PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/gcp/get_auth_backend_role.py ADDED Viewed

@@ -0,0 +1,514 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = [
+    'GetAuthBackendRoleResult',
+    'AwaitableGetAuthBackendRoleResult',
+    'get_auth_backend_role',
+    'get_auth_backend_role_output',
+]
+@pulumi.output_type
+class GetAuthBackendRoleResult:
+    """
+    A collection of values returned by getAuthBackendRole.
+    """
+    def __init__(__self__, alias_metadata=None, backend=None, bound_instance_groups=None, bound_labels=None, bound_projects=None, bound_regions=None, bound_service_accounts=None, bound_zones=None, id=None, namespace=None, role_id=None, role_name=None, token_bound_cidrs=None, token_explicit_max_ttl=None, token_max_ttl=None, token_no_default_policy=None, token_num_uses=None, token_period=None, token_policies=None, token_ttl=None, token_type=None, type=None):
+        if alias_metadata and not isinstance(alias_metadata, dict):
+            raise TypeError("Expected argument 'alias_metadata' to be a dict")
+        pulumi.set(__self__, "alias_metadata", alias_metadata)
+        if backend and not isinstance(backend, str):
+            raise TypeError("Expected argument 'backend' to be a str")
+        pulumi.set(__self__, "backend", backend)
+        if bound_instance_groups and not isinstance(bound_instance_groups, list):
+            raise TypeError("Expected argument 'bound_instance_groups' to be a list")
+        pulumi.set(__self__, "bound_instance_groups", bound_instance_groups)
+        if bound_labels and not isinstance(bound_labels, list):
+            raise TypeError("Expected argument 'bound_labels' to be a list")
+        pulumi.set(__self__, "bound_labels", bound_labels)
+        if bound_projects and not isinstance(bound_projects, list):
+            raise TypeError("Expected argument 'bound_projects' to be a list")
+        pulumi.set(__self__, "bound_projects", bound_projects)
+        if bound_regions and not isinstance(bound_regions, list):
+            raise TypeError("Expected argument 'bound_regions' to be a list")
+        pulumi.set(__self__, "bound_regions", bound_regions)
+        if bound_service_accounts and not isinstance(bound_service_accounts, list):
+            raise TypeError("Expected argument 'bound_service_accounts' to be a list")
+        pulumi.set(__self__, "bound_service_accounts", bound_service_accounts)
+        if bound_zones and not isinstance(bound_zones, list):
+            raise TypeError("Expected argument 'bound_zones' to be a list")
+        pulumi.set(__self__, "bound_zones", bound_zones)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if namespace and not isinstance(namespace, str):
+            raise TypeError("Expected argument 'namespace' to be a str")
+        pulumi.set(__self__, "namespace", namespace)
+        if role_id and not isinstance(role_id, str):
+            raise TypeError("Expected argument 'role_id' to be a str")
+        pulumi.set(__self__, "role_id", role_id)
+        if role_name and not isinstance(role_name, str):
+            raise TypeError("Expected argument 'role_name' to be a str")
+        pulumi.set(__self__, "role_name", role_name)
+        if token_bound_cidrs and not isinstance(token_bound_cidrs, list):
+            raise TypeError("Expected argument 'token_bound_cidrs' to be a list")
+        pulumi.set(__self__, "token_bound_cidrs", token_bound_cidrs)
+        if token_explicit_max_ttl and not isinstance(token_explicit_max_ttl, int):
+            raise TypeError("Expected argument 'token_explicit_max_ttl' to be a int")
+        pulumi.set(__self__, "token_explicit_max_ttl", token_explicit_max_ttl)
+        if token_max_ttl and not isinstance(token_max_ttl, int):
+            raise TypeError("Expected argument 'token_max_ttl' to be a int")
+        pulumi.set(__self__, "token_max_ttl", token_max_ttl)
+        if token_no_default_policy and not isinstance(token_no_default_policy, bool):
+            raise TypeError("Expected argument 'token_no_default_policy' to be a bool")
+        pulumi.set(__self__, "token_no_default_policy", token_no_default_policy)
+        if token_num_uses and not isinstance(token_num_uses, int):
+            raise TypeError("Expected argument 'token_num_uses' to be a int")
+        pulumi.set(__self__, "token_num_uses", token_num_uses)
+        if token_period and not isinstance(token_period, int):
+            raise TypeError("Expected argument 'token_period' to be a int")
+        pulumi.set(__self__, "token_period", token_period)
+        if token_policies and not isinstance(token_policies, list):
+            raise TypeError("Expected argument 'token_policies' to be a list")
+        pulumi.set(__self__, "token_policies", token_policies)
+        if token_ttl and not isinstance(token_ttl, int):
+            raise TypeError("Expected argument 'token_ttl' to be a int")
+        pulumi.set(__self__, "token_ttl", token_ttl)
+        if token_type and not isinstance(token_type, str):
+            raise TypeError("Expected argument 'token_type' to be a str")
+        pulumi.set(__self__, "token_type", token_type)
+        if type and not isinstance(type, str):
+            raise TypeError("Expected argument 'type' to be a str")
+        pulumi.set(__self__, "type", type)
+    @_builtins.property
+    @pulumi.getter(name="aliasMetadata")
+    def alias_metadata(self) -> Optional[Mapping[str, _builtins.str]]:
+        return pulumi.get(self, "alias_metadata")
+    @_builtins.property
+    @pulumi.getter
+    def backend(self) -> Optional[_builtins.str]:
+        return pulumi.get(self, "backend")
+    @_builtins.property
+    @pulumi.getter(name="boundInstanceGroups")
+    def bound_instance_groups(self) -> Sequence[_builtins.str]:
+        """
+        GCP regions bound to the role. Returned when `type` is `gce`.
