pulumi-azuread 5.48.0a1706744699__py3-none-any.whl → 6.8.0a1766208344__py3-none-any.whl

pulumi_azuread/application_certificate.py

@@ -1,12 +1,17 @@
 # coding=utf-8
-# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import copy
+import builtins as _builtins
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 
 __all__ = ['ApplicationCertificateArgs', 'ApplicationCertificate']
@@ -14,43 +19,38 @@ __all__ = ['ApplicationCertificateArgs', 'ApplicationCertificate']
 @pulumi.input_type
 class ApplicationCertificateArgs:
     def __init__(__self__, *,
-                 value: pulumi.Input[str],
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 application_object_id: Optional[pulumi.Input[str]] = None,
-                 encoding: Optional[pulumi.Input[str]] = None,
-                 end_date: Optional[pulumi.Input[str]] = None,
-                 end_date_relative: Optional[pulumi.Input[str]] = None,
-                 key_id: Optional[pulumi.Input[str]] = None,
-                 start_date: Optional[pulumi.Input[str]] = None,
-                 type: Optional[pulumi.Input[str]] = None):
+                 application_id: pulumi.Input[_builtins.str],
+                 value: pulumi.Input[_builtins.str],
+                 encoding: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date_relative: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 start_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a ApplicationCertificate resource.
-        :param pulumi.Input[str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
-        :param pulumi.Input[str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] application_object_id: The object ID of the application for which this certificate should be created
-        :param pulumi.Input[str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
+        :param pulumi.Input[_builtins.str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
+        :param pulumi.Input[_builtins.str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
                
                > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.
-        :param pulumi.Input[str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
                
                > One of `end_date` or `end_date_relative` must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.
-        :param pulumi.Input[str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
         """
+        pulumi.set(__self__, "application_id", application_id)
         pulumi.set(__self__, "value", value)
-        if application_id is not None:
-            pulumi.set(__self__, "application_id", application_id)
-        if application_object_id is not None:
-            warnings.warn("""The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-            pulumi.log.warn("""application_object_id is deprecated: The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        if application_object_id is not None:
-            pulumi.set(__self__, "application_object_id", application_object_id)
         if encoding is not None:
             pulumi.set(__self__, "encoding", encoding)
         if end_date is not None:
             pulumi.set(__self__, "end_date", end_date)
+        if end_date_relative is not None:
+            warnings.warn("""The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""", DeprecationWarning)
+            pulumi.log.warn("""end_date_relative is deprecated: The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""")
         if end_date_relative is not None:
             pulumi.set(__self__, "end_date_relative", end_date_relative)
         if key_id is not None:
@@ -60,48 +60,33 @@ class ApplicationCertificateArgs:
         if type is not None:
             pulumi.set(__self__, "type", type)
 
-    @property
-    @pulumi.getter
-    def value(self) -> pulumi.Input[str]:
-        """
-        The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
-        """
-        return pulumi.get(self, "value")
-
-    @value.setter
-    def value(self, value: pulumi.Input[str]):
-        pulumi.set(self, "value", value)
-
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[str]]:
+    def application_id(self) -> pulumi.Input[_builtins.str]:
         """
         The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "application_id")
 
     @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[str]]):
+    def application_id(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "application_id", value)
 
-    @property
-    @pulumi.getter(name="applicationObjectId")
-    def application_object_id(self) -> Optional[pulumi.Input[str]]:
+    @_builtins.property
+    @pulumi.getter
+    def value(self) -> pulumi.Input[_builtins.str]:
         """
-        The object ID of the application for which this certificate should be created
+        The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
         """
-        warnings.warn("""The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_object_id is deprecated: The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""")
-
-        return pulumi.get(self, "application_object_id")
+        return pulumi.get(self, "value")
 
-    @application_object_id.setter
-    def application_object_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "application_object_id", value)
+    @value.setter
+    def value(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "value", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def encoding(self) -> Optional[pulumi.Input[str]]:
+    def encoding(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
 
@@ -110,24 +95,25 @@ class ApplicationCertificateArgs:
         return pulumi.get(self, "encoding")
 
     @encoding.setter
-    def encoding(self, value: Optional[pulumi.Input[str]]):
+    def encoding(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "encoding", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="endDate")
-    def end_date(self) -> Optional[pulumi.Input[str]]:
+    def end_date(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "end_date")
 
