pulumi-vault 7.1.0__py3-none-any.whl → 7.2.0__py3-none-any.whl

pulumi_vault/aws/secret_backend_role.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,75 +19,75 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
 @pulumi.input_type
 class SecretBackendRoleArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[builtins.str],
-                 credential_type: pulumi.Input[builtins.str],
-                 default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 policy_document: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 user_path: Optional[pulumi.Input[builtins.str]] = None):
+                 backend: pulumi.Input[_builtins.str],
+                 credential_type: pulumi.Input[_builtins.str],
+                 default_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 max_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 permissions_boundary_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 policy_document: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 user_path: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackendRole resource.
-        :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
+        :param pulumi.Input[_builtins.str] backend: The path the AWS secret backend is mounted at,
                with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
+        :param pulumi.Input[_builtins.str] credential_type: Specifies the type of credential to be used when
                retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
                `federation_token`.
-        :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
+        :param pulumi.Input[_builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
                When a TTL is not specified when STS credentials are requested,
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds. 
+        :param pulumi.Input[_builtins.str] external_id: External ID to set for assume role creds. 
                Valid only when `credential_type` is set to `assumed_role`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] iam_tags: A map of strings representing key/value pairs
                to be used as tags for any IAM user that is created by this role.
-        :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
+        :param pulumi.Input[_builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
+        :param pulumi.Input[_builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
                Boundary to attach to IAM users created in the role. Valid only when
                `credential_type` is `iam_user`. If not specified, then no permissions boundary
                policy will be attached.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
                behavior depends on the credential type. With `iam_user`, the policies will be
                attached to IAM users when they are requested. With `assumed_role` and
                `federation_token`, the policy ARNs will act as a filter on what the credentials
                can do, similar to `policy_document`. When `credential_type` is `iam_user` or
                `federation_token`, at least one of `policy_document` or `policy_arns` must
                be specified.
-        :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
+        :param pulumi.Input[_builtins.str] policy_document: The IAM policy document for the role. The
                behavior depends on the credential type. With `iam_user`, the policy document
                will be attached to the IAM user generated and augment the permissions the IAM
                user has. With `assumed_role` and `federation_token`, the policy document will
                act as a filter on what the credentials can do, similar to `policy_arns`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
                during assume role creds creation. Valid only when `credential_type` is set to
                `assumed_role`.
-        :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when 
+        :param pulumi.Input[_builtins.str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
         pulumi.set(__self__, "backend", backend)
@@ -120,9 +119,9 @@ class SecretBackendRoleArgs:
         if user_path is not None:
             pulumi.set(__self__, "user_path", user_path)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[builtins.str]:
+    def backend(self) -> pulumi.Input[_builtins.str]:
         """
         The path the AWS secret backend is mounted at,
         with no leading or trailing `/`s.
@@ -130,12 +129,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: pulumi.Input[builtins.str]):
+    def backend(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="credentialType")
-    def credential_type(self) -> pulumi.Input[builtins.str]:
+    def credential_type(self) -> pulumi.Input[_builtins.str]:
         """
         Specifies the type of credential to be used when
         retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
@@ -144,12 +143,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "credential_type")
 
     @credential_type.setter
-    def credential_type(self, value: pulumi.Input[builtins.str]):
+    def credential_type(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "credential_type", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultStsTtl")
-    def default_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
+    def default_sts_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The default TTL in seconds for STS credentials.
         When a TTL is not specified when STS credentials are requested,
@@ -160,12 +159,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "default_sts_ttl")
 
     @default_sts_ttl.setter
-    def default_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
+    def default_sts_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "default_sts_ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         External ID to set for assume role creds. 
         Valid only when `credential_type` is set to `assumed_role`.
@@ -173,12 +172,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "external_id")
 
     @external_id.setter
-    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "external_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="iamGroups")
-    def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of IAM group names. IAM users generated
         against this vault role will be added to these IAM Groups. For a credential
@@ -190,12 +189,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "iam_groups")
 