+        """
+        return pulumi.get(self, "bound_instance_groups")
+    @_builtins.property
+    @pulumi.getter(name="boundLabels")
+    def bound_labels(self) -> Sequence[_builtins.str]:
+        """
+        GCP labels bound to the role. Returned when `type` is `gce`.
+        """
+        return pulumi.get(self, "bound_labels")
+    @_builtins.property
+    @pulumi.getter(name="boundProjects")
+    def bound_projects(self) -> Sequence[_builtins.str]:
+        """
+        GCP projects bound to the role.
+        """
+        return pulumi.get(self, "bound_projects")
+    @_builtins.property
+    @pulumi.getter(name="boundRegions")
+    def bound_regions(self) -> Sequence[_builtins.str]:
+        """
+        GCP regions bound to the role. Returned when `type` is `gce`.
+        """
+        return pulumi.get(self, "bound_regions")
+    @_builtins.property
+    @pulumi.getter(name="boundServiceAccounts")
+    def bound_service_accounts(self) -> Sequence[_builtins.str]:
+        """
+        GCP service accounts bound to the role. Returned when `type` is `iam`.
+        """
+        return pulumi.get(self, "bound_service_accounts")
+    @_builtins.property
+    @pulumi.getter(name="boundZones")
+    def bound_zones(self) -> Sequence[_builtins.str]:
+        """
+        GCP zones bound to the role. Returned when `type` is `gce`.
+        """
+        return pulumi.get(self, "bound_zones")
+    @_builtins.property
+    @pulumi.getter
+    def id(self) -> _builtins.str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[_builtins.str]:
+        return pulumi.get(self, "namespace")
+    @_builtins.property
+    @pulumi.getter(name="roleId")
+    def role_id(self) -> _builtins.str:
+        """
+        The RoleID of the GCP role.
+        """
+        return pulumi.get(self, "role_id")
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> _builtins.str:
+        return pulumi.get(self, "role_name")
+    @_builtins.property
+    @pulumi.getter(name="tokenBoundCidrs")
+    def token_bound_cidrs(self) -> Optional[Sequence[_builtins.str]]:
+        """
+        List of CIDR blocks; if set, specifies blocks of IP
+        addresses which can authenticate successfully, and ties the resulting token to these blocks
+        as well.
+        """
+        return pulumi.get(self, "token_bound_cidrs")
+    @_builtins.property
+    @pulumi.getter(name="tokenExplicitMaxTtl")
+    def token_explicit_max_ttl(self) -> Optional[_builtins.int]:
+        """
+        If set, will encode an
+        [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+        onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+        `token_max_ttl` would otherwise allow a renewal.
+        """
+        return pulumi.get(self, "token_explicit_max_ttl")
+    @_builtins.property
+    @pulumi.getter(name="tokenMaxTtl")
+    def token_max_ttl(self) -> Optional[_builtins.int]:
+        """
+        The maximum lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
+        """
+        return pulumi.get(self, "token_max_ttl")
+    @_builtins.property
+    @pulumi.getter(name="tokenNoDefaultPolicy")
+    def token_no_default_policy(self) -> Optional[_builtins.bool]:
+        """
+        If set, the default policy will not be set on
+        generated tokens; otherwise it will be added to the policies set in token_policies.
+        """
+        return pulumi.get(self, "token_no_default_policy")
+    @_builtins.property
+    @pulumi.getter(name="tokenNumUses")
+    def token_num_uses(self) -> Optional[_builtins.int]:
+        """
+        The
+        [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
+        if any, in number of seconds to set on the token.
