pulumi-vault 7.2.0a1753339763__py3-none-any.whl → 7.2.0a1753512474__py3-none-any.whl

pulumi_vault/kubernetes/get_auth_backend_config.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -59,75 +58,75 @@ class GetAuthBackendConfigResult:
             raise TypeError("Expected argument 'use_annotations_as_alias_metadata' to be a bool")
         pulumi.set(__self__, "use_annotations_as_alias_metadata", use_annotations_as_alias_metadata)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[builtins.str]:
+    def backend(self) -> Optional[_builtins.str]:
         return pulumi.get(self, "backend")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableIssValidation")
-    def disable_iss_validation(self) -> builtins.bool:
+    def disable_iss_validation(self) -> _builtins.bool:
         """
         (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_iss_validation")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableLocalCaJwt")
-    def disable_local_ca_jwt(self) -> builtins.bool:
+    def disable_local_ca_jwt(self) -> _builtins.bool:
         """
         (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
         """
         return pulumi.get(self, "disable_local_ca_jwt")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def id(self) -> builtins.str:
+    def id(self) -> _builtins.str:
         """
         The provider-assigned unique ID for this managed resource.
         """
         return pulumi.get(self, "id")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def issuer(self) -> builtins.str:
+    def issuer(self) -> _builtins.str:
         """
         Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
         """
         return pulumi.get(self, "issuer")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesCaCert")
-    def kubernetes_ca_cert(self) -> builtins.str:
+    def kubernetes_ca_cert(self) -> _builtins.str:
         """
         PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
         """
         return pulumi.get(self, "kubernetes_ca_cert")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="kubernetesHost")
-    def kubernetes_host(self) -> builtins.str:
+    def kubernetes_host(self) -> _builtins.str:
         """
         Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
         """
         return pulumi.get(self, "kubernetes_host")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[builtins.str]:
+    def namespace(self) -> Optional[_builtins.str]:
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="pemKeys")
-    def pem_keys(self) -> Sequence[builtins.str]:
+    def pem_keys(self) -> Sequence[_builtins.str]:
         """
         Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
         """
         return pulumi.get(self, "pem_keys")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="useAnnotationsAsAliasMetadata")
-    def use_annotations_as_alias_metadata(self) -> builtins.bool:
+    def use_annotations_as_alias_metadata(self) -> _builtins.bool:
         """
         (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
         """
@@ -152,15 +151,15 @@ class AwaitableGetAuthBackendConfigResult(GetAuthBackendConfigResult):
             use_annotations_as_alias_metadata=self.use_annotations_as_alias_metadata)
 
 
-def get_auth_backend_config(backend: Optional[builtins.str] = None,
-                            disable_iss_validation: Optional[builtins.bool] = None,
-                            disable_local_ca_jwt: Optional[builtins.bool] = None,
-                            issuer: Optional[builtins.str] = None,
-                            kubernetes_ca_cert: Optional[builtins.str] = None,
-                            kubernetes_host: Optional[builtins.str] = None,
-                            namespace: Optional[builtins.str] = None,
-                            pem_keys: Optional[Sequence[builtins.str]] = None,
-                            use_annotations_as_alias_metadata: Optional[builtins.bool] = None,
+def get_auth_backend_config(backend: Optional[_builtins.str] = None,
+                            disable_iss_validation: Optional[_builtins.bool] = None,
+                            disable_local_ca_jwt: Optional[_builtins.bool] = None,
+                            issuer: Optional[_builtins.str] = None,
+                            kubernetes_ca_cert: Optional[_builtins.str] = None,
+                            kubernetes_host: Optional[_builtins.str] = None,
+                            namespace: Optional[_builtins.str] = None,
+                            pem_keys: Optional[Sequence[_builtins.str]] = None,
+                            use_annotations_as_alias_metadata: Optional[_builtins.bool] = None,
                             opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendConfigResult:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -168,19 +167,19 @@ def get_auth_backend_config(backend: Optional[builtins.str] = None,
     information.