     @iam_groups.setter
-    def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "iam_groups", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="iamTags")
-    def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A map of strings representing key/value pairs
         to be used as tags for any IAM user that is created by this role.
@@ -203,12 +202,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "iam_tags")
 
     @iam_tags.setter
-    def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "iam_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxStsTtl")
-    def max_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
+    def max_sts_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The max allowed TTL in seconds for STS credentials
         (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
@@ -217,12 +216,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "max_sts_ttl")
 
     @max_sts_ttl.setter
-    def max_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
+    def max_sts_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "max_sts_ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this role within the backend.
         Must be unique within the backend.
@@ -230,12 +229,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -245,12 +244,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="permissionsBoundaryArn")
-    def permissions_boundary_arn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def permissions_boundary_arn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The ARN of the AWS Permissions 
         Boundary to attach to IAM users created in the role. Valid only when
@@ -260,12 +259,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "permissions_boundary_arn")
 
     @permissions_boundary_arn.setter
-    def permissions_boundary_arn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def permissions_boundary_arn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "permissions_boundary_arn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyArns")
-    def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies a list of AWS managed policy ARNs. The
         behavior depends on the credential type. With `iam_user`, the policies will be
@@ -278,12 +277,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "policy_arns")
 
     @policy_arns.setter
-    def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "policy_arns", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyDocument")
-    def policy_document(self) -> Optional[pulumi.Input[builtins.str]]:
+    def policy_document(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The IAM policy document for the role. The
         behavior depends on the credential type. With `iam_user`, the policy document
@@ -294,12 +293,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "policy_document")
 
     @policy_document.setter
-    def policy_document(self, value: Optional[pulumi.Input[builtins.str]]):
+    def policy_document(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "policy_document", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleArns")
-    def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the ARNs of the AWS roles this Vault role
         is allowed to assume. Required when `credential_type` is `assumed_role` and
@@ -308,12 +307,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "role_arns")
 
     @role_arns.setter
-    def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "role_arns", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sessionTags")
-    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A map of strings representing key/value pairs to be set
         during assume role creds creation. Valid only when `credential_type` is set to
@@ -322,12 +321,12 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "session_tags")
 
     @session_tags.setter
-    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "session_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="userPath")
-    def user_path(self) -> Optional[pulumi.Input[builtins.str]]:
+    def user_path(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The path for the user name. Valid only when 
         `credential_type` is `iam_user`. Default is `/`.
@@ -335,82 +334,82 @@ class SecretBackendRoleArgs:
         return pulumi.get(self, "user_path")
 
     @user_path.setter
-    def user_path(self, value: Optional[pulumi.Input[builtins.str]]):
+    def user_path(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "user_path", value)
 