+        """
+        return pulumi.get(self, "token_num_uses")
+    @_builtins.property
+    @pulumi.getter(name="tokenPeriod")
+    def token_period(self) -> Optional[_builtins.int]:
+        """
+        (Optional) If set, indicates that the
+        token generated using this role should never expire. The token should be renewed within the
+        duration specified by this value. At each renewal, the token's TTL will be set to the
+        value of this field. Specified in seconds.
+        """
+        return pulumi.get(self, "token_period")
+    @_builtins.property
+    @pulumi.getter(name="tokenPolicies")
+    def token_policies(self) -> Optional[Sequence[_builtins.str]]:
+        """
+        List of policies to encode onto generated tokens. Depending
+        on the auth method, this list may be supplemented by user/group/other values.
+        """
+        return pulumi.get(self, "token_policies")
+    @_builtins.property
+    @pulumi.getter(name="tokenTtl")
+    def token_ttl(self) -> Optional[_builtins.int]:
+        """
+        The incremental lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
+        """
+        return pulumi.get(self, "token_ttl")
+    @_builtins.property
+    @pulumi.getter(name="tokenType")
+    def token_type(self) -> Optional[_builtins.str]:
+        """
+        The type of token that should be generated. Can be `service`,
+        `batch`, or `default` to use the mount's tuned default (which unless changed will be
+        `service` tokens). For token store roles, there are two additional possibilities:
+        `default-service` and `default-batch` which specify the type to return unless the client
+        requests a different type at generation time.
+        """
+        return pulumi.get(self, "token_type")
+    @_builtins.property
+    @pulumi.getter
+    def type(self) -> _builtins.str:
+        """
+        Type of GCP role. Expected values are `iam` or `gce`.
+        """
+        return pulumi.get(self, "type")
+class AwaitableGetAuthBackendRoleResult(GetAuthBackendRoleResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetAuthBackendRoleResult(
+            alias_metadata=self.alias_metadata,
+            backend=self.backend,
+            bound_instance_groups=self.bound_instance_groups,
+            bound_labels=self.bound_labels,
+            bound_projects=self.bound_projects,
+            bound_regions=self.bound_regions,
+            bound_service_accounts=self.bound_service_accounts,
+            bound_zones=self.bound_zones,
+            id=self.id,
+            namespace=self.namespace,
+            role_id=self.role_id,
+            role_name=self.role_name,
+            token_bound_cidrs=self.token_bound_cidrs,
+            token_explicit_max_ttl=self.token_explicit_max_ttl,
+            token_max_ttl=self.token_max_ttl,
+            token_no_default_policy=self.token_no_default_policy,
+            token_num_uses=self.token_num_uses,
+            token_period=self.token_period,
+            token_policies=self.token_policies,
+            token_ttl=self.token_ttl,
+            token_type=self.token_type,
+            type=self.type)
+def get_auth_backend_role(alias_metadata: Optional[Mapping[str, _builtins.str]] = None,
+                          backend: Optional[_builtins.str] = None,
+                          namespace: Optional[_builtins.str] = None,
+                          role_name: Optional[_builtins.str] = None,
+                          token_bound_cidrs: Optional[Sequence[_builtins.str]] = None,
+                          token_explicit_max_ttl: Optional[_builtins.int] = None,
+                          token_max_ttl: Optional[_builtins.int] = None,
+                          token_no_default_policy: Optional[_builtins.bool] = None,
+                          token_num_uses: Optional[_builtins.int] = None,
+                          token_period: Optional[_builtins.int] = None,
+                          token_policies: Optional[Sequence[_builtins.str]] = None,
+                          token_ttl: Optional[_builtins.int] = None,
+                          token_type: Optional[_builtins.str] = None,
+                          opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAuthBackendRoleResult:
+    """
+    Reads a GCP auth role from a Vault server.
+    ## Example Usage
+    ```python
+    import pulumi
+    import pulumi_vault as vault
+    role = vault.gcp.get_auth_backend_role(backend="my-gcp-backend",
+        role_name="my-role")
+    pulumi.export("role-id", role.role_id)
+    ```
+    :param _builtins.str backend: The unique name for the GCP backend from which to fetch the role. Defaults to "gcp".
+    :param _builtins.str namespace: The namespace of the target resource.
+           The value should not contain leading or trailing forward slashes.
+           The `namespace` is always relative to the provider's configured namespace.
+           *Available only for Vault Enterprise*.
+    :param _builtins.str role_name: The name of the role to retrieve the Role ID for.
