pulumi-vault 7.0.0a1750489873__py3-none-any.whl → 7.1.0a1752118888__py3-none-any.whl

pulumi_vault/__init__.py

@@ -35,6 +35,7 @@ from .quota_rate_limit import *
 from .raft_autopilot import *
 from .raft_snapshot_agent_config import *
 from .rgp_policy import *
+from .scep_auth_backend_role import *
 from .token import *
 from ._inputs import *
 from . import outputs
@@ -797,6 +798,14 @@ _utilities.register(
    "vault:index/rgpPolicy:RgpPolicy": "RgpPolicy"
   }
  },
+ {
+  "pkg": "vault",
+  "mod": "index/scepAuthBackendRole",
+  "fqn": "pulumi_vault",
+  "classes": {
+   "vault:index/scepAuthBackendRole:ScepAuthBackendRole": "ScepAuthBackendRole"
+  }
+ },
  {
   "pkg": "vault",
   "mod": "index/token",
@@ -1053,6 +1062,14 @@ _utilities.register(
    "vault:pkiSecret/backendConfigEst:BackendConfigEst": "BackendConfigEst"
   }
  },
+ {
+  "pkg": "vault",
+  "mod": "pkiSecret/backendConfigScep",
+  "fqn": "pulumi_vault.pkisecret",
+  "classes": {
+   "vault:pkiSecret/backendConfigScep:BackendConfigScep": "BackendConfigScep"
+  }
+ },
  {
   "pkg": "vault",
   "mod": "pkiSecret/secretBackendCert",

pulumi_vault/database/_inputs.py

@@ -3546,6 +3546,10 @@ if not MYPY:
         """
         Version counter for root credential password write-only field
         """
+        private_key_wo_version: NotRequired[pulumi.Input[builtins.int]]
+        """
+        Version counter for the private key key-pair credentials write-only field
+        """
         username: NotRequired[pulumi.Input[builtins.str]]
         """
         The root credential username used in the connection URL
@@ -3566,6 +3570,7 @@ class SecretBackendConnectionSnowflakeArgs:
                  max_open_connections: Optional[pulumi.Input[builtins.int]] = None,
                  password: Optional[pulumi.Input[builtins.str]] = None,
                  password_wo_version: Optional[pulumi.Input[builtins.int]] = None,
+                 private_key_wo_version: Optional[pulumi.Input[builtins.int]] = None,
                  username: Optional[pulumi.Input[builtins.str]] = None,
                  username_template: Optional[pulumi.Input[builtins.str]] = None):
         """
@@ -3575,6 +3580,7 @@ class SecretBackendConnectionSnowflakeArgs:
         :param pulumi.Input[builtins.int] max_open_connections: Maximum number of open connections to the database.
         :param pulumi.Input[builtins.str] password: The root credential password used in the connection URL
         :param pulumi.Input[builtins.int] password_wo_version: Version counter for root credential password write-only field
+        :param pulumi.Input[builtins.int] private_key_wo_version: Version counter for the private key key-pair credentials write-only field
         :param pulumi.Input[builtins.str] username: The root credential username used in the connection URL
         :param pulumi.Input[builtins.str] username_template: Username generation template.
         """
@@ -3586,10 +3592,15 @@ class SecretBackendConnectionSnowflakeArgs:
             pulumi.set(__self__, "max_idle_connections", max_idle_connections)
         if max_open_connections is not None:
             pulumi.set(__self__, "max_open_connections", max_open_connections)
+        if password is not None:
+            warnings.warn("""Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""", DeprecationWarning)
+            pulumi.log.warn("""password is deprecated: Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""")
         if password is not None:
             pulumi.set(__self__, "password", password)
         if password_wo_version is not None:
             pulumi.set(__self__, "password_wo_version", password_wo_version)
+        if private_key_wo_version is not None:
+            pulumi.set(__self__, "private_key_wo_version", private_key_wo_version)
         if username is not None:
             pulumi.set(__self__, "username", username)
         if username_template is not None:
@@ -3645,6 +3656,7 @@ class SecretBackendConnectionSnowflakeArgs:
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""")
     def password(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The root credential password used in the connection URL
@@ -3667,6 +3679,18 @@ class SecretBackendConnectionSnowflakeArgs:
     def password_wo_version(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "password_wo_version", value)
 