     @end_date.setter
-    def end_date(self, value: Optional[pulumi.Input[str]]):
+    def end_date(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "end_date", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="endDateRelative")
-    def end_date_relative(self) -> Optional[pulumi.Input[str]]:
+    @_utilities.deprecated("""The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""")
+    def end_date_relative(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
 
@@ -136,85 +122,81 @@ class ApplicationCertificateArgs:
         return pulumi.get(self, "end_date_relative")
 
     @end_date_relative.setter
-    def end_date_relative(self, value: Optional[pulumi.Input[str]]):
+    def end_date_relative(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "end_date_relative", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyId")
-    def key_id(self) -> Optional[pulumi.Input[str]]:
+    def key_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "key_id")
 
     @key_id.setter
-    def key_id(self, value: Optional[pulumi.Input[str]]):
+    def key_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "key_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="startDate")
-    def start_date(self) -> Optional[pulumi.Input[str]]:
+    def start_date(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "start_date")
 
     @start_date.setter
-    def start_date(self, value: Optional[pulumi.Input[str]]):
+    def start_date(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "start_date", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
         """
         return pulumi.get(self, "type")
 
     @type.setter
-    def type(self, value: Optional[pulumi.Input[str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
 
 
 @pulumi.input_type
 class _ApplicationCertificateState:
     def __init__(__self__, *,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 application_object_id: Optional[pulumi.Input[str]] = None,
-                 encoding: Optional[pulumi.Input[str]] = None,
-                 end_date: Optional[pulumi.Input[str]] = None,
-                 end_date_relative: Optional[pulumi.Input[str]] = None,
-                 key_id: Optional[pulumi.Input[str]] = None,
-                 start_date: Optional[pulumi.Input[str]] = None,
-                 type: Optional[pulumi.Input[str]] = None,
-                 value: Optional[pulumi.Input[str]] = None):
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 encoding: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date_relative: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 start_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
+                 value: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering ApplicationCertificate resources.
-        :param pulumi.Input[str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] application_object_id: The object ID of the application for which this certificate should be created
-        :param pulumi.Input[str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
+        :param pulumi.Input[_builtins.str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
                
                > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.
-        :param pulumi.Input[str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
                
                > One of `end_date` or `end_date_relative` must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.
-        :param pulumi.Input[str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
-        :param pulumi.Input[str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
+        :param pulumi.Input[_builtins.str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
         """
         if application_id is not None:
             pulumi.set(__self__, "application_id", application_id)
-        if application_object_id is not None:
-            warnings.warn("""The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-            pulumi.log.warn("""application_object_id is deprecated: The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""")
-        if application_object_id is not None:
-            pulumi.set(__self__, "application_object_id", application_object_id)
         if encoding is not None:
             pulumi.set(__self__, "encoding", encoding)
         if end_date is not None:
             pulumi.set(__self__, "end_date", end_date)
+        if end_date_relative is not None:
+            warnings.warn("""The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""", DeprecationWarning)
+            pulumi.log.warn("""end_date_relative is deprecated: The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""")
         if end_date_relative is not None:
             pulumi.set(__self__, "end_date_relative", end_date_relative)
         if key_id is not None:
@@ -226,36 +208,21 @@ class _ApplicationCertificateState:
         if value is not None:
             pulumi.set(__self__, "value", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[str]]:
+    def application_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "application_id")
 
     @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[str]]):
+    def application_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "application_id", value)
 
-    @property
-    @pulumi.getter(name="applicationObjectId")
-    def application_object_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The object ID of the application for which this certificate should be created
-        """
-        warnings.warn("""The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_object_id is deprecated: The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""")
-
-        return pulumi.get(self, "application_object_id")
-
-    @application_object_id.setter
-    def application_object_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "application_object_id", value)
-
-    @property
+    @_builtins.property
     @pulumi.getter
-    def encoding(self) -> Optional[pulumi.Input[str]]:
+    def encoding(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
 
@@ -264,24 +231,25 @@ class _ApplicationCertificateState:
         return pulumi.get(self, "encoding")
 