 
 
-    :param builtins.str backend: The unique name for the Kubernetes backend the config to
+    :param _builtins.str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-    :param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-    :param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-    :param builtins.str namespace: The namespace of the target resource.
+    :param _builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param _builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param _builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+    :param _builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+    :param _builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+    :param _builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-    :param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+    :param Sequence[_builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+    :param _builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
     __args__ = dict()
     __args__['backend'] = backend
@@ -206,15 +205,15 @@ def get_auth_backend_config(backend: Optional[builtins.str] = None,
         namespace=pulumi.get(__ret__, 'namespace'),
         pem_keys=pulumi.get(__ret__, 'pem_keys'),
         use_annotations_as_alias_metadata=pulumi.get(__ret__, 'use_annotations_as_alias_metadata'))
-def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                   disable_iss_validation: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
-                                   disable_local_ca_jwt: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
-                                   issuer: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                   kubernetes_ca_cert: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                   kubernetes_host: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                   namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                   pem_keys: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
-                                   use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
+def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                   disable_iss_validation: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
+                                   disable_local_ca_jwt: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
+                                   issuer: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                   kubernetes_ca_cert: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                   kubernetes_host: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                   namespace: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                   pem_keys: Optional[pulumi.Input[Optional[Sequence[_builtins.str]]]] = None,
+                                   use_annotations_as_alias_metadata: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
                                    opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendConfigResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -222,19 +221,19 @@ def get_auth_backend_config_output(backend: Optional[pulumi.Input[Optional[built
     information.
 
 
-    :param builtins.str backend: The unique name for the Kubernetes backend the config to
+    :param _builtins.str backend: The unique name for the Kubernetes backend the config to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
-    :param builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
-    :param builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
-    :param builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
-    :param builtins.str namespace: The namespace of the target resource.
+    :param _builtins.bool disable_iss_validation: (Optional) Disable JWT issuer validation. Allows to skip ISS validation. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param _builtins.bool disable_local_ca_jwt: (Optional) Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod. Requires Vault `v1.5.4+` or Vault auth kubernetes plugin `v0.7.1+`
+    :param _builtins.str issuer: Optional JWT issuer. If no issuer is specified, `kubernetes.io/serviceaccount` will be used as the default issuer.
+    :param _builtins.str kubernetes_ca_cert: PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API.
+    :param _builtins.str kubernetes_host: Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.
+    :param _builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param Sequence[builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
-    :param builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
+    :param Sequence[_builtins.str] pem_keys: Optional list of PEM-formatted public keys or certificates used to verify the signatures of Kubernetes service account JWTs. If a certificate is given, its public key will be extracted. Not every installation of Kubernetes exposes these keys.
+    :param _builtins.bool use_annotations_as_alias_metadata: (Optional) Use annotations from the client token's associated service account as alias metadata for the Vault entity. Requires Vault `v1.16+` or Vault auth kubernetes plugin `v0.18.0+`
     """
     __args__ = dict()
     __args__['backend'] = backend

pulumi_vault/kubernetes/get_auth_backend_role.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -80,64 +79,64 @@ class GetAuthBackendRoleResult:
             raise TypeError("Expected argument 'token_type' to be a str")
         pulumi.set(__self__, "token_type", token_type)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="aliasNameSource")
-    def alias_name_source(self) -> builtins.str:
+    def alias_name_source(self) -> _builtins.str:
         """
         Method used for generating identity aliases. (vault-1.9+)
         """
         return pulumi.get(self, "alias_name_source")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def audience(self) -> Optional[builtins.str]:
+    def audience(self) -> Optional[_builtins.str]:
         """
         Audience claim to verify in the JWT.
         """
         return pulumi.get(self, "audience")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[builtins.str]:
+    def backend(self) -> Optional[_builtins.str]:
         return pulumi.get(self, "backend")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="boundServiceAccountNames")
-    def bound_service_account_names(self) -> Sequence[builtins.str]:
+    def bound_service_account_names(self) -> Sequence[_builtins.str]:
         """
         List of service account names able to access this role. If set to "*" all names are allowed, both this and bound_service_account_namespaces can not be "*".