+    @property
+    @pulumi.getter(name="privateKeyWoVersion")
+    def private_key_wo_version(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        Version counter for the private key key-pair credentials write-only field
+        """
+        return pulumi.get(self, "private_key_wo_version")
+
+    @private_key_wo_version.setter
+    def private_key_wo_version(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "private_key_wo_version", value)
+
     @property
     @pulumi.getter
     def username(self) -> Optional[pulumi.Input[builtins.str]]:
@@ -10960,6 +10984,10 @@ if not MYPY:
         """
         Specifies the name of the plugin to use.
         """
+        private_key_wo_version: NotRequired[pulumi.Input[builtins.int]]
+        """
+        Version counter for the private key key-pair credentials write-only field
+        """
         root_rotation_statements: NotRequired[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]
         """
         A list of database statements to be executed to rotate the root user's credentials.
@@ -11010,6 +11038,7 @@ class SecretsMountSnowflakeArgs:
                  password: Optional[pulumi.Input[builtins.str]] = None,
                  password_wo_version: Optional[pulumi.Input[builtins.int]] = None,
                  plugin_name: Optional[pulumi.Input[builtins.str]] = None,
+                 private_key_wo_version: Optional[pulumi.Input[builtins.int]] = None,
                  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
                  rotation_period: Optional[pulumi.Input[builtins.int]] = None,
                  rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
@@ -11032,6 +11061,7 @@ class SecretsMountSnowflakeArgs:
         :param pulumi.Input[builtins.str] password: The root credential password used in the connection URL
         :param pulumi.Input[builtins.int] password_wo_version: Version counter for root credential password write-only field
         :param pulumi.Input[builtins.str] plugin_name: Specifies the name of the plugin to use.
+        :param pulumi.Input[builtins.int] private_key_wo_version: Version counter for the private key key-pair credentials write-only field
         :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
         :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
                A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
@@ -11060,12 +11090,17 @@ class SecretsMountSnowflakeArgs:
             pulumi.set(__self__, "max_idle_connections", max_idle_connections)
         if max_open_connections is not None:
             pulumi.set(__self__, "max_open_connections", max_open_connections)
+        if password is not None:
+            warnings.warn("""Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""", DeprecationWarning)
+            pulumi.log.warn("""password is deprecated: Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""")
         if password is not None:
             pulumi.set(__self__, "password", password)
         if password_wo_version is not None:
             pulumi.set(__self__, "password_wo_version", password_wo_version)
         if plugin_name is not None:
             pulumi.set(__self__, "plugin_name", plugin_name)
+        if private_key_wo_version is not None:
+            pulumi.set(__self__, "private_key_wo_version", private_key_wo_version)
         if root_rotation_statements is not None:
             pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
         if rotation_period is not None:
@@ -11182,6 +11217,7 @@ class SecretsMountSnowflakeArgs:
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""")
     def password(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The root credential password used in the connection URL
@@ -11216,6 +11252,18 @@ class SecretsMountSnowflakeArgs:
     def plugin_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "plugin_name", value)
 
+    @property
+    @pulumi.getter(name="privateKeyWoVersion")
+    def private_key_wo_version(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        Version counter for the private key key-pair credentials write-only field
+        """
+        return pulumi.get(self, "private_key_wo_version")
+
+    @private_key_wo_version.setter
+    def private_key_wo_version(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "private_key_wo_version", value)
+
     @property
     @pulumi.getter(name="rootRotationStatements")
     def root_rotation_statements(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:

pulumi_vault/database/outputs.py

@@ -2586,6 +2586,8 @@ class SecretBackendConnectionSnowflake(dict):
             suggest = "max_open_connections"
         elif key == "passwordWoVersion":
             suggest = "password_wo_version"
+        elif key == "privateKeyWoVersion":
+            suggest = "private_key_wo_version"
         elif key == "usernameTemplate":
             suggest = "username_template"
 