 
 @pulumi.input_type
 class _SecretBackendRoleState:
     def __init__(__self__, *,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 credential_type: Optional[pulumi.Input[builtins.str]] = None,
-                 default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 policy_document: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 user_path: Optional[pulumi.Input[builtins.str]] = None):
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 credential_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 default_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 max_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 permissions_boundary_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 policy_document: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 user_path: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendRole resources.
-        :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
+        :param pulumi.Input[_builtins.str] backend: The path the AWS secret backend is mounted at,
                with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
+        :param pulumi.Input[_builtins.str] credential_type: Specifies the type of credential to be used when
                retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
                `federation_token`.
-        :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
+        :param pulumi.Input[_builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
                When a TTL is not specified when STS credentials are requested,
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds. 
+        :param pulumi.Input[_builtins.str] external_id: External ID to set for assume role creds. 
                Valid only when `credential_type` is set to `assumed_role`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] iam_tags: A map of strings representing key/value pairs
                to be used as tags for any IAM user that is created by this role.
-        :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
+        :param pulumi.Input[_builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
+        :param pulumi.Input[_builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
                Boundary to attach to IAM users created in the role. Valid only when
                `credential_type` is `iam_user`. If not specified, then no permissions boundary
                policy will be attached.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
                behavior depends on the credential type. With `iam_user`, the policies will be
                attached to IAM users when they are requested. With `assumed_role` and
                `federation_token`, the policy ARNs will act as a filter on what the credentials
                can do, similar to `policy_document`. When `credential_type` is `iam_user` or
                `federation_token`, at least one of `policy_document` or `policy_arns` must
                be specified.
-        :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
+        :param pulumi.Input[_builtins.str] policy_document: The IAM policy document for the role. The
                behavior depends on the credential type. With `iam_user`, the policy document
                will be attached to the IAM user generated and augment the permissions the IAM
                user has. With `assumed_role` and `federation_token`, the policy document will
                act as a filter on what the credentials can do, similar to `policy_arns`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
                during assume role creds creation. Valid only when `credential_type` is set to
                `assumed_role`.
-        :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when 
+        :param pulumi.Input[_builtins.str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
         if backend is not None:
@@ -444,9 +443,9 @@ class _SecretBackendRoleState:
         if user_path is not None:
             pulumi.set(__self__, "user_path", user_path)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The path the AWS secret backend is mounted at,
         with no leading or trailing `/`s.
@@ -454,12 +453,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="credentialType")
-    def credential_type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def credential_type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the type of credential to be used when
         retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
@@ -468,12 +467,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "credential_type")
 
     @credential_type.setter
-    def credential_type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def credential_type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "credential_type", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultStsTtl")
-    def default_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
+    def default_sts_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The default TTL in seconds for STS credentials.
         When a TTL is not specified when STS credentials are requested,
@@ -484,12 +483,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "default_sts_ttl")
 
     @default_sts_ttl.setter
-    def default_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
+    def default_sts_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "default_sts_ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         External ID to set for assume role creds. 
         Valid only when `credential_type` is set to `assumed_role`.
@@ -497,12 +496,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "external_id")
 
     @external_id.setter
-    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "external_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="iamGroups")
-    def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def iam_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         A list of IAM group names. IAM users generated
         against this vault role will be added to these IAM Groups. For a credential
@@ -514,12 +513,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "iam_groups")
 
     @iam_groups.setter
-    def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def iam_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "iam_groups", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="iamTags")
-    def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def iam_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A map of strings representing key/value pairs
         to be used as tags for any IAM user that is created by this role.
@@ -527,12 +526,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "iam_tags")
 
     @iam_tags.setter
-    def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def iam_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "iam_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxStsTtl")
-    def max_sts_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
+    def max_sts_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The max allowed TTL in seconds for STS credentials
         (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
@@ -541,12 +540,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "max_sts_ttl")
 
     @max_sts_ttl.setter
-    def max_sts_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
+    def max_sts_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "max_sts_ttl", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this role within the backend.
         Must be unique within the backend.
@@ -554,12 +553,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -569,12 +568,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="permissionsBoundaryArn")
-    def permissions_boundary_arn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def permissions_boundary_arn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The ARN of the AWS Permissions 
         Boundary to attach to IAM users created in the role. Valid only when
@@ -584,12 +583,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "permissions_boundary_arn")
 
     @permissions_boundary_arn.setter
-    def permissions_boundary_arn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def permissions_boundary_arn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "permissions_boundary_arn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyArns")
-    def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def policy_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies a list of AWS managed policy ARNs. The
         behavior depends on the credential type. With `iam_user`, the policies will be
@@ -602,12 +601,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "policy_arns")
 
     @policy_arns.setter
-    def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def policy_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "policy_arns", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyDocument")
-    def policy_document(self) -> Optional[pulumi.Input[builtins.str]]:
+    def policy_document(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The IAM policy document for the role. The
         behavior depends on the credential type. With `iam_user`, the policy document
@@ -618,12 +617,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "policy_document")
 
