input[builtins.str] type: The type of the secrets destination (`aws-sm`).
656
657
  """
657
658
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
658
659
 
@@ -673,7 +674,7 @@ class SyncAwsDestination(pulumi.CustomResource):
673
674
 
674
675
  @property
675
676
  @pulumi.getter(name="accessKeyId")
676
- def access_key_id(self) -> pulumi.Output[Optional[str]]:
677
+ def access_key_id(self) -> pulumi.Output[Optional[builtins.str]]:
677
678
  """
678
679
  Access key id to authenticate against the AWS secrets manager.
679
680
  Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
@@ -683,7 +684,7 @@ class SyncAwsDestination(pulumi.CustomResource):
683
684
 
684
685
  @property
685
686
  @pulumi.getter(name="customTags")
686
- def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
687
+ def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
687
688
  """
688
689
  Custom tags to set on the secret managed at the destination.
689
690
  """
@@ -691,7 +692,7 @@ class SyncAwsDestination(pulumi.CustomResource):
691
692
 
692
693
  @property
693
694
  @pulumi.getter(name="externalId")
694
- def external_id(self) -> pulumi.Output[Optional[str]]:
695
+ def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
695
696
  """
696
697
  Optional extra protection that must match the trust policy granting access to the
697
698
  AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
@@ -703,7 +704,7 @@ class SyncAwsDestination(pulumi.CustomResource):
703
704
 
704
705
  @property
705
706
  @pulumi.getter
706
- def granularity(self) -> pulumi.Output[Optional[str]]:
707
+ def granularity(self) -> pulumi.Output[Optional[builtins.str]]:
707
708
  """
708
709
  Determines what level of information is synced as a distinct resource
709
710
  at the destination. Supports `secret-path` and `secret-key`.
@@ -712,7 +713,7 @@ class SyncAwsDestination(pulumi.CustomResource):
712
713
 
713
714
  @property
714
715
  @pulumi.getter
715
- def name(self) -> pulumi.Output[str]:
716
+ def name(self) -> pulumi.Output[builtins.str]:
716
717
  """
717
718
  Unique name of the AWS destination.
718
719
  """
@@ -720,7 +721,7 @@ class SyncAwsDestination(pulumi.CustomResource):
720
721
 
721
722
  @property
722
723
  @pulumi.getter
723
- def namespace(self) -> pulumi.Output[Optional[str]]:
724
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
724
725
  """
725
726
  The namespace to provision the resource in.
726
727
  The value should not contain leading or trailing forward slashes.
@@ -730,7 +731,7 @@ class SyncAwsDestination(pulumi.CustomResource):
730
731
 
731
732
  @property
732
733
  @pulumi.getter
733
- def region(self) -> pulumi.Output[Optional[str]]:
734
+ def region(self) -> pulumi.Output[Optional[builtins.str]]:
734
735
  """
735
736
  Region where to manage the secrets manager entries.
736
737
  Can be omitted and directly provided to Vault using the `AWS_REGION` environment
@@ -740,7 +741,7 @@ class SyncAwsDestination(pulumi.CustomResource):
740
741
 
741
742
  @property
742
743
  @pulumi.getter(name="roleArn")
743
- def role_arn(self) -> pulumi.Output[Optional[str]]:
744
+ def role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
744
745
  """
745
746
  Specifies a role to assume when connecting to AWS. When assuming a role,
746
747
  Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
@@ -752,7 +753,7 @@ class SyncAwsDestination(pulumi.CustomResource):
752
753
 
753
754
  @property
754
755
  @pulumi.getter(name="secretAccessKey")
755
- def secret_access_key(self) -> pulumi.Output[Optional[str]]:
756
+ def secret_access_key(self) -> pulumi.Output[Optional[builtins.str]]:
756
757
  """
757
758
  Secret access key to authenticate against the AWS secrets manager.
758
759
  Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
@@ -762,7 +763,7 @@ class SyncAwsDestination(pulumi.CustomResource):
762
763
 
763
764
  @property
764
765
  @pulumi.getter(name="secretNameTemplate")
765
- def secret_name_template(self) -> pulumi.Output[str]:
766
+ def secret_name_template(self) -> pulumi.Output[builtins.str]:
766
767
  """
767
768
  Template describing how to generate external secret names.
768
769
  Supports a subset of the Go Template syntax.
@@ -771,7 +772,7 @@ class SyncAwsDestination(pulumi.CustomResource):
771
772
 
772
773
  @property
773
774
  @pulumi.getter
774
- def type(self) -> pulumi.Output[str]:
775
+ def type(self) -> pulumi.Output[builtins.str]:
775
776
  """
776
777
  The type of the secrets destination (`aws-sm`).
777
778
  """