@@ -2607,6 +2609,7 @@ class SecretBackendConnectionSnowflake(dict):
                  max_open_connections: Optional[builtins.int] = None,
                  password: Optional[builtins.str] = None,
                  password_wo_version: Optional[builtins.int] = None,
+                 private_key_wo_version: Optional[builtins.int] = None,
                  username: Optional[builtins.str] = None,
                  username_template: Optional[builtins.str] = None):
         """
@@ -2616,6 +2619,7 @@ class SecretBackendConnectionSnowflake(dict):
         :param builtins.int max_open_connections: Maximum number of open connections to the database.
         :param builtins.str password: The root credential password used in the connection URL
         :param builtins.int password_wo_version: Version counter for root credential password write-only field
+        :param builtins.int private_key_wo_version: Version counter for the private key key-pair credentials write-only field
         :param builtins.str username: The root credential username used in the connection URL
         :param builtins.str username_template: Username generation template.
         """
@@ -2631,6 +2635,8 @@ class SecretBackendConnectionSnowflake(dict):
             pulumi.set(__self__, "password", password)
         if password_wo_version is not None:
             pulumi.set(__self__, "password_wo_version", password_wo_version)
+        if private_key_wo_version is not None:
+            pulumi.set(__self__, "private_key_wo_version", private_key_wo_version)
         if username is not None:
             pulumi.set(__self__, "username", username)
         if username_template is not None:
@@ -2670,6 +2676,7 @@ class SecretBackendConnectionSnowflake(dict):
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""")
     def password(self) -> Optional[builtins.str]:
         """
         The root credential password used in the connection URL
@@ -2684,6 +2691,14 @@ class SecretBackendConnectionSnowflake(dict):
         """
         return pulumi.get(self, "password_wo_version")
 
+    @property
+    @pulumi.getter(name="privateKeyWoVersion")
+    def private_key_wo_version(self) -> Optional[builtins.int]:
+        """
+        Version counter for the private key key-pair credentials write-only field
+        """
+        return pulumi.get(self, "private_key_wo_version")
+
     @property
     @pulumi.getter
     def username(self) -> Optional[builtins.str]:
@@ -7821,6 +7836,8 @@ class SecretsMountSnowflake(dict):
             suggest = "password_wo_version"
         elif key == "pluginName":
             suggest = "plugin_name"
+        elif key == "privateKeyWoVersion":
+            suggest = "private_key_wo_version"
         elif key == "rootRotationStatements":
             suggest = "root_rotation_statements"
         elif key == "rotationPeriod":
@@ -7857,6 +7874,7 @@ class SecretsMountSnowflake(dict):
                  password: Optional[builtins.str] = None,
                  password_wo_version: Optional[builtins.int] = None,
                  plugin_name: Optional[builtins.str] = None,
+                 private_key_wo_version: Optional[builtins.int] = None,
                  root_rotation_statements: Optional[Sequence[builtins.str]] = None,
                  rotation_period: Optional[builtins.int] = None,
                  rotation_schedule: Optional[builtins.str] = None,
@@ -7879,6 +7897,7 @@ class SecretsMountSnowflake(dict):
         :param builtins.str password: The root credential password used in the connection URL
         :param builtins.int password_wo_version: Version counter for root credential password write-only field
         :param builtins.str plugin_name: Specifies the name of the plugin to use.
+        :param builtins.int private_key_wo_version: Version counter for the private key key-pair credentials write-only field
         :param Sequence[builtins.str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
         :param builtins.int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
                A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
@@ -7913,6 +7932,8 @@ class SecretsMountSnowflake(dict):
             pulumi.set(__self__, "password_wo_version", password_wo_version)
         if plugin_name is not None:
             pulumi.set(__self__, "plugin_name", plugin_name)
+        if private_key_wo_version is not None:
+            pulumi.set(__self__, "private_key_wo_version", private_key_wo_version)
         if root_rotation_statements is not None:
             pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
         if rotation_period is not None:
@@ -7997,6 +8018,7 @@ class SecretsMountSnowflake(dict):
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""Snowflake is ending support for single-factor password authentication by November 2025. Refer to the documentation for more information on migrating to key-pair authentication.""")
     def password(self) -> Optional[builtins.str]:
         """
         The root credential password used in the connection URL
@@ -8019,6 +8041,14 @@ class SecretsMountSnowflake(dict):
         """
         return pulumi.get(self, "plugin_name")
 
