pulumi-vault 7.2.0a1753339763__py3-none-any.whl → 7.2.0a1753512474__py3-none-any.whl

pulumi_vault/kubernetes/auth_backend_config.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,31 +19,31 @@ __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
 @pulumi.input_type
 class AuthBackendConfigArgs:
     def __init__(__self__, *,
-                 kubernetes_host: pulumi.Input[builtins.str],
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_iss_validation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 token_reviewer_jwt: Optional[pulumi.Input[builtins.str]] = None,
-                 use_annotations_as_alias_metadata: Optional[pulumi.Input[builtins.bool]] = None):
+                 kubernetes_host: pulumi.Input[_builtins.str],
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_iss_validation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 token_reviewer_jwt: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_annotations_as_alias_metadata: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         The set of arguments for constructing a AuthBackendConfig resource.
-        :param pulumi.Input[builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-        :param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
-        :param pulumi.Input[builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the kubernetes backend to configure.
+        :param pulumi.Input[_builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-        :param pulumi.Input[builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
-        :param pulumi.Input[builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+        :param pulumi.Input[_builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
+        :param pulumi.Input[_builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
         pulumi.set(__self__, "kubernetes_host", kubernetes_host)
         if backend is not None:
@@ -66,81 +65,81 @@ class AuthBackendConfigArgs:
         if use_annotations_as_alias_metadata is not None:
             pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> pulumi.Input[builtins.str]:
+    def kubernetes_host(self) -> pulumi.Input[_builtins.str]:
         """
         Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
         """
         return pulumi.get(self, "kubernetes_host")
 
     @kubernetes_host.setter
-    def kubernetes_host(self, value: pulumi.Input[builtins.str]):
+    def kubernetes_host(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "kubernetes_host", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique name of the kubernetes backend to configure.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableIssValidation")
-    def disable_iss_validation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_iss_validation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_iss_validation")
 
     @disable_iss_validation.setter
-    def disable_iss_validation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_iss_validation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_iss_validation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_local_ca_jwt")
 
     @disable_local_ca_jwt.setter
-    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_local_ca_jwt", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def issuer(self) -> Optional[pulumi.Input[builtins.str]]:
+    def issuer(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
         """
         return pulumi.get(self, "issuer")
 
     @issuer.setter
-    def issuer(self, value: Optional[pulumi.Input[builtins.str]]):
+    def issuer(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "issuer", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
         """
         return pulumi.get(self, "kubernetes_ca_cert")
 
     @kubernetes_ca_cert.setter
-    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_ca_cert", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -150,74 +149,74 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pemKeys")
-    def pem_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def pem_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
         """
         return pulumi.get(self, "pem_keys")
 
     @pem_keys.setter
-    def pem_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def pem_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "pem_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenReviewerJwt")
-    def token_reviewer_jwt(self) -> Optional[pulumi.Input[builtins.str]]:
+    def token_reviewer_jwt(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
         """
         return pulumi.get(self, "token_reviewer_jwt")
 
     @token_reviewer_jwt.setter
-    def token_reviewer_jwt(self, value: Optional[pulumi.Input[builtins.str]]):
+    def token_reviewer_jwt(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "token_reviewer_jwt", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useAnnotationsAsAliasMetadata")
-    def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
         return pulumi.get(self, "use_annotations_as_alias_metadata")
 
     @use_annotations_as_alias_metadata.setter
-    def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_annotations_as_alias_metadata", value)
 
 
 @pulumi.input_type
 class _AuthBackendConfigState:
     def __init__(__self__, *,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_iss_validation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 token_reviewer_jwt: Optional[pulumi.Input[builtins.str]] = None,
-                 use_annotations_as_alias_metadata: Optional[pulumi.Input[builtins.bool]] = None):
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_iss_validation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 token_reviewer_jwt: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_annotations_as_alias_metadata: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         Input properties used for looking up and filtering AuthBackendConfig resources.
-        :param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
-        :param pulumi.Input[builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-        :param pulumi.Input[builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the kubernetes backend to configure.
+        :param pulumi.Input[_builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+        :param pulumi.Input[_builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-        :param pulumi.Input[builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
-        :param pulumi.Input[builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+        :param pulumi.Input[_builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
+        :param pulumi.Input[_builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
@@ -240,81 +239,81 @@ class _AuthBackendConfigState:
         if use_annotations_as_alias_metadata is not None:
             pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Unique name of the kubernetes backend to configure.
         """
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableIssValidation")
-    def disable_iss_validation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_iss_validation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_iss_validation")
 
