PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/aws/auth_backend_config_identity.py ADDED Viewed

@@ -0,0 +1,494 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = ['AuthBackendConfigIdentityArgs', 'AuthBackendConfigIdentity']
+@pulumi.input_type
+class AuthBackendConfigIdentityArgs:
+    def __init__(__self__, *,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        The set of arguments for constructing a AuthBackendConfigIdentity resource.
+        :param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
+               mounted at.  Defaults to `aws`.
+        :param pulumi.Input[_builtins.str] ec2_alias: How to generate the identity alias when using the ec2 auth method. Valid choices are
+               `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ec2_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `ec2_alias`
+        :param pulumi.Input[_builtins.str] iam_alias: How to generate the identity alias when using the iam auth method. Valid choices are
+               `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `iam_alias`
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        """
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if ec2_alias is not None:
+            pulumi.set(__self__, "ec2_alias", ec2_alias)
+        if ec2_metadatas is not None:
+            pulumi.set(__self__, "ec2_metadatas", ec2_metadatas)
+        if iam_alias is not None:
+            pulumi.set(__self__, "iam_alias", iam_alias)
+        if iam_metadatas is not None:
+            pulumi.set(__self__, "iam_metadatas", iam_metadatas)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The path the AWS auth backend being configured was
+        mounted at.  Defaults to `aws`.
+        """
+        return pulumi.get(self, "backend")
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+    @_builtins.property
+    @pulumi.getter(name="ec2Alias")
+    def ec2_alias(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        How to generate the identity alias when using the ec2 auth method. Valid choices are
+        `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        """
+        return pulumi.get(self, "ec2_alias")
+    @ec2_alias.setter
+    def ec2_alias(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "ec2_alias", value)
+    @_builtins.property
+    @pulumi.getter(name="ec2Metadatas")
+    def ec2_metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The metadata to include on the token returned by the `login` endpoint. This metadata will be
+        added to both audit logs, and on the `ec2_alias`
+        """
+        return pulumi.get(self, "ec2_metadatas")
+    @ec2_metadatas.setter
+    def ec2_metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "ec2_metadatas", value)
+    @_builtins.property
+    @pulumi.getter(name="iamAlias")
+    def iam_alias(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        How to generate the identity alias when using the iam auth method. Valid choices are
+        `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        """
+        return pulumi.get(self, "iam_alias")
+    @iam_alias.setter
+    def iam_alias(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "iam_alias", value)
+    @_builtins.property
+    @pulumi.getter(name="iamMetadatas")
+    def iam_metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The metadata to include on the token returned by the `login` endpoint. This metadata will be
+        added to both audit logs, and on the `iam_alias`
+        """
+        return pulumi.get(self, "iam_metadatas")
+    @iam_metadatas.setter
+    def iam_metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "iam_metadatas", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+@pulumi.input_type
+class _AuthBackendConfigIdentityState:
+    def __init__(__self__, *,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering AuthBackendConfigIdentity resources.
+        :param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
+               mounted at.  Defaults to `aws`.
+        :param pulumi.Input[_builtins.str] ec2_alias: How to generate the identity alias when using the ec2 auth method. Valid choices are
+               `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ec2_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `ec2_alias`
+        :param pulumi.Input[_builtins.str] iam_alias: How to generate the identity alias when using the iam auth method. Valid choices are
+               `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `iam_alias`
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        """
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if ec2_alias is not None:
+            pulumi.set(__self__, "ec2_alias", ec2_alias)
+        if ec2_metadatas is not None:
+            pulumi.set(__self__, "ec2_metadatas", ec2_metadatas)
+        if iam_alias is not None:
+            pulumi.set(__self__, "iam_alias", iam_alias)
+        if iam_metadatas is not None:
+            pulumi.set(__self__, "iam_metadatas", iam_metadatas)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The path the AWS auth backend being configured was
+        mounted at.  Defaults to `aws`.
+        """
+        return pulumi.get(self, "backend")
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+    @_builtins.property
+    @pulumi.getter(name="ec2Alias")
+    def ec2_alias(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        How to generate the identity alias when using the ec2 auth method. Valid choices are
+        `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        """
+        return pulumi.get(self, "ec2_alias")
+    @ec2_alias.setter
+    def ec2_alias(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "ec2_alias", value)
+    @_builtins.property
+    @pulumi.getter(name="ec2Metadatas")
+    def ec2_metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The metadata to include on the token returned by the `login` endpoint. This metadata will be
+        added to both audit logs, and on the `ec2_alias`
+        """
+        return pulumi.get(self, "ec2_metadatas")
+    @ec2_metadatas.setter
+    def ec2_metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "ec2_metadatas", value)
+    @_builtins.property
+    @pulumi.getter(name="iamAlias")
+    def iam_alias(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        How to generate the identity alias when using the iam auth method. Valid choices are
+        `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        """
+        return pulumi.get(self, "iam_alias")
+    @iam_alias.setter
+    def iam_alias(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "iam_alias", value)
+    @_builtins.property
+    @pulumi.getter(name="iamMetadatas")
+    def iam_metadatas(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The metadata to include on the token returned by the `login` endpoint. This metadata will be
+        added to both audit logs, and on the `iam_alias`
+        """
+        return pulumi.get(self, "iam_metadatas")
+    @iam_metadatas.setter
+    def iam_metadatas(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "iam_metadatas", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+@pulumi.type_token("vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity")
+class AuthBackendConfigIdentity(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        """
+        Manages an AWS auth backend identity configuration in a Vault server. This configuration defines how Vault interacts
+        with the identity store. See the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html) for more
+        information.
