Upgrade upstream to v3.22.0 (#328)

Fixes #327 
Fixes #197

provider/resources.go

@@ -19,15 +19,15 @@ import (
 	"path/filepath"
 	"strings"
 	"unicode"
+	// embed is used to store bridge-metadata.json in the compiled binary
+	_ "embed"
 
-	"github.com/hashicorp/terraform-provider-vault/generated"
 	"github.com/hashicorp/terraform-provider-vault/schema"
 	"github.com/hashicorp/terraform-provider-vault/vault"
 	"github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge"
-	shim "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim"
+	tks "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge/tokens"
 	shimv2 "github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfshim/sdk-v2"
 	"github.com/pulumi/pulumi-vault/provider/v5/pkg/version"
-	"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
 )
 
@@ -38,9 +38,9 @@ const (
 
 	// modules:
 	mainMod           = "index"
-	appRoleMod        = "AppRole"
 	adMod             = "AD"
 	aliCloudMod       = "AliCloud"
+	appRoleMod        = "AppRole"
 	awsMod            = "Aws"
 	azureMod          = "Azure"
 	consulMod         = "Consul"
@@ -59,13 +59,44 @@ const (
 	oktaMod           = "Okta"
 	pkiSecretMod      = "PkiSecret"
 	rabbitMqMod       = "RabbitMQ"
+	samlMod           = "Saml"
 	sshMod            = "Ssh"
 	terraformCloudMod = "TerraformCloud"
 	tokenMod          = "TokenAuth"
 	transformMod      = "Transform"
 	transitMod        = "Transit"
 )
 
+var moduleMap = map[string]string{
+	"ad":              adMod,
+	"alicloud":        aliCloudMod,
+	"approle":         appRoleMod,
+	"aws":             awsMod,
+	"azure":           azureMod,
+	"consul":          consulMod,
+	"database":        databaseMod,
+	"gcp":             gcpMod,
+	"generic":         genericMod,
+	"github":          githubMod,
+	"identity":        identityMod,
+	"jwt":             jwtMod,
+	"kmip":            kmipMod,
+	"kubernetes":      kubernetesMod,
+	"kv":              kvMod,
+	"ldap":            ldapMod,
+	"managed":         managedMod,
+	"mongodbatlas":    mongoDBAtlasMod,
+	"okta":            oktaMod,
+	"pki_secret":      pkiSecretMod,
+	"rabbitmq":        rabbitMqMod,
+	"saml":            samlMod,
+	"ssh":             sshMod,
+	"terraform_cloud": terraformCloudMod,
+	"token":           tokenMod,
+	"transform":       transformMod,
+	"transit":         transitMod,
+}
+
 var namespaceMap = map[string]string{
 	mainPkg: "Vault",
 }
@@ -100,39 +131,26 @@ func makeResource(mod string, res string) tokens.Type {
 	return makeType(mod, res)
 }
 
-func preConfigureCallback(vars resource.PropertyMap, c shim.ResourceConfig) error {
-	return nil
-}
+func ref[T any](v T) *T { return &v }
 
-func stringRef(s string) *string {
-	return &s
-}
+//go:embed cmd/pulumi-resource-vault/bridge-metadata.json
+var metadata []byte
 