     @encoding.setter
-    def encoding(self, value: Optional[pulumi.Input[str]]):
+    def encoding(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "encoding", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="endDate")
-    def end_date(self) -> Optional[pulumi.Input[str]]:
+    def end_date(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "end_date")
 
     @end_date.setter
-    def end_date(self, value: Optional[pulumi.Input[str]]):
+    def end_date(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "end_date", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="endDateRelative")
-    def end_date_relative(self) -> Optional[pulumi.Input[str]]:
+    @_utilities.deprecated("""The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""")
+    def end_date_relative(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
 
@@ -290,99 +258,190 @@ class _ApplicationCertificateState:
         return pulumi.get(self, "end_date_relative")
 
     @end_date_relative.setter
-    def end_date_relative(self, value: Optional[pulumi.Input[str]]):
+    def end_date_relative(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "end_date_relative", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyId")
-    def key_id(self) -> Optional[pulumi.Input[str]]:
+    def key_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "key_id")
 
     @key_id.setter
-    def key_id(self, value: Optional[pulumi.Input[str]]):
+    def key_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "key_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="startDate")
-    def start_date(self) -> Optional[pulumi.Input[str]]:
+    def start_date(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "start_date")
 
     @start_date.setter
-    def start_date(self, value: Optional[pulumi.Input[str]]):
+    def start_date(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "start_date", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
         """
         return pulumi.get(self, "type")
 
     @type.setter
-    def type(self, value: Optional[pulumi.Input[str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def value(self) -> Optional[pulumi.Input[str]]:
+    def value(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
         """
         return pulumi.get(self, "value")
 
     @value.setter
-    def value(self, value: Optional[pulumi.Input[str]]):
+    def value(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "value", value)
 