+    :param Sequence[_builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+           addresses which can authenticate successfully, and ties the resulting token to these blocks
+           as well.
+    :param _builtins.int token_explicit_max_ttl: If set, will encode an
+           [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+           onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+           `token_max_ttl` would otherwise allow a renewal.
+    :param _builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+           Its current value will be referenced at renewal time.
+    :param _builtins.bool token_no_default_policy: If set, the default policy will not be set on
+           generated tokens; otherwise it will be added to the policies set in token_policies.
+    :param _builtins.int token_num_uses: The
+           [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
+           if any, in number of seconds to set on the token.
+    :param _builtins.int token_period: (Optional) If set, indicates that the
+           token generated using this role should never expire. The token should be renewed within the
+           duration specified by this value. At each renewal, the token's TTL will be set to the
+           value of this field. Specified in seconds.
+    :param Sequence[_builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
+           on the auth method, this list may be supplemented by user/group/other values.
+    :param _builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
+           Its current value will be referenced at renewal time.
+    :param _builtins.str token_type: The type of token that should be generated. Can be `service`,
+           `batch`, or `default` to use the mount's tuned default (which unless changed will be
+           `service` tokens). For token store roles, there are two additional possibilities:
+           `default-service` and `default-batch` which specify the type to return unless the client
+           requests a different type at generation time.
+    """
+    __args__ = dict()
+    __args__['aliasMetadata'] = alias_metadata
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    __args__['roleName'] = role_name
+    __args__['tokenBoundCidrs'] = token_bound_cidrs
+    __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
+    __args__['tokenMaxTtl'] = token_max_ttl
+    __args__['tokenNoDefaultPolicy'] = token_no_default_policy
+    __args__['tokenNumUses'] = token_num_uses
+    __args__['tokenPeriod'] = token_period
+    __args__['tokenPolicies'] = token_policies
+    __args__['tokenTtl'] = token_ttl
+    __args__['tokenType'] = token_type
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('vault:gcp/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult).value
+    return AwaitableGetAuthBackendRoleResult(
+        alias_metadata=pulumi.get(__ret__, 'alias_metadata'),
+        backend=pulumi.get(__ret__, 'backend'),
+        bound_instance_groups=pulumi.get(__ret__, 'bound_instance_groups'),
+        bound_labels=pulumi.get(__ret__, 'bound_labels'),
+        bound_projects=pulumi.get(__ret__, 'bound_projects'),
+        bound_regions=pulumi.get(__ret__, 'bound_regions'),
+        bound_service_accounts=pulumi.get(__ret__, 'bound_service_accounts'),
+        bound_zones=pulumi.get(__ret__, 'bound_zones'),
+        id=pulumi.get(__ret__, 'id'),
+        namespace=pulumi.get(__ret__, 'namespace'),
+        role_id=pulumi.get(__ret__, 'role_id'),
+        role_name=pulumi.get(__ret__, 'role_name'),
+        token_bound_cidrs=pulumi.get(__ret__, 'token_bound_cidrs'),
+        token_explicit_max_ttl=pulumi.get(__ret__, 'token_explicit_max_ttl'),
+        token_max_ttl=pulumi.get(__ret__, 'token_max_ttl'),
+        token_no_default_policy=pulumi.get(__ret__, 'token_no_default_policy'),
+        token_num_uses=pulumi.get(__ret__, 'token_num_uses'),
+        token_period=pulumi.get(__ret__, 'token_period'),
+        token_policies=pulumi.get(__ret__, 'token_policies'),
+        token_ttl=pulumi.get(__ret__, 'token_ttl'),
+        token_type=pulumi.get(__ret__, 'token_type'),
+        type=pulumi.get(__ret__, 'type'))
+def get_auth_backend_role_output(alias_metadata: Optional[pulumi.Input[Optional[Mapping[str, _builtins.str]]]] = None,
+                                 backend: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                 namespace: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                                 token_bound_cidrs: Optional[pulumi.Input[Optional[Sequence[_builtins.str]]]] = None,
+                                 token_explicit_max_ttl: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_max_ttl: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_no_default_policy: Optional[pulumi.Input[Optional[_builtins.bool]]] = None,
+                                 token_num_uses: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_period: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_policies: Optional[pulumi.Input[Optional[Sequence[_builtins.str]]]] = None,
+                                 token_ttl: Optional[pulumi.Input[Optional[_builtins.int]]] = None,
+                                 token_type: Optional[pulumi.Input[Optional[_builtins.str]]] = None,
+                                 opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAuthBackendRoleResult]:
+    """
+    Reads a GCP auth role from a Vault server.