 // Provider returns additional overlaid schema and metadata associated with the provider.
 func Provider() tfbridge.ProviderInfo {
-	provider := vault.Provider()
-	generatedProvider := schema.NewProvider(provider)
-	for name, resource := range generated.DataSourceRegistry {
-		generatedProvider.RegisterDataSource(name, resource)
-	}
-	for name, resource := range generated.ResourceRegistry {
-		generatedProvider.RegisterResource(name, resource)
-	}
-	p := shimv2.NewProvider(generatedProvider.SchemaProvider())
-
-	// Temporarily override the secretness of `headers` field.
-	// https://github.com/pulumi/pulumi/issues/11278
-	overrideSecretFlagForHeaders := false
 	prov := tfbridge.ProviderInfo{
-		P:           p,
-		Name:        "vault",
-		DisplayName: "HashiCorp Vault",
-		Description: "A Pulumi package for creating and managing HashiCorp Vault cloud resources.",
-		Keywords:    []string{"pulumi", "vault"},
-		License:     "Apache-2.0",
-		Homepage:    "https://pulumi.io",
-		GitHubOrg:   "hashicorp",
-		Repository:  "https://github.com/pulumi/pulumi-vault",
+		P:            shimv2.NewProvider(schema.NewProvider(vault.Provider()).SchemaProvider()),
+		Name:         "vault",
+		DisplayName:  "HashiCorp Vault",
+		Description:  "A Pulumi package for creating and managing HashiCorp Vault cloud resources.",
+		Keywords:     []string{"pulumi", "vault"},
+		License:      "Apache-2.0",
+		Homepage:     "https://pulumi.io",
+		GitHubOrg:    "hashicorp",
+		Repository:   "https://github.com/pulumi/pulumi-vault",
+		Version:      version.Version,
+		MetadataInfo: tfbridge.NewProviderMetadata(metadata),
+
 		Config: map[string]*tfbridge.SchemaInfo{
 			"skip_tls_verify": {
 				Default: &tfbridge.DefaultInfo{
@@ -157,11 +175,7 @@ func Provider() tfbridge.ProviderInfo {
 					Value: 2,
 				},
 			},
-			"headers": {
-				Secret: &overrideSecretFlagForHeaders,
-			},
 		},
-		PreConfigureCallback: preConfigureCallback,
 		Resources: map[string]*tfbridge.ResourceInfo{
 			// Main
 			"vault_audit":                  {Tok: makeResource(mainMod, "Audit")},
@@ -213,37 +227,14 @@ func Provider() tfbridge.ProviderInfo {
 			"vault_approle_auth_backend_role_secret_id": {
 				Tok: makeResource(appRoleMod, "AuthBackendRoleSecretId"),
 				Aliases: []tfbridge.AliasInfo{
-					{Type: stringRef(makeResource(appRoleMod, "AuthBackendRoleSecretID").String())},
+					{Type: ref(makeResource(appRoleMod, "AuthBackendRoleSecretID").String())},
 				},
 			},
 
-			// AliCloud
-			"vault_alicloud_auth_backend_role": {Tok: makeResource(aliCloudMod, "AuthBackendRole")},
-
-			// AWS
-			"vault_aws_auth_backend_cert":               {Tok: makeResource(awsMod, "AuthBackendCert")},
-			"vault_aws_auth_backend_client":             {Tok: makeResource(awsMod, "AuthBackendClient")},
-			"vault_aws_auth_backend_config_identity":    {Tok: makeResource(awsMod, "AuthBackendConfigIdentity")},
-			"vault_aws_auth_backend_identity_whitelist": {Tok: makeResource(awsMod, "AuthBackendIdentityWhitelist")},
-			"vault_aws_auth_backend_login":              {Tok: makeResource(awsMod, "AuthBackendLogin")},
-			"vault_aws_auth_backend_role":               {Tok: makeResource(awsMod, "AuthBackendRole")},
-			"vault_aws_auth_backend_role_tag":           {Tok: makeResource(awsMod, "AuthBackendRoleTag")},
-			"vault_aws_auth_backend_roletag_blacklist":  {Tok: makeResource(awsMod, "AuthBackendRoletagBlacklist")},
-			"vault_aws_auth_backend_sts_role":           {Tok: makeResource(awsMod, "AuthBackendStsRole")},
-			"vault_aws_secret_backend":                  {Tok: makeResource(awsMod, "SecretBackend")},
-			"vault_aws_secret_backend_role":             {Tok: makeResource(awsMod, "SecretBackendRole")},
-			"vault_aws_secret_backend_static_role":      {Tok: makeResource(awsMod, "SecretBackendStaticRole")},
-
 			// Azure
-			"vault_azure_auth_backend_config": {Tok: makeResource(azureMod, "AuthBackendConfig")},
-			"vault_azure_auth_backend_role":   {Tok: makeResource(azureMod, "AuthBackendRole")},
 			"vault_azure_secret_backend":      {Tok: makeResource(azureMod, "Backend")},
 			"vault_azure_secret_backend_role": {Tok: makeResource(azureMod, "BackendRole")},
 
