pulumi-vault 7.2.0a1753339763__py3-none-any.whl → 7.2.0a1753398491__py3-none-any.whl

pulumi_vault/secrets/sync_aws_destination.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,45 +19,45 @@ __all__ = ['SyncAwsDestinationArgs', 'SyncAwsDestination']
 @pulumi.input_type
 class SyncAwsDestinationArgs:
     def __init__(__self__, *,
-                 access_key_id: Optional[pulumi.Input[builtins.str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 granularity: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 region: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_name_template: Optional[pulumi.Input[builtins.str]] = None):
+                 access_key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 region: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_access_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a SyncAwsDestination resource.
-        :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
-        :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[_builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
                relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
                denied errors. Ignored if the `role_arn` field is empty.
-        :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource 
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource 
                at the destination. Supports `secret-path` and `secret-key`.
-        :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] name: Unique name of the AWS destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
-        :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
+        :param pulumi.Input[_builtins.str] region: Region where to manage the secrets manager entries.
                Can be omitted and directly provided to Vault using the `AWS_REGION` environment
                variable.
-        :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
+        :param pulumi.Input[_builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
                Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
                exist for Vault to be able to assume this role. The role can be in a different account.
                The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
                It is possible to provide both an access key pair and a role to assume.
-        :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
                variable.
-        :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         """
         if access_key_id is not None:
@@ -82,9 +81,9 @@ class SyncAwsDestinationArgs:
         if secret_name_template is not None:
             pulumi.set(__self__, "secret_name_template", secret_name_template)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="accessKeyId")
-    def access_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def access_key_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Access key id to authenticate against the AWS secrets manager.
         Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
@@ -93,24 +92,24 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "access_key_id")
 
     @access_key_id.setter
-    def access_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def access_key_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "access_key_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "custom_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Optional extra protection that must match the trust policy granting access to the
         AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
@@ -121,12 +120,12 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "external_id")
 
     @external_id.setter
-    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "external_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def granularity(self) -> Optional[pulumi.Input[builtins.str]]:
+    def granularity(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Determines what level of information is synced as a distinct resource 
         at the destination. Supports `secret-path` and `secret-key`.
@@ -134,24 +133,24 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "granularity")
 
     @granularity.setter
-    def granularity(self, value: Optional[pulumi.Input[builtins.str]]):
+    def granularity(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "granularity", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique name of the AWS destination.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -160,12 +159,12 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def region(self) -> Optional[pulumi.Input[builtins.str]]:
+    def region(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Region where to manage the secrets manager entries.
         Can be omitted and directly provided to Vault using the `AWS_REGION` environment
@@ -174,12 +173,12 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "region")
 
     @region.setter
-    def region(self, value: Optional[pulumi.Input[builtins.str]]):
+    def region(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "region", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleArn")
-    def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def role_arn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies a role to assume when connecting to AWS. When assuming a role, 
         Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
@@ -190,12 +189,12 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "role_arn")
 
     @role_arn.setter
-    def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def role_arn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "role_arn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="secretAccessKey")
-    def secret_access_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def secret_access_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Secret access key to authenticate against the AWS secrets manager.
         Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
@@ -204,12 +203,12 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "secret_access_key")
 
     @secret_access_key.setter
-    def secret_access_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def secret_access_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "secret_access_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="secretNameTemplate")
-    def secret_name_template(self) -> Optional[pulumi.Input[builtins.str]]:
+    def secret_name_template(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Template describing how to generate external secret names.
         Supports a subset of the Go Template syntax.
@@ -217,55 +216,55 @@ class SyncAwsDestinationArgs:
         return pulumi.get(self, "secret_name_template")
 
     @secret_name_template.setter
-    def secret_name_template(self, value: Optional[pulumi.Input[builtins.str]]):
+    def secret_name_template(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "secret_name_template", value)
 
