PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/aws/auth_backend_role_tag.py ADDED Viewed

@@ -0,0 +1,638 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = ['AuthBackendRoleTagArgs', 'AuthBackendRoleTag']
+@pulumi.input_type
+class AuthBackendRoleTagArgs:
+    def __init__(__self__, *,
+                 role: pulumi.Input[_builtins.str],
+                 allow_instance_migration: Optional[pulumi.Input[_builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disallow_reauthentication: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None):
+        """
+        The set of arguments for constructing a AuthBackendRoleTag resource.
+        :param pulumi.Input[_builtins.str] role: The name of the AWS auth backend role to read
+               role tags from, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] allow_instance_migration: If set, allows migration of the underlying instances where the client resides. Use with caution.
+        :param pulumi.Input[_builtins.str] backend: The path to the AWS auth backend to
+               read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        :param pulumi.Input[_builtins.bool] disallow_reauthentication: If set, only allows a single token to be granted per instance ID.
+        :param pulumi.Input[_builtins.str] instance_id: Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum TTL of the tokens issued using this role.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        """
+        pulumi.set(__self__, "role", role)
+        if allow_instance_migration is not None:
+            pulumi.set(__self__, "allow_instance_migration", allow_instance_migration)
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if disallow_reauthentication is not None:
+            pulumi.set(__self__, "disallow_reauthentication", disallow_reauthentication)
+        if instance_id is not None:
+            pulumi.set(__self__, "instance_id", instance_id)
+        if max_ttl is not None:
+            pulumi.set(__self__, "max_ttl", max_ttl)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if policies is not None:
+            pulumi.set(__self__, "policies", policies)
+    @_builtins.property
+    @pulumi.getter
+    def role(self) -> pulumi.Input[_builtins.str]:
+        """
+        The name of the AWS auth backend role to read
+        role tags from, with no leading or trailing `/`s.
+        """
+        return pulumi.get(self, "role")
+    @role.setter
+    def role(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "role", value)
+    @_builtins.property
+    @pulumi.getter(name="allowInstanceMigration")
+    def allow_instance_migration(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set, allows migration of the underlying instances where the client resides. Use with caution.
+        """
+        return pulumi.get(self, "allow_instance_migration")
+    @allow_instance_migration.setter
+    def allow_instance_migration(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_instance_migration", value)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The path to the AWS auth backend to
+        read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        """
+        return pulumi.get(self, "backend")
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+    @_builtins.property
+    @pulumi.getter(name="disallowReauthentication")
+    def disallow_reauthentication(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set, only allows a single token to be granted per instance ID.
+        """
+        return pulumi.get(self, "disallow_reauthentication")
+    @disallow_reauthentication.setter
+    def disallow_reauthentication(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "disallow_reauthentication", value)
+    @_builtins.property
+    @pulumi.getter(name="instanceId")
+    def instance_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        """
+        return pulumi.get(self, "instance_id")
+    @instance_id.setter
+    def instance_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "instance_id", value)
+    @_builtins.property
+    @pulumi.getter(name="maxTtl")
+    def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The maximum TTL of the tokens issued using this role.
+        """
+        return pulumi.get(self, "max_ttl")
+    @max_ttl.setter
+    def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "max_ttl", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter
+    def policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        """
+        return pulumi.get(self, "policies")
+    @policies.setter
+    def policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "policies", value)
+@pulumi.input_type
+class _AuthBackendRoleTagState:
+    def __init__(__self__, *,
+                 allow_instance_migration: Optional[pulumi.Input[_builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disallow_reauthentication: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 role: Optional[pulumi.Input[_builtins.str]] = None,
+                 tag_key: Optional[pulumi.Input[_builtins.str]] = None,
+                 tag_value: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering AuthBackendRoleTag resources.
+        :param pulumi.Input[_builtins.bool] allow_instance_migration: If set, allows migration of the underlying instances where the client resides. Use with caution.
+        :param pulumi.Input[_builtins.str] backend: The path to the AWS auth backend to
+               read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        :param pulumi.Input[_builtins.bool] disallow_reauthentication: If set, only allows a single token to be granted per instance ID.
+        :param pulumi.Input[_builtins.str] instance_id: Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum TTL of the tokens issued using this role.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        :param pulumi.Input[_builtins.str] role: The name of the AWS auth backend role to read
+               role tags from, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.str] tag_key: The key of the role tag.
+        :param pulumi.Input[_builtins.str] tag_value: The value to set the role key.
+        """
+        if allow_instance_migration is not None:
+            pulumi.set(__self__, "allow_instance_migration", allow_instance_migration)
+        if backend is not None:
+            pulumi.set(__self__, "backend", backend)
+        if disallow_reauthentication is not None:
+            pulumi.set(__self__, "disallow_reauthentication", disallow_reauthentication)
+        if instance_id is not None:
+            pulumi.set(__self__, "instance_id", instance_id)
+        if max_ttl is not None:
+            pulumi.set(__self__, "max_ttl", max_ttl)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if policies is not None:
+            pulumi.set(__self__, "policies", policies)
+        if role is not None:
+            pulumi.set(__self__, "role", role)
+        if tag_key is not None:
+            pulumi.set(__self__, "tag_key", tag_key)
+        if tag_value is not None:
+            pulumi.set(__self__, "tag_value", tag_value)
+    @_builtins.property
+    @pulumi.getter(name="allowInstanceMigration")
+    def allow_instance_migration(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set, allows migration of the underlying instances where the client resides. Use with caution.