-			// Consul
-			"vault_consul_secret_backend":      {Tok: makeResource(consulMod, "SecretBackend")},
-			"vault_consul_secret_backend_role": {Tok: makeResource(consulMod, "SecretBackendRole")},
-
 			// Database
 			"vault_database_secret_backend_connection": {
 				Tok: makeResource(databaseMod, "SecretBackendConnection"),
@@ -296,6 +287,10 @@ func Provider() tfbridge.ProviderInfo {
 				},
 			},
 
+			// SAML
+			"vault_saml_auth_backend":      {Tok: makeResource(samlMod, "AuthBackend")},
+			"vault_saml_auth_backend_role": {Tok: makeResource(samlMod, "AuthBackendRole")},
+
 			// Identity
 			"vault_identity_entity":       {Tok: makeResource(identityMod, "Entity")},
 			"vault_identity_entity_alias": {Tok: makeResource(identityMod, "EntityAlias")},
@@ -421,22 +416,6 @@ func Provider() tfbridge.ProviderInfo {
 			"vault_pki_secret_backend_sign":       {Tok: makeResource(pkiSecretMod, "SecretBackendSign")},
 			"vault_pki_secret_backend_crl_config": {Tok: makeResource(pkiSecretMod, "SecretBackendCrlConfig")},
 
-			// Token
-			"vault_token_auth_backend_role": {Tok: makeResource(tokenMod, "AuthBackendRole")},
-
-			// SSH
-			"vault_ssh_secret_backend_ca":   {Tok: makeResource(sshMod, "SecretBackendCa")},
-			"vault_ssh_secret_backend_role": {Tok: makeResource(sshMod, "SecretBackendRole")},
-
-			// RabbitMQ
-			"vault_rabbitmq_secret_backend":      {Tok: makeResource(rabbitMqMod, "SecretBackend")},
-			"vault_rabbitmq_secret_backend_role": {Tok: makeResource(rabbitMqMod, "SecretBackendRole")},
-
-			// Terraform Cloud
-			"vault_terraform_cloud_secret_backend": {Tok: makeResource(terraformCloudMod, "SecretBackend")},
-			"vault_terraform_cloud_secret_creds":   {Tok: makeResource(terraformCloudMod, "SecretCreds")},
-			"vault_terraform_cloud_secret_role":    {Tok: makeResource(terraformCloudMod, "SecretRole")},
-
 			// Transform
 			"vault_transform_alphabet": {
 				Tok: makeResource(transformMod, "Alphabet"),
@@ -446,14 +425,9 @@ func Provider() tfbridge.ProviderInfo {
 					},
 				},
 			},
-			"vault_transform_role":           {Tok: makeResource(transformMod, "Role")},
-			"vault_transform_template":       {Tok: makeResource(transformMod, "Template")},
-			"vault_transform_transformation": {Tok: makeResource(transformMod, "Transformation")},
 
 			// Transit
-			"vault_transit_secret_backend_key": {Tok: makeResource(transitMod, "SecretBackendKey")},
 			"vault_transit_secret_cache_config": {
-				Tok: makeResource(transitMod, "SecretCacheConfig"),
 				Docs: &tfbridge.DocInfo{
 					Source: "transit_secret_backend_cache_config.html.md",
 				},
@@ -473,77 +447,34 @@ func Provider() tfbridge.ProviderInfo {
 					Source: "auth_backend.html.md",
 				},
 			},
-			"vault_nomad_access_token": {Tok: makeDataSource(mainMod, "getNomadAccessToken")},
-
-			// AD
-			"vault_ad_access_credentials": {Tok: makeDataSource(adMod, "getAccessCredentials")},
+			"vault_nomad_access_token":   {Tok: makeDataSource(mainMod, "getNomadAccessToken")},
+			"vault_auth_backends":        {Tok: makeDataSource(mainMod, "getAuthBackends")},
+			"vault_raft_autopilot_state": {Tok: makeDataSource(mainMod, "getRaftAutopilotState")},
 