 
 @pulumi.input_type
 class _SyncAwsDestinationState:
     def __init__(__self__, *,
-                 access_key_id: Optional[pulumi.Input[builtins.str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 granularity: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 region: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None):
+                 access_key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 region: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_access_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering SyncAwsDestination resources.
-        :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
-        :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[_builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
                relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
                denied errors. Ignored if the `role_arn` field is empty.
-        :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource 
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource 
                at the destination. Supports `secret-path` and `secret-key`.
-        :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] name: Unique name of the AWS destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
-        :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
+        :param pulumi.Input[_builtins.str] region: Region where to manage the secrets manager entries.
                Can be omitted and directly provided to Vault using the `AWS_REGION` environment
                variable.
-        :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
+        :param pulumi.Input[_builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
                Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
                exist for Vault to be able to assume this role. The role can be in a different account.
                The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
                It is possible to provide both an access key pair and a role to assume.
-        :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
                variable.
-        :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
-        :param pulumi.Input[builtins.str] type: The type of the secrets destination (`aws-sm`).
+        :param pulumi.Input[_builtins.str] type: The type of the secrets destination (`aws-sm`).
         """
         if access_key_id is not None:
             pulumi.set(__self__, "access_key_id", access_key_id)
@@ -290,9 +289,9 @@ class _SyncAwsDestinationState:
         if type is not None:
             pulumi.set(__self__, "type", type)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="accessKeyId")
-    def access_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def access_key_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Access key id to authenticate against the AWS secrets manager.
         Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
@@ -301,24 +300,24 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "access_key_id")
 
     @access_key_id.setter
-    def access_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def access_key_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "access_key_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
+    def custom_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
     @custom_tags.setter
-    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
+    def custom_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "custom_tags", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Optional extra protection that must match the trust policy granting access to the
         AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
@@ -329,12 +328,12 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "external_id")
 
     @external_id.setter
-    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "external_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def granularity(self) -> Optional[pulumi.Input[builtins.str]]:
+    def granularity(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Determines what level of information is synced as a distinct resource 
         at the destination. Supports `secret-path` and `secret-key`.
@@ -342,24 +341,24 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "granularity")
 
     @granularity.setter
-    def granularity(self, value: Optional[pulumi.Input[builtins.str]]):
+    def granularity(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "granularity", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique name of the AWS destination.
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -368,12 +367,12 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def region(self) -> Optional[pulumi.Input[builtins.str]]:
+    def region(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Region where to manage the secrets manager entries.
         Can be omitted and directly provided to Vault using the `AWS_REGION` environment
@@ -382,12 +381,12 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "region")
 
     @region.setter
-    def region(self, value: Optional[pulumi.Input[builtins.str]]):
+    def region(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "region", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleArn")
-    def role_arn(self) -> Optional[pulumi.Input[builtins.str]]:
+    def role_arn(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies a role to assume when connecting to AWS. When assuming a role, 
         Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
@@ -398,12 +397,12 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "role_arn")
 
     @role_arn.setter
-    def role_arn(self, value: Optional[pulumi.Input[builtins.str]]):
+    def role_arn(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "role_arn", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="secretAccessKey")
-    def secret_access_key(self) -> Optional[pulumi.Input[builtins.str]]:
+    def secret_access_key(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Secret access key to authenticate against the AWS secrets manager.
         Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
@@ -412,12 +411,12 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "secret_access_key")
 
     @secret_access_key.setter
-    def secret_access_key(self, value: Optional[pulumi.Input[builtins.str]]):
+    def secret_access_key(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "secret_access_key", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="secretNameTemplate")
-    def secret_name_template(self) -> Optional[pulumi.Input[builtins.str]]:
+    def secret_name_template(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Template describing how to generate external secret names.
         Supports a subset of the Go Template syntax.
@@ -425,19 +424,19 @@ class _SyncAwsDestinationState:
         return pulumi.get(self, "secret_name_template")
 
     @secret_name_template.setter
-    def secret_name_template(self, value: Optional[pulumi.Input[builtins.str]]):
+    def secret_name_template(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "secret_name_template", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The type of the secrets destination (`aws-sm`).
         """
         return pulumi.get(self, "type")
 