+        """
+        return pulumi.get(self, "allow_instance_migration")
+    @allow_instance_migration.setter
+    def allow_instance_migration(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "allow_instance_migration", value)
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The path to the AWS auth backend to
+        read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        """
+        return pulumi.get(self, "backend")
+    @backend.setter
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend", value)
+    @_builtins.property
+    @pulumi.getter(name="disallowReauthentication")
+    def disallow_reauthentication(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        If set, only allows a single token to be granted per instance ID.
+        """
+        return pulumi.get(self, "disallow_reauthentication")
+    @disallow_reauthentication.setter
+    def disallow_reauthentication(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "disallow_reauthentication", value)
+    @_builtins.property
+    @pulumi.getter(name="instanceId")
+    def instance_id(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        """
+        return pulumi.get(self, "instance_id")
+    @instance_id.setter
+    def instance_id(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "instance_id", value)
+    @_builtins.property
+    @pulumi.getter(name="maxTtl")
+    def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The maximum TTL of the tokens issued using this role.
+        """
+        return pulumi.get(self, "max_ttl")
+    @max_ttl.setter
+    def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "max_ttl", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter
+    def policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        """
+        return pulumi.get(self, "policies")
+    @policies.setter
+    def policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "policies", value)
+    @_builtins.property
+    @pulumi.getter
+    def role(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The name of the AWS auth backend role to read
+        role tags from, with no leading or trailing `/`s.
+        """
+        return pulumi.get(self, "role")
+    @role.setter
+    def role(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "role", value)
+    @_builtins.property
+    @pulumi.getter(name="tagKey")
+    def tag_key(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The key of the role tag.
+        """
+        return pulumi.get(self, "tag_key")
+    @tag_key.setter
+    def tag_key(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "tag_key", value)
+    @_builtins.property
+    @pulumi.getter(name="tagValue")
+    def tag_value(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The value to set the role key.
+        """
+        return pulumi.get(self, "tag_value")
+    @tag_value.setter
+    def tag_value(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "tag_value", value)
+@pulumi.type_token("vault:aws/authBackendRoleTag:AuthBackendRoleTag")
+class AuthBackendRoleTag(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 allow_instance_migration: Optional[pulumi.Input[_builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disallow_reauthentication: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 role: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        """
+        Reads role tag information from an AWS auth backend in Vault.
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        aws = vault.AuthBackend("aws",
+            path="%s",
+            type="aws")
+        role = vault.aws.AuthBackendRole("role",
+            backend=aws.path,
+            role="%s",
+            auth_type="ec2",
+            bound_account_id="123456789012",
+            policies=[
+                "dev",
+                "prod",
+                "qa",
+                "test",
+            ],
+            role_tag="VaultRoleTag")
+        test = vault.aws.AuthBackendRoleTag("test",
+            backend=aws.path,
+            role=role.role,
+            policies=[
+                "prod",
+                "dev",
+                "test",
+            ],
+            max_ttl="1h",
+            instance_id="i-1234567")
+        ```
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.bool] allow_instance_migration: If set, allows migration of the underlying instances where the client resides. Use with caution.
+        :param pulumi.Input[_builtins.str] backend: The path to the AWS auth backend to
+               read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        :param pulumi.Input[_builtins.bool] disallow_reauthentication: If set, only allows a single token to be granted per instance ID.
+        :param pulumi.Input[_builtins.str] instance_id: Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum TTL of the tokens issued using this role.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        :param pulumi.Input[_builtins.str] role: The name of the AWS auth backend role to read
+               role tags from, with no leading or trailing `/`s.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: AuthBackendRoleTagArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Reads role tag information from an AWS auth backend in Vault.
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        aws = vault.AuthBackend("aws",
+            path="%s",
+            type="aws")
+        role = vault.aws.AuthBackendRole("role",
+            backend=aws.path,
+            role="%s",
+            auth_type="ec2",
+            bound_account_id="123456789012",
+            policies=[
+                "dev",
+                "prod",
+                "qa",
+                "test",
+            ],
+            role_tag="VaultRoleTag")
+        test = vault.aws.AuthBackendRoleTag("test",
+            backend=aws.path,
+            role=role.role,
+            policies=[
+                "prod",
+                "dev",
+                "test",
+            ],
+            max_ttl="1h",
+            instance_id="i-1234567")
+        ```
+        :param str resource_name: The name of the resource.