     @policy_document.setter
-    def policy_document(self, value: Optional[pulumi.Input[builtins.str]]):
+    def policy_document(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "policy_document", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleArns")
-    def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def role_arns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         Specifies the ARNs of the AWS roles this Vault role
         is allowed to assume. Required when `credential_type` is `assumed_role` and
@@ -632,12 +631,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "role_arns")
 
     @role_arns.setter
-    def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def role_arns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "role_arns", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sessionTags")
-    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def session_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         A map of strings representing key/value pairs to be set
         during assume role creds creation. Valid only when `credential_type` is set to
@@ -646,12 +645,12 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "session_tags")
 
     @session_tags.setter
-    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def session_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "session_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="userPath")
-    def user_path(self) -> Optional[pulumi.Input[builtins.str]]:
+    def user_path(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The path for the user name. Valid only when 
         `credential_type` is `iam_user`. Default is `/`.
@@ -659,7 +658,7 @@ class _SecretBackendRoleState:
         return pulumi.get(self, "user_path")
 
     @user_path.setter
-    def user_path(self, value: Optional[pulumi.Input[builtins.str]]):
+    def user_path(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "user_path", value)
 
 
@@ -669,21 +668,21 @@ class SecretBackendRole(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 credential_type: Optional[pulumi.Input[builtins.str]] = None,
-                 default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 policy_document: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 user_path: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 credential_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 default_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 max_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 permissions_boundary_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 policy_document: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 user_path: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -722,58 +721,58 @@ class SecretBackendRole(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
+        :param pulumi.Input[_builtins.str] backend: The path the AWS secret backend is mounted at,
                with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
+        :param pulumi.Input[_builtins.str] credential_type: Specifies the type of credential to be used when
                retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
                `federation_token`.
-        :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
+        :param pulumi.Input[_builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
                When a TTL is not specified when STS credentials are requested,
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds. 
+        :param pulumi.Input[_builtins.str] external_id: External ID to set for assume role creds. 
                Valid only when `credential_type` is set to `assumed_role`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] iam_tags: A map of strings representing key/value pairs
                to be used as tags for any IAM user that is created by this role.
-        :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
+        :param pulumi.Input[_builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
+        :param pulumi.Input[_builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
                Boundary to attach to IAM users created in the role. Valid only when
                `credential_type` is `iam_user`. If not specified, then no permissions boundary
                policy will be attached.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
                behavior depends on the credential type. With `iam_user`, the policies will be
                attached to IAM users when they are requested. With `assumed_role` and
                `federation_token`, the policy ARNs will act as a filter on what the credentials
                can do, similar to `policy_document`. When `credential_type` is `iam_user` or
                `federation_token`, at least one of `policy_document` or `policy_arns` must
                be specified.
-        :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
+        :param pulumi.Input[_builtins.str] policy_document: The IAM policy document for the role. The
                behavior depends on the credential type. With `iam_user`, the policy document
                will be attached to the IAM user generated and augment the permissions the IAM
                user has. With `assumed_role` and `federation_token`, the policy document will
                act as a filter on what the credentials can do, similar to `policy_arns`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
                during assume role creds creation. Valid only when `credential_type` is set to
                `assumed_role`.
-        :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when 
+        :param pulumi.Input[_builtins.str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
         ...
@@ -832,21 +831,21 @@ class SecretBackendRole(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 credential_type: Optional[pulumi.Input[builtins.str]] = None,
-                 default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 policy_document: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 user_path: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 credential_type: Optional[pulumi.Input[_builtins.str]] = None,