     @type.setter
-    def type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
 
 
@@ -447,16 +446,16 @@ class SyncAwsDestination(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 access_key_id: Optional[pulumi.Input[builtins.str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 granularity: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 region: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
+                 access_key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 region: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_access_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -488,33 +487,33 @@ class SyncAwsDestination(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
-        :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[_builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
                relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
                denied errors. Ignored if the `role_arn` field is empty.
-        :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource 
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource 
                at the destination. Supports `secret-path` and `secret-key`.
-        :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] name: Unique name of the AWS destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
-        :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
+        :param pulumi.Input[_builtins.str] region: Region where to manage the secrets manager entries.
                Can be omitted and directly provided to Vault using the `AWS_REGION` environment
                variable.
-        :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
+        :param pulumi.Input[_builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
                Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
                exist for Vault to be able to assume this role. The role can be in a different account.
                The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
                It is possible to provide both an access key pair and a role to assume.
-        :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
                variable.
-        :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
         """
         ...
@@ -566,16 +565,16 @@ class SyncAwsDestination(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 access_key_id: Optional[pulumi.Input[builtins.str]] = None,
-                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 granularity: Optional[pulumi.Input[builtins.str]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 region: Optional[pulumi.Input[builtins.str]] = None,
-                 role_arn: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
-                 secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
+                 access_key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 granularity: Optional[pulumi.Input[_builtins.str]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 region: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_access_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -608,17 +607,17 @@ class SyncAwsDestination(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            access_key_id: Optional[pulumi.Input[builtins.str]] = None,
-            custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
-            external_id: Optional[pulumi.Input[builtins.str]] = None,
-            granularity: Optional[pulumi.Input[builtins.str]] = None,
-            name: Optional[pulumi.Input[builtins.str]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            region: Optional[pulumi.Input[builtins.str]] = None,
-            role_arn: Optional[pulumi.Input[builtins.str]] = None,
-            secret_access_key: Optional[pulumi.Input[builtins.str]] = None,
-            secret_name_template: Optional[pulumi.Input[builtins.str]] = None,
-            type: Optional[pulumi.Input[builtins.str]] = None) -> 'SyncAwsDestination':
+            access_key_id: Optional[pulumi.Input[_builtins.str]] = None,
+            custom_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
+            external_id: Optional[pulumi.Input[_builtins.str]] = None,
+            granularity: Optional[pulumi.Input[_builtins.str]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            region: Optional[pulumi.Input[_builtins.str]] = None,
+            role_arn: Optional[pulumi.Input[_builtins.str]] = None,
+            secret_access_key: Optional[pulumi.Input[_builtins.str]] = None,
+            secret_name_template: Optional[pulumi.Input[_builtins.str]] = None,
+            type: Optional[pulumi.Input[_builtins.str]] = None) -> 'SyncAwsDestination':
         """
         Get an existing SyncAwsDestination resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -626,35 +625,35 @@ class SyncAwsDestination(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] access_key_id: Access key id to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
                variable.
-        :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
-        :param pulumi.Input[builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] custom_tags: Custom tags to set on the secret managed at the destination.
+        :param pulumi.Input[_builtins.str] external_id: Optional extra protection that must match the trust policy granting access to the
                AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
                The field is mutable with no special condition, but users must be careful that the new value fits with the trust
                relationship condition they set on AWS otherwise sync operations will start to fail due to client-side access
                denied errors. Ignored if the `role_arn` field is empty.
-        :param pulumi.Input[builtins.str] granularity: Determines what level of information is synced as a distinct resource 
+        :param pulumi.Input[_builtins.str] granularity: Determines what level of information is synced as a distinct resource 
                at the destination. Supports `secret-path` and `secret-key`.