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        aws = vault.AuthBackend("aws", type="aws")
+        example = vault.aws.AuthBackendConfigIdentity("example",
+            backend=aws.path,
+            iam_alias="full_arn",
+            iam_metadatas=[
+                "canonical_arn",
+                "account_id",
+            ])
+        ```
+        ## Import
+        AWS auth backend identity config can be imported using `auth/`, the `backend` path, and `/config/identity` e.g.
+        ```sh
+        $ pulumi import vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity example auth/aws/config/identity
+        ```
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
+               mounted at.  Defaults to `aws`.
+        :param pulumi.Input[_builtins.str] ec2_alias: How to generate the identity alias when using the ec2 auth method. Valid choices are
+               `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ec2_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `ec2_alias`
+        :param pulumi.Input[_builtins.str] iam_alias: How to generate the identity alias when using the iam auth method. Valid choices are
+               `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `iam_alias`
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: Optional[AuthBackendConfigIdentityArgs] = None,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Manages an AWS auth backend identity configuration in a Vault server. This configuration defines how Vault interacts
+        with the identity store. See the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html) for more
+        information.
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        aws = vault.AuthBackend("aws", type="aws")
+        example = vault.aws.AuthBackendConfigIdentity("example",
+            backend=aws.path,
+            iam_alias="full_arn",
+            iam_metadatas=[
+                "canonical_arn",
+                "account_id",
+            ])
+        ```
+        ## Import
+        AWS auth backend identity config can be imported using `auth/`, the `backend` path, and `/config/identity` e.g.
+        ```sh
+        $ pulumi import vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity example auth/aws/config/identity
+        ```
+        :param str resource_name: The name of the resource.
+        :param AuthBackendConfigIdentityArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(AuthBackendConfigIdentityArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 ec2_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 iam_alias: Optional[pulumi.Input[_builtins.str]] = None,
+                 iam_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = AuthBackendConfigIdentityArgs.__new__(AuthBackendConfigIdentityArgs)
+            __props__.__dict__["backend"] = backend
+            __props__.__dict__["ec2_alias"] = ec2_alias
+            __props__.__dict__["ec2_metadatas"] = ec2_metadatas
+            __props__.__dict__["iam_alias"] = iam_alias
+            __props__.__dict__["iam_metadatas"] = iam_metadatas
+            __props__.__dict__["namespace"] = namespace
+        super(AuthBackendConfigIdentity, __self__).__init__(
+            'vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity',
+            resource_name,
+            __props__,
+            opts)
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            ec2_alias: Optional[pulumi.Input[_builtins.str]] = None,
+            ec2_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            iam_alias: Optional[pulumi.Input[_builtins.str]] = None,
+            iam_metadatas: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None) -> 'AuthBackendConfigIdentity':
+        """
+        Get an existing AuthBackendConfigIdentity resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] backend: The path the AWS auth backend being configured was
+               mounted at.  Defaults to `aws`.
+        :param pulumi.Input[_builtins.str] ec2_alias: How to generate the identity alias when using the ec2 auth method. Valid choices are
+               `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ec2_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `ec2_alias`
+        :param pulumi.Input[_builtins.str] iam_alias: How to generate the identity alias when using the iam auth method. Valid choices are
+               `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] iam_metadatas: The metadata to include on the token returned by the `login` endpoint. This metadata will be
+               added to both audit logs, and on the `iam_alias`
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+        __props__ = _AuthBackendConfigIdentityState.__new__(_AuthBackendConfigIdentityState)
+        __props__.__dict__["backend"] = backend
+        __props__.__dict__["ec2_alias"] = ec2_alias
+        __props__.__dict__["ec2_metadatas"] = ec2_metadatas
+        __props__.__dict__["iam_alias"] = iam_alias
+        __props__.__dict__["iam_metadatas"] = iam_metadatas
+        __props__.__dict__["namespace"] = namespace
+        return AuthBackendConfigIdentity(resource_name, opts=opts, __props__=__props__)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The path the AWS auth backend being configured was
+        mounted at.  Defaults to `aws`.
+        """
+        return pulumi.get(self, "backend")
+    @_builtins.property
+    @pulumi.getter(name="ec2Alias")
+    def ec2_alias(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        How to generate the identity alias when using the ec2 auth method. Valid choices are
+        `role_id`, `instance_id`, and `image_id`. Defaults to `role_id`
+        """
+        return pulumi.get(self, "ec2_alias")
+    @_builtins.property
+    @pulumi.getter(name="ec2Metadatas")
+    def ec2_metadatas(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
+        """
+        The metadata to include on the token returned by the `login` endpoint. This metadata will be
+        added to both audit logs, and on the `ec2_alias`
+        """
+        return pulumi.get(self, "ec2_metadatas")
+    @_builtins.property
+    @pulumi.getter(name="iamAlias")
+    def iam_alias(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        How to generate the identity alias when using the iam auth method. Valid choices are
+        `role_id`, `unique_id`, and `full_arn`. Defaults to `role_id`
+        """
+        return pulumi.get(self, "iam_alias")
+    @_builtins.property
+    @pulumi.getter(name="iamMetadatas")
+    def iam_metadatas(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
+        """
+        The metadata to include on the token returned by the `login` endpoint. This metadata will be
+        added to both audit logs, and on the `iam_alias`
+        """
+        return pulumi.get(self, "iam_metadatas")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")