 
+@pulumi.type_token("azuread:index/applicationCertificate:ApplicationCertificate")
 class ApplicationCertificate(pulumi.CustomResource):
     @overload
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 application_object_id: Optional[pulumi.Input[str]] = None,
-                 encoding: Optional[pulumi.Input[str]] = None,
-                 end_date: Optional[pulumi.Input[str]] = None,
-                 end_date_relative: Optional[pulumi.Input[str]] = None,
-                 key_id: Optional[pulumi.Input[str]] = None,
-                 start_date: Optional[pulumi.Input[str]] = None,
-                 type: Optional[pulumi.Input[str]] = None,
-                 value: Optional[pulumi.Input[str]] = None,
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 encoding: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date_relative: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 start_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
+                 value: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
+        ## Example Usage
+
+        *Using a PEM certificate*
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_std as std
+
+        example = azuread.ApplicationRegistration("example", display_name="example")
+        example_application_certificate = azuread.ApplicationCertificate("example",
+            application_id=example.id,
+            type="AsymmetricX509Cert",
+            value=std.file(input="cert.pem").result,
+            end_date="2021-05-01T01:02:03Z")
+        ```
+
+        *Using a DER certificate*
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_std as std
+
+        example = azuread.ApplicationRegistration("example", display_name="example")
+        example_application_certificate = azuread.ApplicationCertificate("example",
+            application_id=example.id,
+            type="AsymmetricX509Cert",
+            encoding="base64",
+            value=std.base64encode(input=std.file(input="cert.der").result).result,
+            end_date="2021-05-01T01:02:03Z")
+        ```
+
+        ### Using a certificate from Azure Key Vault
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_azurerm as azurerm
+
+        example_application = azuread.Application("example", display_name="example")
+        example = azurerm.index.KeyVaultCertificate("example",
+            name=generated-cert,
+            key_vault_id=example_azurerm_key_vault.id,
+            certificate_policy=[{
+                issuerParameters: [{
+                    name: Self,
+                }],
+                keyProperties: [{
+                    exportable: True,
+                    keySize: 2048,
+                    keyType: RSA,
+                    reuseKey: True,
+                }],
+                lifetimeAction: [{
+                    action: [{
+                        actionType: AutoRenew,
+                    }],
+                    trigger: [{
+                        daysBeforeExpiry: 30,
+                    }],
+                }],
+                secretProperties: [{
+                    contentType: application/x-pkcs12,
+                }],
+                x509CertificateProperties: [{
+                    extendedKeyUsage: [1.3.6.1.5.5.7.3.2],
+                    keyUsage: [
+                        dataEncipherment,
+                        digitalSignature,
+                        keyCertSign,
+                        keyEncipherment,
+                    ],
+                    subjectAlternativeNames: [{
+                        dnsNames: [
+                            internal.contoso.com,
+                            domain.hello.world,
+                        ],
+                    }],
+                    subject: fCN={example_application.name},
+                    validityInMonths: 12,
+                }],
+            }])
+        example_application_certificate = azuread.ApplicationCertificate("example",
+            application_id=example_application.id,
+            type="AsymmetricX509Cert",
+            encoding="hex",
+            value=example["certificateData"],
+            end_date=example["certificateAttribute"][0]["expires"],
+            start_date=example["certificateAttribute"][0]["notBefore"])
+        ```
+
         ## Import
 
         Certificates can be imported using the object ID of the associated application and the key ID of the certificate credential, e.g.
 
         ```sh
-         $ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
+        $ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
         ```
 
-         -> This ID format is unique to Terraform and is composed of the application's object ID, the string "certificate" and the certificate's key ID in the format `{ObjectId}/certificate/{CertificateKeyId}`.
+        -> This ID format is unique to Terraform and is composed of the application's object ID, the string "certificate" and the certificate's key ID in the format `{ObjectId}/certificate/{CertificateKeyId}`.
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] application_object_id: The object ID of the application for which this certificate should be created
-        :param pulumi.Input[str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
+        :param pulumi.Input[_builtins.str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
                
                > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.
-        :param pulumi.Input[str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
                
                > One of `end_date` or `end_date_relative` must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.
-        :param pulumi.Input[str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
-        :param pulumi.Input[str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
+        :param pulumi.Input[_builtins.str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
         """
         ...
     @overload
@@ -391,15 +450,107 @@ class ApplicationCertificate(pulumi.CustomResource):
                  args: ApplicationCertificateArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        ## Example Usage
+
+        *Using a PEM certificate*
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_std as std
+
+        example = azuread.ApplicationRegistration("example", display_name="example")
+        example_application_certificate = azuread.ApplicationCertificate("example",
+            application_id=example.id,
+            type="AsymmetricX509Cert",
+            value=std.file(input="cert.pem").result,
+            end_date="2021-05-01T01:02:03Z")
+        ```
+
+        *Using a DER certificate*