-        :param pulumi.Input[builtins.str] name: Unique name of the AWS destination.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] name: Unique name of the AWS destination.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
-        :param pulumi.Input[builtins.str] region: Region where to manage the secrets manager entries.
+        :param pulumi.Input[_builtins.str] region: Region where to manage the secrets manager entries.
                Can be omitted and directly provided to Vault using the `AWS_REGION` environment
                variable.
-        :param pulumi.Input[builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
+        :param pulumi.Input[_builtins.str] role_arn: Specifies a role to assume when connecting to AWS. When assuming a role, 
                Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
                exist for Vault to be able to assume this role. The role can be in a different account.
                The value is mutable as long as the new role targets the same AWS account ID. If not, the BE will return an error.
                It is possible to provide both an access key pair and a role to assume.
-        :param pulumi.Input[builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
+        :param pulumi.Input[_builtins.str] secret_access_key: Secret access key to authenticate against the AWS secrets manager.
                Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
                variable.
-        :param pulumi.Input[builtins.str] secret_name_template: Template describing how to generate external secret names.
+        :param pulumi.Input[_builtins.str] secret_name_template: Template describing how to generate external secret names.
                Supports a subset of the Go Template syntax.
-        :param pulumi.Input[builtins.str] type: The type of the secrets destination (`aws-sm`).
+        :param pulumi.Input[_builtins.str] type: The type of the secrets destination (`aws-sm`).
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -673,9 +672,9 @@ class SyncAwsDestination(pulumi.CustomResource):
         __props__.__dict__["type"] = type
         return SyncAwsDestination(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="accessKeyId")
-    def access_key_id(self) -> pulumi.Output[Optional[builtins.str]]:
+    def access_key_id(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Access key id to authenticate against the AWS secrets manager.
         Can be omitted and directly provided to Vault using the `AWS_ACCESS_KEY_ID` environment
@@ -683,17 +682,17 @@ class SyncAwsDestination(pulumi.CustomResource):
         """
         return pulumi.get(self, "access_key_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="customTags")
-    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
+    def custom_tags(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
         """
         Custom tags to set on the secret managed at the destination.
         """
         return pulumi.get(self, "custom_tags")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
+    def external_id(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Optional extra protection that must match the trust policy granting access to the
         AWS IAM role ARN. We recommend using a different random UUID per destination. The value is generated by users.
@@ -703,26 +702,26 @@ class SyncAwsDestination(pulumi.CustomResource):
         """
         return pulumi.get(self, "external_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def granularity(self) -> pulumi.Output[Optional[builtins.str]]:
+    def granularity(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Determines what level of information is synced as a distinct resource 
         at the destination. Supports `secret-path` and `secret-key`.
         """
         return pulumi.get(self, "granularity")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> pulumi.Output[builtins.str]:
+    def name(self) -> pulumi.Output[_builtins.str]:
         """
         Unique name of the AWS destination.
         """
         return pulumi.get(self, "name")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -730,9 +729,9 @@ class SyncAwsDestination(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def region(self) -> pulumi.Output[Optional[builtins.str]]:
+    def region(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Region where to manage the secrets manager entries.
         Can be omitted and directly provided to Vault using the `AWS_REGION` environment
@@ -740,9 +739,9 @@ class SyncAwsDestination(pulumi.CustomResource):
         """
         return pulumi.get(self, "region")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleArn")
-    def role_arn(self) -> pulumi.Output[Optional[builtins.str]]:
+    def role_arn(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies a role to assume when connecting to AWS. When assuming a role, 
         Vault uses temporary STS credentials to authenticate. An initial session with the proper trust relationship must
@@ -752,9 +751,9 @@ class SyncAwsDestination(pulumi.CustomResource):
         """
         return pulumi.get(self, "role_arn")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="secretAccessKey")
-    def secret_access_key(self) -> pulumi.Output[Optional[builtins.str]]:
+    def secret_access_key(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Secret access key to authenticate against the AWS secrets manager.
         Can be omitted and directly provided to Vault using the `AWS_SECRET_ACCESS_KEY` environment
@@ -762,18 +761,18 @@ class SyncAwsDestination(pulumi.CustomResource):
         """
         return pulumi.get(self, "secret_access_key")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="secretNameTemplate")
-    def secret_name_template(self) -> pulumi.Output[builtins.str]:
+    def secret_name_template(self) -> pulumi.Output[_builtins.str]:
         """
         Template describing how to generate external secret names.
         Supports a subset of the Go Template syntax.
         """
         return pulumi.get(self, "secret_name_template")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> pulumi.Output[builtins.str]:
+    def type(self) -> pulumi.Output[_builtins.str]:
         """
         The type of the secrets destination (`aws-sm`).
         """