+    ## Example Usage
+    ```python
+    import pulumi
+    import pulumi_vault as vault
+    role = vault.gcp.get_auth_backend_role(backend="my-gcp-backend",
+        role_name="my-role")
+    pulumi.export("role-id", role.role_id)
+    ```
+    :param _builtins.str backend: The unique name for the GCP backend from which to fetch the role. Defaults to "gcp".
+    :param _builtins.str namespace: The namespace of the target resource.
+           The value should not contain leading or trailing forward slashes.
+           The `namespace` is always relative to the provider's configured namespace.
+           *Available only for Vault Enterprise*.
+    :param _builtins.str role_name: The name of the role to retrieve the Role ID for.
+    :param Sequence[_builtins.str] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+           addresses which can authenticate successfully, and ties the resulting token to these blocks
+           as well.
+    :param _builtins.int token_explicit_max_ttl: If set, will encode an
+           [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+           onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+           `token_max_ttl` would otherwise allow a renewal.
+    :param _builtins.int token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+           Its current value will be referenced at renewal time.
+    :param _builtins.bool token_no_default_policy: If set, the default policy will not be set on
+           generated tokens; otherwise it will be added to the policies set in token_policies.
+    :param _builtins.int token_num_uses: The
+           [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
+           if any, in number of seconds to set on the token.
+    :param _builtins.int token_period: (Optional) If set, indicates that the
+           token generated using this role should never expire. The token should be renewed within the
+           duration specified by this value. At each renewal, the token's TTL will be set to the
+           value of this field. Specified in seconds.
+    :param Sequence[_builtins.str] token_policies: List of policies to encode onto generated tokens. Depending
+           on the auth method, this list may be supplemented by user/group/other values.
+    :param _builtins.int token_ttl: The incremental lifetime for generated tokens in number of seconds.
+           Its current value will be referenced at renewal time.
+    :param _builtins.str token_type: The type of token that should be generated. Can be `service`,
+           `batch`, or `default` to use the mount's tuned default (which unless changed will be
+           `service` tokens). For token store roles, there are two additional possibilities:
+           `default-service` and `default-batch` which specify the type to return unless the client
+           requests a different type at generation time.
+    """
+    __args__ = dict()
+    __args__['aliasMetadata'] = alias_metadata
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    __args__['roleName'] = role_name
+    __args__['tokenBoundCidrs'] = token_bound_cidrs
+    __args__['tokenExplicitMaxTtl'] = token_explicit_max_ttl
+    __args__['tokenMaxTtl'] = token_max_ttl
+    __args__['tokenNoDefaultPolicy'] = token_no_default_policy
+    __args__['tokenNumUses'] = token_num_uses
+    __args__['tokenPeriod'] = token_period
+    __args__['tokenPolicies'] = token_policies
+    __args__['tokenTtl'] = token_ttl
+    __args__['tokenType'] = token_type
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:gcp/getAuthBackendRole:getAuthBackendRole', __args__, opts=opts, typ=GetAuthBackendRoleResult)
+    return __ret__.apply(lambda __response__: GetAuthBackendRoleResult(
+        alias_metadata=pulumi.get(__response__, 'alias_metadata'),
+        backend=pulumi.get(__response__, 'backend'),
+        bound_instance_groups=pulumi.get(__response__, 'bound_instance_groups'),
+        bound_labels=pulumi.get(__response__, 'bound_labels'),
+        bound_projects=pulumi.get(__response__, 'bound_projects'),
+        bound_regions=pulumi.get(__response__, 'bound_regions'),
+        bound_service_accounts=pulumi.get(__response__, 'bound_service_accounts'),
+        bound_zones=pulumi.get(__response__, 'bound_zones'),
+        id=pulumi.get(__response__, 'id'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        role_id=pulumi.get(__response__, 'role_id'),
+        role_name=pulumi.get(__response__, 'role_name'),
+        token_bound_cidrs=pulumi.get(__response__, 'token_bound_cidrs'),
+        token_explicit_max_ttl=pulumi.get(__response__, 'token_explicit_max_ttl'),
+        token_max_ttl=pulumi.get(__response__, 'token_max_ttl'),
+        token_no_default_policy=pulumi.get(__response__, 'token_no_default_policy'),
+        token_num_uses=pulumi.get(__response__, 'token_num_uses'),
+        token_period=pulumi.get(__response__, 'token_period'),
+        token_policies=pulumi.get(__response__, 'token_policies'),
+        token_ttl=pulumi.get(__response__, 'token_ttl'),
+        token_type=pulumi.get(__response__, 'token_type'),
+        type=pulumi.get(__response__, 'type')))