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_std as std
+
+        example = azuread.ApplicationRegistration("example", display_name="example")
+        example_application_certificate = azuread.ApplicationCertificate("example",
+            application_id=example.id,
+            type="AsymmetricX509Cert",
+            encoding="base64",
+            value=std.base64encode(input=std.file(input="cert.der").result).result,
+            end_date="2021-05-01T01:02:03Z")
+        ```
+
+        ### Using a certificate from Azure Key Vault
+
+        ```python
+        import pulumi
+        import pulumi_azuread as azuread
+        import pulumi_azurerm as azurerm
+
+        example_application = azuread.Application("example", display_name="example")
+        example = azurerm.index.KeyVaultCertificate("example",
+            name=generated-cert,
+            key_vault_id=example_azurerm_key_vault.id,
+            certificate_policy=[{
+                issuerParameters: [{
+                    name: Self,
+                }],
+                keyProperties: [{
+                    exportable: True,
+                    keySize: 2048,
+                    keyType: RSA,
+                    reuseKey: True,
+                }],
+                lifetimeAction: [{
+                    action: [{
+                        actionType: AutoRenew,
+                    }],
+                    trigger: [{
+                        daysBeforeExpiry: 30,
+                    }],
+                }],
+                secretProperties: [{
+                    contentType: application/x-pkcs12,
+                }],
+                x509CertificateProperties: [{
+                    extendedKeyUsage: [1.3.6.1.5.5.7.3.2],
+                    keyUsage: [
+                        dataEncipherment,
+                        digitalSignature,
+                        keyCertSign,
+                        keyEncipherment,
+                    ],
+                    subjectAlternativeNames: [{
+                        dnsNames: [
+                            internal.contoso.com,
+                            domain.hello.world,
+                        ],
+                    }],
+                    subject: fCN={example_application.name},
+                    validityInMonths: 12,
+                }],
+            }])
+        example_application_certificate = azuread.ApplicationCertificate("example",
+            application_id=example_application.id,
+            type="AsymmetricX509Cert",
+            encoding="hex",
+            value=example["certificateData"],
+            end_date=example["certificateAttribute"][0]["expires"],
+            start_date=example["certificateAttribute"][0]["notBefore"])
+        ```
+
         ## Import
 
         Certificates can be imported using the object ID of the associated application and the key ID of the certificate credential, e.g.
 
         ```sh
-         $ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
+        $ pulumi import azuread:index/applicationCertificate:ApplicationCertificate example 00000000-0000-0000-0000-000000000000/certificate/11111111-1111-1111-1111-111111111111
         ```
 
-         -> This ID format is unique to Terraform and is composed of the application's object ID, the string "certificate" and the certificate's key ID in the format `{ObjectId}/certificate/{CertificateKeyId}`.
+        -> This ID format is unique to Terraform and is composed of the application's object ID, the string "certificate" and the certificate's key ID in the format `{ObjectId}/certificate/{CertificateKeyId}`.
 
         :param str resource_name: The name of the resource.
         :param ApplicationCertificateArgs args: The arguments to use to populate this resource's properties.
@@ -416,15 +567,14 @@ class ApplicationCertificate(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 application_id: Optional[pulumi.Input[str]] = None,
-                 application_object_id: Optional[pulumi.Input[str]] = None,
-                 encoding: Optional[pulumi.Input[str]] = None,
-                 end_date: Optional[pulumi.Input[str]] = None,
-                 end_date_relative: Optional[pulumi.Input[str]] = None,
-                 key_id: Optional[pulumi.Input[str]] = None,
-                 start_date: Optional[pulumi.Input[str]] = None,
-                 type: Optional[pulumi.Input[str]] = None,
-                 value: Optional[pulumi.Input[str]] = None,
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 encoding: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 end_date_relative: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 start_date: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
+                 value: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -434,8 +584,9 @@ class ApplicationCertificate(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = ApplicationCertificateArgs.__new__(ApplicationCertificateArgs)
 
+            if application_id is None and not opts.urn:
+                raise TypeError("Missing required property 'application_id'")
             __props__.__dict__["application_id"] = application_id
-            __props__.__dict__["application_object_id"] = application_object_id
             __props__.__dict__["encoding"] = encoding
             __props__.__dict__["end_date"] = end_date
             __props__.__dict__["end_date_relative"] = end_date_relative
@@ -457,15 +608,14 @@ class ApplicationCertificate(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            application_id: Optional[pulumi.Input[str]] = None,
-            application_object_id: Optional[pulumi.Input[str]] = None,
-            encoding: Optional[pulumi.Input[str]] = None,
-            end_date: Optional[pulumi.Input[str]] = None,
-            end_date_relative: Optional[pulumi.Input[str]] = None,
-            key_id: Optional[pulumi.Input[str]] = None,
-            start_date: Optional[pulumi.Input[str]] = None,
-            type: Optional[pulumi.Input[str]] = None,
-            value: Optional[pulumi.Input[str]] = None) -> 'ApplicationCertificate':
+            application_id: Optional[pulumi.Input[_builtins.str]] = None,
+            encoding: Optional[pulumi.Input[_builtins.str]] = None,
+            end_date: Optional[pulumi.Input[_builtins.str]] = None,
+            end_date_relative: Optional[pulumi.Input[_builtins.str]] = None,
+            key_id: Optional[pulumi.Input[_builtins.str]] = None,
+            start_date: Optional[pulumi.Input[_builtins.str]] = None,
+            type: Optional[pulumi.Input[_builtins.str]] = None,
+            value: Optional[pulumi.Input[_builtins.str]] = None) -> 'ApplicationCertificate':