+    @property
+    @pulumi.getter(name="privateKeyWoVersion")
+    def private_key_wo_version(self) -> Optional[builtins.int]:
+        """
+        Version counter for the private key key-pair credentials write-only field
+        """
+        return pulumi.get(self, "private_key_wo_version")
+
     @property
     @pulumi.getter(name="rootRotationStatements")
     def root_rotation_statements(self) -> Optional[Sequence[builtins.str]]:

pulumi_vault/database/secret_backend_connection.py

@@ -1106,6 +1106,11 @@ class SecretBackendConnection(pulumi.CustomResource):
         * `password_wo` - (Optional) The password for the user. Can be updated.
           **Note**: This property is write-only and will not be read from the API.
 
+        The following write-only attribute is supported only for Snowflake DB:
+
+        * `private_key_wo` - (Optional) The private key associated with the Snowflake user.
+          **Note**: This property is write-only and will not be read from the API.
+
         ## Import
 
         Database secret backend connections can be imported using the `backend`, `/config/`, and the `name` e.g.
@@ -1195,6 +1200,11 @@ class SecretBackendConnection(pulumi.CustomResource):
         * `password_wo` - (Optional) The password for the user. Can be updated.
           **Note**: This property is write-only and will not be read from the API.
 
+        The following write-only attribute is supported only for Snowflake DB:
+
+        * `private_key_wo` - (Optional) The private key associated with the Snowflake user.
+          **Note**: This property is write-only and will not be read from the API.
+
         ## Import
 
         Database secret backend connections can be imported using the `backend`, `/config/`, and the `name` e.g.

pulumi_vault/pkisecret/__init__.py

@@ -12,9 +12,11 @@ from .backend_config_auto_tidy import *
 from .backend_config_cluster import *
 from .backend_config_cmpv2 import *
 from .backend_config_est import *
+from .backend_config_scep import *
 from .get_backend_cert_metadata import *
 from .get_backend_config_cmpv2 import *
 from .get_backend_config_est import *
+from .get_backend_config_scep import *
 from .get_backend_issuer import *
 from .get_backend_issuers import *
 from .get_backend_key import *