+                 default_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 max_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 permissions_boundary_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 policy_document: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 user_path: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -885,21 +884,21 @@ class SecretBackendRole(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            backend: Optional[pulumi.Input[builtins.str]] = None,
-            credential_type: Optional[pulumi.Input[builtins.str]] = None,
-            default_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-            external_id: Optional[pulumi.Input[builtins.str]] = None,
-            iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-            max_sts_ttl: Optional[pulumi.Input[builtins.int]] = None,
-            name: Optional[pulumi.Input[builtins.str]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            permissions_boundary_arn: Optional[pulumi.Input[builtins.str]] = None,
-            policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            policy_document: Optional[pulumi.Input[builtins.str]] = None,
-            role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-            user_path: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendRole':
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            credential_type: Optional[pulumi.Input[_builtins.str]] = None,
+            default_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+            external_id: Optional[pulumi.Input[_builtins.str]] = None,
+            iam_groups: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            iam_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            max_sts_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            permissions_boundary_arn: Optional[pulumi.Input[_builtins.str]] = None,
+            policy_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            policy_document: Optional[pulumi.Input[_builtins.str]] = None,
+            role_arns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            session_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            user_path: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackendRole':
         """
         Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -907,58 +906,58 @@ class SecretBackendRole(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] backend: The path the AWS secret backend is mounted at,
+        :param pulumi.Input[_builtins.str] backend: The path the AWS secret backend is mounted at,
                with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.str] credential_type: Specifies the type of credential to be used when
+        :param pulumi.Input[_builtins.str] credential_type: Specifies the type of credential to be used when
                retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
                `federation_token`.
-        :param pulumi.Input[builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
+        :param pulumi.Input[_builtins.int] default_sts_ttl: The default TTL in seconds for STS credentials.
                When a TTL is not specified when STS credentials are requested,
                and a default TTL is specified on the role,
                then this default TTL will be used. Valid only when `credential_type` is one of
                `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] external_id: External ID to set for assume role creds. 
+        :param pulumi.Input[_builtins.str] external_id: External ID to set for assume role creds. 
                Valid only when `credential_type` is set to `assumed_role`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_groups: A list of IAM group names. IAM users generated
                against this vault role will be added to these IAM Groups. For a credential
                type of `assumed_role` or `federation_token`, the policies sent to the
                corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
                policies from each group in `iam_groups` combined with the `policy_document`
                and `policy_arns` parameters.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] iam_tags: A map of strings representing key/value pairs
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] iam_tags: A map of strings representing key/value pairs
                to be used as tags for any IAM user that is created by this role.
-        :param pulumi.Input[builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
+        :param pulumi.Input[_builtins.int] max_sts_ttl: The max allowed TTL in seconds for STS credentials
                (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
                one of `assumed_role` or `federation_token`.
-        :param pulumi.Input[builtins.str] name: The name to identify this role within the backend.
+        :param pulumi.Input[_builtins.str] name: The name to identify this role within the backend.
                Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
+        :param pulumi.Input[_builtins.str] permissions_boundary_arn: The ARN of the AWS Permissions 
                Boundary to attach to IAM users created in the role. Valid only when
                `credential_type` is `iam_user`. If not specified, then no permissions boundary
                policy will be attached.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_arns: Specifies a list of AWS managed policy ARNs. The
                behavior depends on the credential type. With `iam_user`, the policies will be
                attached to IAM users when they are requested. With `assumed_role` and
                `federation_token`, the policy ARNs will act as a filter on what the credentials
                can do, similar to `policy_document`. When `credential_type` is `iam_user` or
                `federation_token`, at least one of `policy_document` or `policy_arns` must
                be specified.
-        :param pulumi.Input[builtins.str] policy_document: The IAM policy document for the role. The
+        :param pulumi.Input[_builtins.str] policy_document: The IAM policy document for the role. The
                behavior depends on the credential type. With `iam_user`, the policy document
                will be attached to the IAM user generated and augment the permissions the IAM
                user has. With `assumed_role` and `federation_token`, the policy document will
                act as a filter on what the credentials can do, similar to `policy_arns`.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] role_arns: Specifies the ARNs of the AWS roles this Vault role