+        :param AuthBackendRoleTagArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(AuthBackendRoleTagArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 allow_instance_migration: Optional[pulumi.Input[_builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 disallow_reauthentication: Optional[pulumi.Input[_builtins.bool]] = None,
+                 instance_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 policies: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 role: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = AuthBackendRoleTagArgs.__new__(AuthBackendRoleTagArgs)
+            __props__.__dict__["allow_instance_migration"] = allow_instance_migration
+            __props__.__dict__["backend"] = backend
+            __props__.__dict__["disallow_reauthentication"] = disallow_reauthentication
+            __props__.__dict__["instance_id"] = instance_id
+            __props__.__dict__["max_ttl"] = max_ttl
+            __props__.__dict__["namespace"] = namespace
+            __props__.__dict__["policies"] = policies
+            if role is None and not opts.urn:
+                raise TypeError("Missing required property 'role'")
+            __props__.__dict__["role"] = role
+            __props__.__dict__["tag_key"] = None
+            __props__.__dict__["tag_value"] = None
+        super(AuthBackendRoleTag, __self__).__init__(
+            'vault:aws/authBackendRoleTag:AuthBackendRoleTag',
+            resource_name,
+            __props__,
+            opts)
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            allow_instance_migration: Optional[pulumi.Input[_builtins.bool]] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            disallow_reauthentication: Optional[pulumi.Input[_builtins.bool]] = None,
+            instance_id: Optional[pulumi.Input[_builtins.str]] = None,
+            max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            policies: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+            role: Optional[pulumi.Input[_builtins.str]] = None,
+            tag_key: Optional[pulumi.Input[_builtins.str]] = None,
+            tag_value: Optional[pulumi.Input[_builtins.str]] = None) -> 'AuthBackendRoleTag':
+        """
+        Get an existing AuthBackendRoleTag resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.bool] allow_instance_migration: If set, allows migration of the underlying instances where the client resides. Use with caution.
+        :param pulumi.Input[_builtins.str] backend: The path to the AWS auth backend to
+               read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        :param pulumi.Input[_builtins.bool] disallow_reauthentication: If set, only allows a single token to be granted per instance ID.
+        :param pulumi.Input[_builtins.str] instance_id: Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        :param pulumi.Input[_builtins.str] max_ttl: The maximum TTL of the tokens issued using this role.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policies: The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        :param pulumi.Input[_builtins.str] role: The name of the AWS auth backend role to read
+               role tags from, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.str] tag_key: The key of the role tag.
+        :param pulumi.Input[_builtins.str] tag_value: The value to set the role key.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+        __props__ = _AuthBackendRoleTagState.__new__(_AuthBackendRoleTagState)
+        __props__.__dict__["allow_instance_migration"] = allow_instance_migration
+        __props__.__dict__["backend"] = backend
+        __props__.__dict__["disallow_reauthentication"] = disallow_reauthentication
+        __props__.__dict__["instance_id"] = instance_id
+        __props__.__dict__["max_ttl"] = max_ttl
+        __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["policies"] = policies
+        __props__.__dict__["role"] = role
+        __props__.__dict__["tag_key"] = tag_key
+        __props__.__dict__["tag_value"] = tag_value
+        return AuthBackendRoleTag(resource_name, opts=opts, __props__=__props__)
+    @_builtins.property
+    @pulumi.getter(name="allowInstanceMigration")
+    def allow_instance_migration(self) -> pulumi.Output[Optional[_builtins.bool]]:
+        """
+        If set, allows migration of the underlying instances where the client resides. Use with caution.
+        """
+        return pulumi.get(self, "allow_instance_migration")
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The path to the AWS auth backend to
+        read role tags from, with no leading or trailing `/`s. Defaults to "aws".
+        """
+        return pulumi.get(self, "backend")
+    @_builtins.property
+    @pulumi.getter(name="disallowReauthentication")
+    def disallow_reauthentication(self) -> pulumi.Output[Optional[_builtins.bool]]:
+        """
+        If set, only allows a single token to be granted per instance ID.
+        """
+        return pulumi.get(self, "disallow_reauthentication")
+    @_builtins.property
+    @pulumi.getter(name="instanceId")
+    def instance_id(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
+        """
+        return pulumi.get(self, "instance_id")
+    @_builtins.property
+    @pulumi.getter(name="maxTtl")
+    def max_ttl(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The maximum TTL of the tokens issued using this role.
+        """
+        return pulumi.get(self, "max_ttl")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @_builtins.property
+    @pulumi.getter
+    def policies(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
+        """
+        The policies to be associated with the tag. Must be a subset of the policies associated with the role.
+        """
+        return pulumi.get(self, "policies")
+    @_builtins.property
+    @pulumi.getter
+    def role(self) -> pulumi.Output[_builtins.str]:
+        """
+        The name of the AWS auth backend role to read
+        role tags from, with no leading or trailing `/`s.
+        """
+        return pulumi.get(self, "role")
+    @_builtins.property
+    @pulumi.getter(name="tagKey")
+    def tag_key(self) -> pulumi.Output[_builtins.str]:
+        """
+        The key of the role tag.
+        """
+        return pulumi.get(self, "tag_key")
+    @_builtins.property
+    @pulumi.getter(name="tagValue")
+    def tag_value(self) -> pulumi.Output[_builtins.str]:
+        """
+        The value to set the role key.
+        """
+        return pulumi.get(self, "tag_value")