         """
         Get an existing ApplicationCertificate resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -473,26 +623,24 @@ class ApplicationCertificate(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] application_object_id: The object ID of the application for which this certificate should be created
-        :param pulumi.Input[str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
+        :param pulumi.Input[_builtins.str] application_id: The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] encoding: Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
                
                > **Tip for Azure Key Vault** The `hex` encoding option is useful for consuming certificate data from the azurerm_key_vault_certificate resource.
-        :param pulumi.Input[str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date: The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] end_date_relative: A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
                
                > One of `end_date` or `end_date_relative` must be specified. The maximum allowed duration is determined by Azure AD and is typically around 2 years from the creation date.
-        :param pulumi.Input[str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
-        :param pulumi.Input[str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
-        :param pulumi.Input[str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
+        :param pulumi.Input[_builtins.str] key_id: A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] start_date: The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] type: The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
+        :param pulumi.Input[_builtins.str] value: The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
         __props__ = _ApplicationCertificateState.__new__(_ApplicationCertificateState)
 
         __props__.__dict__["application_id"] = application_id
-        __props__.__dict__["application_object_id"] = application_object_id
         __props__.__dict__["encoding"] = encoding
         __props__.__dict__["end_date"] = end_date
         __props__.__dict__["end_date_relative"] = end_date_relative
@@ -502,28 +650,17 @@ class ApplicationCertificate(pulumi.CustomResource):
         __props__.__dict__["value"] = value
         return ApplicationCertificate(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationId")
-    def application_id(self) -> pulumi.Output[str]:
+    def application_id(self) -> pulumi.Output[_builtins.str]:
         """
         The resource ID of the application for which this certificate should be created. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "application_id")
 
-    @property
-    @pulumi.getter(name="applicationObjectId")
-    def application_object_id(self) -> pulumi.Output[str]:
-        """
-        The object ID of the application for which this certificate should be created
-        """
-        warnings.warn("""The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""", DeprecationWarning)
-        pulumi.log.warn("""application_object_id is deprecated: The `application_object_id` property has been replaced with the `application_id` property and will be removed in version 3.0 of the AzureAD provider""")
-
-        return pulumi.get(self, "application_object_id")
-
-    @property
+    @_builtins.property
     @pulumi.getter
-    def encoding(self) -> pulumi.Output[Optional[str]]:
+    def encoding(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         Specifies the encoding used for the supplied certificate data. Must be one of `pem`, `base64` or `hex`. Defaults to `pem`.
 
@@ -531,17 +668,18 @@ class ApplicationCertificate(pulumi.CustomResource):
         """
         return pulumi.get(self, "encoding")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="endDate")
-    def end_date(self) -> pulumi.Output[str]:
+    def end_date(self) -> pulumi.Output[_builtins.str]:
         """
         The end date until which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If omitted, the API will decide a suitable expiry date, which is typically around 2 years from the start date. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "end_date")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="endDateRelative")
-    def end_date_relative(self) -> pulumi.Output[Optional[str]]:
+    @_utilities.deprecated("""The `end_date_relative` property is deprecated and will be removed in a future version of the AzureAD provider. Please instead use the Terraform `timeadd()` function to calculate a value for the `end_date` property.""")
+    def end_date_relative(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         A relative duration for which the certificate is valid until, for example `240h` (10 days) or `2400h30m`. Changing this field forces a new resource to be created.
 
@@ -549,33 +687,33 @@ class ApplicationCertificate(pulumi.CustomResource):
         """
         return pulumi.get(self, "end_date_relative")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="keyId")
-    def key_id(self) -> pulumi.Output[str]:
+    def key_id(self) -> pulumi.Output[_builtins.str]:
         """
         A UUID used to uniquely identify this certificate. If omitted, a random UUID will be automatically generated. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "key_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="startDate")
-    def start_date(self) -> pulumi.Output[str]:
+    def start_date(self) -> pulumi.Output[_builtins.str]:
         """
         The start date from which the certificate is valid, formatted as an RFC3339 date string (e.g. `2018-01-01T01:02:03Z`). If this isn't specified, the value is determined by Azure Active Directory and is usually the start date of the certificate for asymmetric keys, or the current timestamp for symmetric keys. Changing this field forces a new resource to be created.
         """
         return pulumi.get(self, "start_date")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> pulumi.Output[Optional[str]]:
+    def type(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The type of key/certificate. Must be one of `AsymmetricX509Cert` or `Symmetric`. Changing this fields forces a new resource to be created.
         """
         return pulumi.get(self, "type")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def value(self) -> pulumi.Output[str]:
+    def value(self) -> pulumi.Output[_builtins.str]:
         """
         The certificate data, which can be PEM encoded, base64 encoded DER or hexadecimal encoded DER. See also the `encoding` argument.
         """