                is allowed to assume. Required when `credential_type` is `assumed_role` and
                prohibited otherwise.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] session_tags: A map of strings representing key/value pairs to be set
                during assume role creds creation. Valid only when `credential_type` is set to
                `assumed_role`.
-        :param pulumi.Input[builtins.str] user_path: The path for the user name. Valid only when 
+        :param pulumi.Input[_builtins.str] user_path: The path for the user name. Valid only when 
                `credential_type` is `iam_user`. Default is `/`.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -982,18 +981,18 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["user_path"] = user_path
         return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[builtins.str]:
+    def backend(self) -> pulumi.Output[_builtins.str]:
         """
         The path the AWS secret backend is mounted at,
         with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="credentialType")
-    def credential_type(self) -> pulumi.Output[builtins.str]:
+    def credential_type(self) -> pulumi.Output[_builtins.str]:
         """
         Specifies the type of credential to be used when
         retrieving credentials from the role. Must be one of `iam_user`, `assumed_role`, or
@@ -1001,9 +1000,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "credential_type")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="defaultStsTtl")
-    def default_sts_ttl(self) -> pulumi.Output[builtins.int]:
+    def default_sts_ttl(self) -> pulumi.Output[_builtins.int]:
         """
         The default TTL in seconds for STS credentials.
         When a TTL is not specified when STS credentials are requested,
@@ -1013,18 +1012,18 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "default_sts_ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
+    def external_id(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         External ID to set for assume role creds. 
         Valid only when `credential_type` is set to `assumed_role`.
         """
         return pulumi.get(self, "external_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="iamGroups")
-    def iam_groups(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def iam_groups(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         A list of IAM group names. IAM users generated
         against this vault role will be added to these IAM Groups. For a credential
@@ -1035,18 +1034,18 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "iam_groups")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="iamTags")
-    def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
+    def iam_tags(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
         """
         A map of strings representing key/value pairs
         to be used as tags for any IAM user that is created by this role.
         """
         return pulumi.get(self, "iam_tags")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="maxStsTtl")
-    def max_sts_ttl(self) -> pulumi.Output[builtins.int]:
+    def max_sts_ttl(self) -> pulumi.Output[_builtins.int]:
         """
         The max allowed TTL in seconds for STS credentials
         (credentials TTL are capped to `max_sts_ttl`). Valid only when `credential_type` is
@@ -1054,18 +1053,18 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "max_sts_ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> pulumi.Output[builtins.str]:
+    def name(self) -> pulumi.Output[_builtins.str]:
         """
         The name to identify this role within the backend.
         Must be unique within the backend.
         """
         return pulumi.get(self, "name")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1074,9 +1073,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="permissionsBoundaryArn")
-    def permissions_boundary_arn(self) -> pulumi.Output[Optional[builtins.str]]:
+    def permissions_boundary_arn(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The ARN of the AWS Permissions 
         Boundary to attach to IAM users created in the role. Valid only when
@@ -1085,9 +1084,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "permissions_boundary_arn")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyArns")
-    def policy_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def policy_arns(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Specifies a list of AWS managed policy ARNs. The
         behavior depends on the credential type. With `iam_user`, the policies will be
@@ -1099,9 +1098,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "policy_arns")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="policyDocument")
-    def policy_document(self) -> pulumi.Output[Optional[builtins.str]]:
+    def policy_document(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The IAM policy document for the role. The
         behavior depends on the credential type. With `iam_user`, the policy document
@@ -1111,9 +1110,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "policy_document")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleArns")
-    def role_arns(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def role_arns(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         Specifies the ARNs of the AWS roles this Vault role
         is allowed to assume. Required when `credential_type` is `assumed_role` and
@@ -1121,9 +1120,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "role_arns")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="sessionTags")
-    def session_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
+    def session_tags(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
         """
         A map of strings representing key/value pairs to be set
         during assume role creds creation. Valid only when `credential_type` is set to
@@ -1131,9 +1130,9 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "session_tags")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="userPath")
-    def user_path(self) -> pulumi.Output[Optional[builtins.str]]:
+    def user_path(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The path for the user name. Valid only when 
         `credential_type` is `iam_user`. Default is `/`.