pulumi_vault/pkisecret/_inputs.py

@@ -20,6 +20,10 @@ __all__ = [
     'BackendConfigCmpv2AuthenticatorsArgsDict',
     'BackendConfigEstAuthenticatorsArgs',
     'BackendConfigEstAuthenticatorsArgsDict',
+    'BackendConfigScepAuthenticatorsArgs',
+    'BackendConfigScepAuthenticatorsArgsDict',
+    'BackendConfigScepExternalValidationArgs',
+    'BackendConfigScepExternalValidationArgsDict',
     'SecretBackendRolePolicyIdentifierArgs',
     'SecretBackendRolePolicyIdentifierArgsDict',
 ]
@@ -62,11 +66,11 @@ if not MYPY:
     class BackendConfigEstAuthenticatorsArgsDict(TypedDict):
         cert: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]
         """
-        "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        The accessor (required) and cert_role (optional) properties for cert auth backends.
         """
         userpass: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]
         """
-        "The accessor (required) property for user pass auth backends".
+        The accessor (required) property for user pass auth backends.
         """
 elif False:
     BackendConfigEstAuthenticatorsArgsDict: TypeAlias = Mapping[str, Any]
@@ -77,8 +81,8 @@ class BackendConfigEstAuthenticatorsArgs:
                  cert: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
                  userpass: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None):
         """
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] userpass: "The accessor (required) property for user pass auth backends".
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] cert: The accessor (required) and cert_role (optional) properties for cert auth backends.
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] userpass: The accessor (required) property for user pass auth backends.
         """
         if cert is not None:
             pulumi.set(__self__, "cert", cert)
@@ -89,7 +93,7 @@ class BackendConfigEstAuthenticatorsArgs:
     @pulumi.getter
     def cert(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
         """
-        "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        The accessor (required) and cert_role (optional) properties for cert auth backends.
         """
         return pulumi.get(self, "cert")
 
@@ -101,7 +105,7 @@ class BackendConfigEstAuthenticatorsArgs:
     @pulumi.getter
     def userpass(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
         """
-        "The accessor (required) property for user pass auth backends".
+        The accessor (required) property for user pass auth backends.
         """
         return pulumi.get(self, "userpass")
 
@@ -110,6 +114,90 @@ class BackendConfigEstAuthenticatorsArgs:
         pulumi.set(self, "userpass", value)
 
 
+if not MYPY:
+    class BackendConfigScepAuthenticatorsArgsDict(TypedDict):
+        cert: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]
+        """
+        The accessor and cert_role properties for cert auth backends
+        """
+        scep: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]
+        """
+        The accessor property for SCEP auth backends
+        """
+elif False:
+    BackendConfigScepAuthenticatorsArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class BackendConfigScepAuthenticatorsArgs:
+    def __init__(__self__, *,
+                 cert: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
+                 scep: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None):
+        """
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] cert: The accessor and cert_role properties for cert auth backends
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] scep: The accessor property for SCEP auth backends
+        """
+        if cert is not None:
+            pulumi.set(__self__, "cert", cert)
+        if scep is not None:
+            pulumi.set(__self__, "scep", scep)
+
+    @property
+    @pulumi.getter
+    def cert(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+        """
+        The accessor and cert_role properties for cert auth backends
+        """
+        return pulumi.get(self, "cert")
+
+    @cert.setter
+    def cert(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+        pulumi.set(self, "cert", value)
+
+    @property
+    @pulumi.getter
+    def scep(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+        """
+        The accessor property for SCEP auth backends
+        """
+        return pulumi.get(self, "scep")
+
+    @scep.setter
+    def scep(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+        pulumi.set(self, "scep", value)
+
+
+if not MYPY:
+    class BackendConfigScepExternalValidationArgsDict(TypedDict):
+        intune: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]
+        """
+        The credentials to enable Microsoft Intune validation of SCEP requests
+        """
+elif False:
+    BackendConfigScepExternalValidationArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class BackendConfigScepExternalValidationArgs:
+    def __init__(__self__, *,
+                 intune: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None):
+        """
+        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] intune: The credentials to enable Microsoft Intune validation of SCEP requests
+        """
+        if intune is not None:
+            pulumi.set(__self__, "intune", intune)
+
+    @property
+    @pulumi.getter
+    def intune(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+        """
+        The credentials to enable Microsoft Intune validation of SCEP requests
+        """
+        return pulumi.get(self, "intune")
+
+    @intune.setter
+    def intune(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+        pulumi.set(self, "intune", value)
+
+
 if not MYPY:
     class SecretBackendRolePolicyIdentifierArgsDict(TypedDict):
         oid: pulumi.Input[builtins.str]