 			// AppRole
 			"vault_approle_auth_backend_role_id": {
-				Tok: makeDataSource(appRoleMod, "getAuthBackendRoleId"),
-				Docs: &tfbridge.DocInfo{
-					Source: "approle_auth_backend_role_id.md",
-				},
+				Docs: &tfbridge.DocInfo{Source: "approle_auth_backend_role_id.md"},
 			},
 
-			// AWS
-			"vault_aws_access_credentials": {Tok: makeDataSource(awsMod, "getAccessCredentials")},
-
-			// Azure
-			"vault_azure_access_credentials": {Tok: makeDataSource(azureMod, "getAccessCredentials")},
-
-			// Generic
-			"vault_generic_secret": {Tok: makeDataSource(genericMod, "getSecret")},
-
-			// GCP
-			"vault_gcp_auth_backend_role": {Tok: makeDataSource(gcpMod, "getAuthBackendRole")},
-
-			// Identity
-			"vault_identity_group":              {Tok: makeDataSource(identityMod, "getGroup")},
-			"vault_identity_entity":             {Tok: makeDataSource(identityMod, "getEntity")},
-			"vault_identity_oidc_client_creds":  {Tok: makeDataSource(identityMod, "getOidcClientCreds")},
-			"vault_identity_oidc_openid_config": {Tok: makeDataSource(identityMod, "getOidcOpenidConfig")},
-			"vault_identity_oidc_public_keys":   {Tok: makeDataSource(identityMod, "getOidcPublicKeys")},
-
 			// Kubernetes
 			"vault_kubernetes_auth_backend_config": {
-				Tok: makeDataSource(kubernetesMod, "getAuthBackendConfig"),
 				Docs: &tfbridge.DocInfo{
 					Source: "kubernetes_auth_backend_config.md",
 				},
 			},
 			"vault_kubernetes_auth_backend_role": {
-				Tok: makeDataSource(kubernetesMod, "getAuthBackendRole"),
 				Docs: &tfbridge.DocInfo{
 					Source: "kubernetes_auth_backend_role.md",
 				},
 			},
 			"vault_kubernetes_service_account_token": {
-				Tok: makeDataSource(kubernetesMod, "getServiceAccountToken"),
-				Docs: &tfbridge.DocInfo{
-					Source: "kubernetes_credentials.html.md",
-				},
+				Docs: &tfbridge.DocInfo{Source: "kubernetes_credentials.html.md"},
 			},
 
 			// KV
-			"vault_kv_secret": {Tok: makeDataSource(kvMod, "getSecret")},
 			"vault_kv_secret_subkeys_v2": {
-				Tok: makeDataSource(kvMod, "getSecretSubkeysV2"),
-				Docs: &tfbridge.DocInfo{
-					Source: "kv_subkeys_v2.html.md",
-				},
+				Docs: &tfbridge.DocInfo{Source: "kv_subkeys_v2.html.md"},
 			},
-			"vault_kv_secret_v2":       {Tok: makeDataSource(kvMod, "getSecretV2")},
-			"vault_kv_secrets_list":    {Tok: makeDataSource(kvMod, "getSecretsList")},
-			"vault_kv_secrets_list_v2": {Tok: makeDataSource(kvMod, "getSecretsListV2")},
-
-			// Transform
-			"vault_transform_encode": {Tok: makeDataSource(transformMod, "getEncode")},
-			"vault_transform_decode": {Tok: makeDataSource(transformMod, "getDecode")},
-
-			// Transit
-			"vault_transit_decrypt": {Tok: makeDataSource(transitMod, "getDecrypt")},
-			"vault_transit_encrypt": {Tok: makeDataSource(transitMod, "getEncrypt")},
 		},
 		JavaScript: &tfbridge.JavaScriptInfo{
 			Dependencies: map[string]string{
@@ -576,7 +507,13 @@ func Provider() tfbridge.ProviderInfo {
 		},
 	}
 