         """
         return pulumi.get(self, "bound_service_account_names")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="boundServiceAccountNamespaces")
-    def bound_service_account_namespaces(self) -> Sequence[builtins.str]:
+    def bound_service_account_namespaces(self) -> Sequence[_builtins.str]:
         """
         List of namespaces allowed to access this role. If set to "*" all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
         """
         return pulumi.get(self, "bound_service_account_namespaces")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def id(self) -> builtins.str:
+    def id(self) -> _builtins.str:
         """
         The provider-assigned unique ID for this managed resource.
         """
         return pulumi.get(self, "id")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[builtins.str]:
+    def namespace(self) -> Optional[_builtins.str]:
         return pulumi.get(self, "namespace")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="roleName")
-    def role_name(self) -> builtins.str:
+    def role_name(self) -> _builtins.str:
         return pulumi.get(self, "role_name")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenBoundCidrs")
-    def token_bound_cidrs(self) -> Optional[Sequence[builtins.str]]:
+    def token_bound_cidrs(self) -> Optional[Sequence[_builtins.str]]:
         """
         List of CIDR blocks; if set, specifies blocks of IP
         addresses which can authenticate successfully, and ties the resulting token to these blocks
@@ -145,9 +144,9 @@ class GetAuthBackendRoleResult:
         """
         return pulumi.get(self, "token_bound_cidrs")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenExplicitMaxTtl")
-    def token_explicit_max_ttl(self) -> Optional[builtins.int]:
+    def token_explicit_max_ttl(self) -> Optional[_builtins.int]:
         """
         If set, will encode an
         [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
@@ -156,27 +155,27 @@ class GetAuthBackendRoleResult:
         """
         return pulumi.get(self, "token_explicit_max_ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenMaxTtl")
-    def token_max_ttl(self) -> Optional[builtins.int]:
+    def token_max_ttl(self) -> Optional[_builtins.int]:
         """
         The maximum lifetime for generated tokens in number of seconds.
         Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_max_ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenNoDefaultPolicy")
-    def token_no_default_policy(self) -> Optional[builtins.bool]:
+    def token_no_default_policy(self) -> Optional[_builtins.bool]:
         """
         If set, the default policy will not be set on
         generated tokens; otherwise it will be added to the policies set in token_policies.
         """
         return pulumi.get(self, "token_no_default_policy")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenNumUses")
-    def token_num_uses(self) -> Optional[builtins.int]:
+    def token_num_uses(self) -> Optional[_builtins.int]:
         """
         The
         [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
@@ -184,9 +183,9 @@ class GetAuthBackendRoleResult:
         """
         return pulumi.get(self, "token_num_uses")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenPeriod")
-    def token_period(self) -> Optional[builtins.int]:
+    def token_period(self) -> Optional[_builtins.int]:
         """
         (Optional) If set, indicates that the
         token generated using this role should never expire. The token should be renewed within the
@@ -195,27 +194,27 @@ class GetAuthBackendRoleResult:
         """
         return pulumi.get(self, "token_period")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenPolicies")
-    def token_policies(self) -> Optional[Sequence[builtins.str]]:
+    def token_policies(self) -> Optional[Sequence[_builtins.str]]:
         """
         List of policies to encode onto generated tokens. Depending
         on the auth method, this list may be supplemented by user/group/other values.
         """
         return pulumi.get(self, "token_policies")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenTtl")
-    def token_ttl(self) -> Optional[builtins.int]:
+    def token_ttl(self) -> Optional[_builtins.int]:
         """
         The incremental lifetime for generated tokens in number of seconds.
         Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_ttl")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="tokenType")
-    def token_type(self) -> Optional[builtins.str]:
+    def token_type(self) -> Optional[_builtins.str]:
         """
         The type of token that should be generated. Can be `service`,
         `batch`, or `default` to use the mount's tuned default (which unless changed will be
@@ -251,19 +250,19 @@ class AwaitableGetAuthBackendRoleResult(GetAuthBackendRoleResult):
             token_type=self.token_type)
 
 
-def get_auth_backend_role(audience: Optional[builtins.str] = None,
-                          backend: Optional[builtins.str] = None,
-                          namespace: Optional[builtins.str] = None,
-                          role_name: Optional[builtins.str] = None,
-                          token_bound_cidrs: Optional[Sequence[builtins.str]] = None,
-                          token_explicit_max_ttl: Optional[builtins.int] = None,
-                          token_max_ttl: Optional[builtins.int] = None,
-                          token_no_default_policy: Optional[builtins.bool] = None,
-                          token_num_uses: Optional[builtins.int] = None,
-                          token_period: Optional[builtins.int] = None,
-                          token_policies: Optional[Sequence[builtins.str]] = None,
-                          token_ttl: Optional[builtins.int] = None,
-                          token_type: Optional[builtins.str] = None,
+def get_auth_backend_role(audience: Optional[_builtins.str] = None,
+                          backend: Optional[_builtins.str] = None,
+                          namespace: Optional[_builtins.str] = None,
+                          role_name: Optional[_builtins.str] = None,
+                          token_bound_cidrs: Optional[Sequence[_builtins.str]] = None,
+                          token_explicit_max_ttl: Optional[_builtins.int] = None,
+                          token_max_ttl: Optional[_builtins.int] = None,
+                          token_no_default_policy: Optional[_builtins.bool] = None,
+                          token_num_uses: Optional[_builtins.int] = None,
+                          token_period: Optional[_builtins.int] = None,
+                          token_policies: Optional[Sequence[_builtins.str]] = None,
+                          token_ttl: Optional[_builtins.int] = None,
+                          token_type: Optional[_builtins.str] = None,
                           opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendRoleResult:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -271,37 +270,37 @@ def get_auth_backend_role(audience: Optional[builtins.str] = None,
     information.
 
 
-    :param builtins.str audience: Audience claim to verify in the JWT.
-    :param builtins.str backend: The unique name for the Kubernetes backend the role to
+    :param _builtins.str audience: Audience claim to verify in the JWT.
+    :param _builtins.str backend: The unique name for the Kubernetes backend the role to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param builtins.str namespace: The namespace of the target resource.
+    :param _builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param builtins.str role_name: The name of the role to retrieve the Role attributes for.
-    :param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+    :param _builtins.str role_name: The name of the role to retrieve the Role attributes for.
+    :param Sequence[_builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
            addresses which can authenticate successfully, and ties the resulting token to these blocks
            as well.
-    :param builtins.int token_explicit_max_ttl: If set, will encode an
+    :param _builtins.int token_explicit_max_ttl: If set, will encode an
            [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
            onto the token in number of seconds. This is a hard cap even if `token_ttl` and
            `token_max_ttl` would otherwise allow a renewal.
-    :param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+    :param _builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param builtins.bool token_no_default_policy: If set, the default policy will not be set on
+    :param _builtins.bool token_no_default_policy: If set, the default policy will not be set on
            generated tokens; otherwise it will be added to the policies set in token_policies.
-    :param builtins.int token_num_uses: The
+    :param _builtins.int token_num_uses: The
            [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
            if any, in number of seconds to set on the token.
-    :param builtins.int token_period: (Optional) If set, indicates that the
+    :param _builtins.int token_period: (Optional) If set, indicates that the
            token generated using this role should never expire. The token should be renewed within the
            duration specified by this value. At each renewal, the token's TTL will be set to the
            value of this field. Specified in seconds.
-    :param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
+    :param Sequence[_builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
            on the auth method, this list may be supplemented by user/group/other values.