     @disable_iss_validation.setter
-    def disable_iss_validation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_iss_validation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_iss_validation", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_local_ca_jwt(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_local_ca_jwt")
 
     @disable_local_ca_jwt.setter
-    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_local_ca_jwt(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_local_ca_jwt", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def issuer(self) -> Optional[pulumi.Input[builtins.str]]:
+    def issuer(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
         """
         return pulumi.get(self, "issuer")
 
     @issuer.setter
-    def issuer(self, value: Optional[pulumi.Input[builtins.str]]):
+    def issuer(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "issuer", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_ca_cert(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
         """
         return pulumi.get(self, "kubernetes_ca_cert")
 
     @kubernetes_ca_cert.setter
-    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_ca_cert(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_ca_cert", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> Optional[pulumi.Input[builtins.str]]:
+    def kubernetes_host(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
         """
         return pulumi.get(self, "kubernetes_host")
 
     @kubernetes_host.setter
-    def kubernetes_host(self, value: Optional[pulumi.Input[builtins.str]]):
+    def kubernetes_host(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "kubernetes_host", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -324,43 +323,43 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pemKeys")
-    def pem_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
+    def pem_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
         """
         List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
         """
         return pulumi.get(self, "pem_keys")
 
     @pem_keys.setter
-    def pem_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
+    def pem_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "pem_keys", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenReviewerJwt")
-    def token_reviewer_jwt(self) -> Optional[pulumi.Input[builtins.str]]:
+    def token_reviewer_jwt(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
         """
         return pulumi.get(self, "token_reviewer_jwt")
 
     @token_reviewer_jwt.setter
-    def token_reviewer_jwt(self, value: Optional[pulumi.Input[builtins.str]]):
+    def token_reviewer_jwt(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "token_reviewer_jwt", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useAnnotationsAsAliasMetadata")
-    def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def use_annotations_as_alias_metadata(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
         return pulumi.get(self, "use_annotations_as_alias_metadata")
 
     @use_annotations_as_alias_metadata.setter
-    def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def use_annotations_as_alias_metadata(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "use_annotations_as_alias_metadata", value)
 