+	prov.MustComputeTokens(tks.MappedModules("vault_", "", moduleMap,
+		func(module, name string) (string, error) {
+			return string(makeResource(module, name)), nil
+		}))
 	prov.SetAutonaming(255, "-")
 
+	prov.MustApplyAutoAliases()
+
 	return prov
 }

sdk/dotnet/AD/SecretBackend.cs

@@ -14,6 +14,7 @@ namespace Pulumi.Vault.AD
     /// 
     /// ```csharp
     /// using System.Collections.Generic;
+    /// using System.Linq;
     /// using Pulumi;
     /// using Vault = Pulumi.Vault;
     /// 

sdk/dotnet/AD/SecretLibrary.cs

@@ -14,6 +14,7 @@ namespace Pulumi.Vault.AD
     /// 
     /// ```csharp
     /// using System.Collections.Generic;
+    /// using System.Linq;
     /// using Pulumi;
     /// using Vault = Pulumi.Vault;
     /// 

sdk/dotnet/AD/SecretRole.cs

@@ -14,6 +14,7 @@ namespace Pulumi.Vault.AD
     /// 
     /// ```csharp
     /// using System.Collections.Generic;
+    /// using System.Linq;
     /// using Pulumi;
     /// using Vault = Pulumi.Vault;
     /// 

sdk/dotnet/AliCloud/AuthBackendRole.cs

@@ -16,6 +16,7 @@ namespace Pulumi.Vault.AliCloud
     /// 
     /// ```csharp
     /// using System.Collections.Generic;
+    /// using System.Linq;
     /// using Pulumi;
     /// using Vault = Pulumi.Vault;
     /// 
@@ -57,6 +58,8 @@ public partial class AuthBackendRole : global::Pulumi.CustomResource
         /// <summary>
         /// Path to the mounted AliCloud auth backend.
         /// Defaults to `alicloud`
+        /// 
+        /// For more details on the usage of each argument consult the [Vault AliCloud API documentation](https://www.vaultproject.io/api-docs/auth/alicloud).
         /// </summary>
         [Output("backend")]
         public Output<string?> Backend { get; private set; } = null!;
@@ -203,6 +206,8 @@ public sealed class AuthBackendRoleArgs : global::Pulumi.ResourceArgs
         /// <summary>
         /// Path to the mounted AliCloud auth backend.
         /// Defaults to `alicloud`
+        /// 
+        /// For more details on the usage of each argument consult the [Vault AliCloud API documentation](https://www.vaultproject.io/api-docs/auth/alicloud).
         /// </summary>
         [Input("backend")]
         public Input<string>? Backend { get; set; }
@@ -323,6 +328,8 @@ public sealed class AuthBackendRoleState : global::Pulumi.ResourceArgs
         /// <summary>
         /// Path to the mounted AliCloud auth backend.
         /// Defaults to `alicloud`
+        /// 
+        /// For more details on the usage of each argument consult the [Vault AliCloud API documentation](https://www.vaultproject.io/api-docs/auth/alicloud).
         /// </summary>
         [Input("backend")]
         public Input<string>? Backend { get; set; }

sdk/dotnet/AppRole/AuthBackendLogin.cs

@@ -18,6 +18,7 @@ namespace Pulumi.Vault.AppRole
     /// 
     /// ```csharp
     /// using System.Collections.Generic;
+    /// using System.Linq;
     /// using Pulumi;
     /// using Vault = Pulumi.Vault;
     ///