-    :param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
+    :param _builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param builtins.str token_type: The type of token that should be generated. Can be `service`,
+    :param _builtins.str token_type: The type of token that should be generated. Can be `service`,
            `batch`, or `default` to use the mount's tuned default (which unless changed will be
            `service` tokens). For token store roles, there are two additional possibilities:
            `default-service` and `default-batch` which specify the type to return unless the client
@@ -342,19 +341,19 @@ def get_auth_backend_role(audience: Optional[builtins.str] = None,
         token_policies=pulumi.get(__ret__, 'token_policies'),
         token_ttl=pulumi.get(__ret__, 'token_ttl'),
         token_type=pulumi.get(__ret__, 'token_type'))
-def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                 backend: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                 namespace: Optional[pulumi.Input[Optional[builtins.str]]] = None,
-                                 role_name: Optional[pulumi.Input[builtins.str]] = None,
-                                 token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
-                                 token_explicit_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
-                                 token_max_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
-                                 token_no_default_policy: Optional[pulumi.Input[Optional[builtins.bool]]] = None,
-                                 token_num_uses: Optional[pulumi.Input[Optional[builtins.int]]] = None,
-                                 token_period: Optional[pulumi.Input[Optional[builtins.int]]] = None,
-                                 token_policies: Optional[pulumi.Input[Optional[Sequence[builtins.str]]]] = None,
-                                 token_ttl: Optional[pulumi.Input[Optional[builtins.int]]] = None,
-                                 token_type: Optional[pulumi.Input[Optional[builtins.str]]] = None,
+def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                 backend: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                 namespace: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                                 token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[_builtins.str]]]] = None,
+                                 token_explicit_max_ttl: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_max_ttl: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_no_default_policy: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
+                                 token_num_uses: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_period: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_policies: Optional[pulumi.Input[Optional[Sequence[_builtins.str]]]] = None,
+                                 token_ttl: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_type: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
                                  opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
     """
     Reads the Role of an Kubernetes from a Vault server. See the [Vault
@@ -362,37 +361,37 @@ def get_auth_backend_role_output(audience: Optional[pulumi.Input[Optional[builti
     information.
 
 
-    :param builtins.str audience: Audience claim to verify in the JWT.
-    :param builtins.str backend: The unique name for the Kubernetes backend the role to
+    :param _builtins.str audience: Audience claim to verify in the JWT.
+    :param _builtins.str backend: The unique name for the Kubernetes backend the role to
            retrieve Role attributes for resides in. Defaults to "kubernetes".
-    :param builtins.str namespace: The namespace of the target resource.
+    :param _builtins.str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured namespace.
            *Available only for Vault Enterprise*.
-    :param builtins.str role_name: The name of the role to retrieve the Role attributes for.
-    :param Sequence[builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+    :param _builtins.str role_name: The name of the role to retrieve the Role attributes for.
+    :param Sequence[_builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
            addresses which can authenticate successfully, and ties the resulting token to these blocks
            as well.
-    :param builtins.int token_explicit_max_ttl: If set, will encode an
+    :param _builtins.int token_explicit_max_ttl: If set, will encode an
            [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
            onto the token in number of seconds. This is a hard cap even if `token_ttl` and
            `token_max_ttl` would otherwise allow a renewal.
-    :param builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+    :param _builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param builtins.bool token_no_default_policy: If set, the default policy will not be set on
+    :param _builtins.bool token_no_default_policy: If set, the default policy will not be set on
            generated tokens; otherwise it will be added to the policies set in token_policies.
-    :param builtins.int token_num_uses: The
+    :param _builtins.int token_num_uses: The
            [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
            if any, in number of seconds to set on the token.
-    :param builtins.int token_period: (Optional) If set, indicates that the
+    :param _builtins.int token_period: (Optional) If set, indicates that the
            token generated using this role should never expire. The token should be renewed within the
            duration specified by this value. At each renewal, the token's TTL will be set to the
            value of this field. Specified in seconds.
-    :param Sequence[builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
+    :param Sequence[_builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
            on the auth method, this list may be supplemented by user/group/other values.
-    :param builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
+    :param _builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
            Its current value will be referenced at renewal time.
-    :param builtins.str token_type: The type of token that should be generated. Can be `service`,
+    :param _builtins.str token_type: The type of token that should be generated. Can be `service`,
            `batch`, or `default` to use the mount's tuned default (which unless changed will be
            `service` tokens). For token store roles, there are two additional possibilities:
            `default-service` and `default-batch` which specify the type to return unless the client