 
@@ -370,16 +369,16 @@ class AuthBackendConfig(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_iss_validation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 token_reviewer_jwt: Optional[pulumi.Input[builtins.str]] = None,
-                 use_annotations_as_alias_metadata: Optional[pulumi.Input[builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_iss_validation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 token_reviewer_jwt: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_annotations_as_alias_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         """
         Manages an Kubernetes auth backend config in a Vault server. See the [Vault
@@ -414,19 +413,19 @@ class AuthBackendConfig(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
-        :param pulumi.Input[builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-        :param pulumi.Input[builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the kubernetes backend to configure.
+        :param pulumi.Input[_builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+        :param pulumi.Input[_builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-        :param pulumi.Input[builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
-        :param pulumi.Input[builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+        :param pulumi.Input[_builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
+        :param pulumi.Input[_builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
         ...
     @overload
@@ -480,16 +479,16 @@ class AuthBackendConfig(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 disable_iss_validation: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-                 issuer: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-                 kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-                 token_reviewer_jwt: Optional[pulumi.Input[builtins.str]] = None,
-                 use_annotations_as_alias_metadata: Optional[pulumi.Input[builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disable_iss_validation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+                 issuer: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+                 kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 token_reviewer_jwt: Optional[pulumi.Input[_builtins.str]] = None,
+                 use_annotations_as_alias_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -523,16 +522,16 @@ class AuthBackendConfig(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            backend: Optional[pulumi.Input[builtins.str]] = None,
-            disable_iss_validation: Optional[pulumi.Input[builtins.bool]] = None,
-            disable_local_ca_jwt: Optional[pulumi.Input[builtins.bool]] = None,
-            issuer: Optional[pulumi.Input[builtins.str]] = None,
-            kubernetes_ca_cert: Optional[pulumi.Input[builtins.str]] = None,
-            kubernetes_host: Optional[pulumi.Input[builtins.str]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
-            token_reviewer_jwt: Optional[pulumi.Input[builtins.str]] = None,
-            use_annotations_as_alias_metadata: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackendConfig':
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            disable_iss_validation: Optional[pulumi.Input[_builtins.bool]] = None,
+            disable_local_ca_jwt: Optional[pulumi.Input[_builtins.bool]] = None,
+            issuer: Optional[pulumi.Input[_builtins.str]] = None,
+            kubernetes_ca_cert: Optional[pulumi.Input[_builtins.str]] = None,
+            kubernetes_host: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            pem_keys: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            token_reviewer_jwt: Optional[pulumi.Input[_builtins.str]] = None,
+            use_annotations_as_alias_metadata: Optional[pulumi.Input[_builtins.bool]] = None) -> 'AuthBackendConfig':
         """
         Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -540,19 +539,19 @@ class AuthBackendConfig(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] backend: Unique name of the kubernetes backend to configure.
-        :param pulumi.Input[builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-        :param pulumi.Input[builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-        :param pulumi.Input[builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-        :param pulumi.Input[builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.str] backend: Unique name of the kubernetes backend to configure.
+        :param pulumi.Input[_builtins.bool] disable_iss_validation: Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.bool] disable_local_ca_jwt: Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+        :param pulumi.Input[_builtins.str] issuer: JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+        :param pulumi.Input[_builtins.str] kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+        :param pulumi.Input[_builtins.str] kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured namespace.
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-        :param pulumi.Input[builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
-        :param pulumi.Input[builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] pem_keys: List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+        :param pulumi.Input[_builtins.str] token_reviewer_jwt: A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
+        :param pulumi.Input[_builtins.bool] use_annotations_as_alias_metadata: Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -570,57 +569,57 @@ class AuthBackendConfig(pulumi.CustomResource):
         __props__.__dict__["use_annotations_as_alias_metadata"] = use_annotations_as_alias_metadata
         return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[Optional[builtins.str]]:
+    def backend(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Unique name of the kubernetes backend to configure.
         """
         return pulumi.get(self, "backend")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableIssValidation")
-    def disable_iss_validation(self) -> pulumi.Output[builtins.bool]:
+    def disable_iss_validation(self) -> pulumi.Output[_builtins.bool]:
         """
         Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_iss_validation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> pulumi.Output[builtins.bool]:
+    def disable_local_ca_jwt(self) -> pulumi.Output[_builtins.bool]:
         """
         Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_local_ca_jwt")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def issuer(self) -> pulumi.Output[Optional[builtins.str]]:
+    def issuer(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
         """
         return pulumi.get(self, "issuer")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> pulumi.Output[builtins.str]:
+    def kubernetes_ca_cert(self) -> pulumi.Output[_builtins.str]:
         """
         PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
         """
         return pulumi.get(self, "kubernetes_ca_cert")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> pulumi.Output[builtins.str]:
+    def kubernetes_host(self) -> pulumi.Output[_builtins.str]:
         """
         Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
         """
         return pulumi.get(self, "kubernetes_host")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -629,25 +628,25 @@ class AuthBackendConfig(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pemKeys")
-    def pem_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
+    def pem_keys(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
         """
         List of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
         """
         return pulumi.get(self, "pem_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenReviewerJwt")
-    def token_reviewer_jwt(self) -> pulumi.Output[Optional[builtins.str]]:
+    def token_reviewer_jwt(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A service account JWT (or other token) used as a bearer token to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API.
         """
         return pulumi.get(self, "token_reviewer_jwt")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useAnnotationsAsAliasMetadata")
-    def use_annotations_as_alias_metadata(self) -> pulumi.Output[builtins.bool]:
+    def use_annotations_as_alias_metadata(self) -> pulumi.Output[_builtins.bool]:
         """
         Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """