pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0__py3-none-any.whl

pulumi_vault/_utilities.py

@@ -4,6 +4,7 @@
 
 
 import asyncio
+import functools
 import importlib.metadata
 import importlib.util
 import inspect
@@ -11,14 +12,19 @@ import json
 import os
 import sys
 import typing
+import warnings
+import base64
 
 import pulumi
 import pulumi.runtime
 from pulumi.runtime.sync_await import _sync_await
+from pulumi.runtime.proto import resource_pb2
 
 from semver import VersionInfo as SemverVersion
 from parver import Version as PEP440Version
 
+C = typing.TypeVar("C", bound=typing.Callable)
+
 
 def get_env(*args):
     for v in args:
@@ -96,10 +102,6 @@ def _get_semver_version():
 _version = _get_semver_version()
 _version_str = str(_version)
 
-
-def get_version():
-    return _version_str
-
 def get_resource_opts_defaults() -> pulumi.ResourceOptions:
     return pulumi.ResourceOptions(
         version=get_version(),
@@ -262,7 +264,7 @@ def call_plain(
     output = pulumi.runtime.call(tok, props, res, typ)
 
     # Ingoring deps silently. They are typically non-empty, r.f() calls include r as a dependency.
-    result, known, secret, _ = _sync_await(asyncio.ensure_future(_await_output(output)))
+    result, known, secret, _ = _sync_await(asyncio.create_task(_await_output(output)))
 
     problem = None
     if not known:
@@ -287,5 +289,39 @@ async def _await_output(o: pulumi.Output[typing.Any]) -> typing.Tuple[object, bo
         await o._resources,
     )
 
+
+# This is included to provide an upgrade path for users who are using a version
+# of the Pulumi SDK (<3.121.0) that does not include the `deprecated` decorator.
+def deprecated(message: str) -> typing.Callable[[C], C]:
+    """
+    Decorator to indicate a function is deprecated.
+
+    As well as inserting appropriate statements to indicate that the function is
+    deprecated, this decorator also tags the function with a special attribute
+    so that Pulumi code can detect that it is deprecated and react appropriately
+    in certain situations.
+
+    message is the deprecation message that should be printed if the function is called.
+    """
+
+    def decorator(fn: C) -> C:
+        if not callable(fn):
+            raise TypeError("Expected fn to be callable")
+
+        @functools.wraps(fn)
+        def deprecated_fn(*args, **kwargs):
+            warnings.warn(message)
+            pulumi.warn(f"{fn.__name__} is deprecated: {message}")
+
+            return fn(*args, **kwargs)
+
+        deprecated_fn.__dict__["_pulumi_deprecated_callable"] = fn
+        return typing.cast(C, deprecated_fn)
+
+    return decorator
+
 def get_plugin_download_url():
 	return None
+
+def get_version():
+     return _version_str

pulumi_vault/ad/get_access_credentials.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = [
@@ -112,13 +117,14 @@ def get_access_credentials(backend: Optional[str] = None,
                            role: Optional[str] = None,
                            opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetAccessCredentialsResult:
     """
-    Use this data source to access information about an existing resource.
+    ## Example Usage
+
 
     :param str backend: The path to the AD secret backend to
            read credentials from, with no leading or trailing `/`s.
     :param str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
-           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
            *Available only for Vault Enterprise*.
     :param str role: The name of the AD secret backend role to read
            credentials from, with no leading or trailing `/`s.
@@ -138,23 +144,34 @@ def get_access_credentials(backend: Optional[str] = None,
         namespace=pulumi.get(__ret__, 'namespace'),
         role=pulumi.get(__ret__, 'role'),
         username=pulumi.get(__ret__, 'username'))
-
-
-@_utilities.lift_output_func(get_access_credentials)
 def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
                                   namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                   role: Optional[pulumi.Input[str]] = None,
-                                  opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAccessCredentialsResult]:
+                                  opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetAccessCredentialsResult]:
     """
-    Use this data source to access information about an existing resource.
+    ## Example Usage
+
 
     :param str backend: The path to the AD secret backend to
            read credentials from, with no leading or trailing `/`s.
     :param str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
-           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
            *Available only for Vault Enterprise*.
     :param str role: The name of the AD secret backend role to read
            credentials from, with no leading or trailing `/`s.
     """
-    ...
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    __args__['role'] = role
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:ad/getAccessCredentials:getAccessCredentials', __args__, opts=opts, typ=GetAccessCredentialsResult)
+    return __ret__.apply(lambda __response__: GetAccessCredentialsResult(
+        backend=pulumi.get(__response__, 'backend'),
+        current_password=pulumi.get(__response__, 'current_password'),
+        id=pulumi.get(__response__, 'id'),
+        last_password=pulumi.get(__response__, 'last_password'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        role=pulumi.get(__response__, 'role'),
+        username=pulumi.get(__response__, 'username')))

pulumi_vault/ad/secret_backend.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendArgs', 'SecretBackend']
@@ -27,13 +32,11 @@ class SecretBackendArgs:
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  discoverdn: Optional[pulumi.Input[bool]] = None,
-                 formatter: Optional[pulumi.Input[str]] = None,
                  groupattr: Optional[pulumi.Input[str]] = None,
                  groupdn: Optional[pulumi.Input[str]] = None,
                  groupfilter: Optional[pulumi.Input[str]] = None,
                  insecure_tls: Optional[pulumi.Input[bool]] = None,
                  last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 length: Optional[pulumi.Input[int]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  max_ttl: Optional[pulumi.Input[int]] = None,
@@ -71,7 +74,6 @@ class SecretBackendArgs:
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] formatter: **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
         :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
         :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
@@ -81,15 +83,13 @@ class SecretBackendArgs:
                Defaults to `false`.
         :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-               *Mutually exclusive with `password_policy` on vault-1.11+*
         :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
         :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
         :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
@@ -138,11 +138,6 @@ class SecretBackendArgs:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if discoverdn is not None:
             pulumi.set(__self__, "discoverdn", discoverdn)
-        if formatter is not None:
-            warnings.warn("""Formatter is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-            pulumi.log.warn("""formatter is deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.""")
-        if formatter is not None:
-            pulumi.set(__self__, "formatter", formatter)
         if groupattr is not None:
             pulumi.set(__self__, "groupattr", groupattr)
         if groupdn is not None:
@@ -153,11 +148,6 @@ class SecretBackendArgs:
             pulumi.set(__self__, "insecure_tls", insecure_tls)
         if last_rotation_tolerance is not None:
             pulumi.set(__self__, "last_rotation_tolerance", last_rotation_tolerance)
-        if length is not None:
-            warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-            pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
-        if length is not None:
-            pulumi.set(__self__, "length", length)
         if local is not None:
             pulumi.set(__self__, "local", local)
         if max_lease_ttl_seconds is not None:
@@ -353,21 +343,6 @@ class SecretBackendArgs:
     def discoverdn(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "discoverdn", value)
 
-    @property
-    @pulumi.getter
-    def formatter(self) -> Optional[pulumi.Input[str]]:
-        """
-        **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
-        """
-        warnings.warn("""Formatter is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-        pulumi.log.warn("""formatter is deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.""")
-
-        return pulumi.get(self, "formatter")
-
-    @formatter.setter
-    def formatter(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "formatter", value)
-
     @property
     @pulumi.getter
     def groupattr(self) -> Optional[pulumi.Input[str]]:
@@ -432,22 +407,6 @@ class SecretBackendArgs:
     def last_rotation_tolerance(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "last_rotation_tolerance", value)
 
-    @property
-    @pulumi.getter
-    def length(self) -> Optional[pulumi.Input[int]]:
-        """
-        **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-        *Mutually exclusive with `password_policy` on vault-1.11+*
-        """
-        warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-        pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
-
-        return pulumi.get(self, "length")
-
-    @length.setter
-    def length(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "length", value)
-
     @property
     @pulumi.getter
     def local(self) -> Optional[pulumi.Input[bool]]:
@@ -491,7 +450,7 @@ class SecretBackendArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -671,13 +630,11 @@ class _SecretBackendState:
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  discoverdn: Optional[pulumi.Input[bool]] = None,
-                 formatter: Optional[pulumi.Input[str]] = None,
                  groupattr: Optional[pulumi.Input[str]] = None,
                  groupdn: Optional[pulumi.Input[str]] = None,
                  groupfilter: Optional[pulumi.Input[str]] = None,
                  insecure_tls: Optional[pulumi.Input[bool]] = None,
                  last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 length: Optional[pulumi.Input[int]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  max_ttl: Optional[pulumi.Input[int]] = None,
@@ -715,7 +672,6 @@ class _SecretBackendState:
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] formatter: **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
         :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
         :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
@@ -725,15 +681,13 @@ class _SecretBackendState:
                Defaults to `false`.
         :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-               *Mutually exclusive with `password_policy` on vault-1.11+*
         :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
         :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
         :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
@@ -784,11 +738,6 @@ class _SecretBackendState:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if discoverdn is not None:
             pulumi.set(__self__, "discoverdn", discoverdn)
-        if formatter is not None:
-            warnings.warn("""Formatter is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-            pulumi.log.warn("""formatter is deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.""")
-        if formatter is not None:
-            pulumi.set(__self__, "formatter", formatter)
         if groupattr is not None:
             pulumi.set(__self__, "groupattr", groupattr)
         if groupdn is not None:
@@ -799,11 +748,6 @@ class _SecretBackendState:
             pulumi.set(__self__, "insecure_tls", insecure_tls)
         if last_rotation_tolerance is not None:
             pulumi.set(__self__, "last_rotation_tolerance", last_rotation_tolerance)
-        if length is not None:
-            warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-            pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
-        if length is not None:
-            pulumi.set(__self__, "length", length)
         if local is not None:
             pulumi.set(__self__, "local", local)
         if max_lease_ttl_seconds is not None:
@@ -999,21 +943,6 @@ class _SecretBackendState:
     def discoverdn(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "discoverdn", value)
 
-    @property
-    @pulumi.getter
-    def formatter(self) -> Optional[pulumi.Input[str]]:
-        """
-        **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
-        """
-        warnings.warn("""Formatter is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-        pulumi.log.warn("""formatter is deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.""")
-
-        return pulumi.get(self, "formatter")
-
-    @formatter.setter
-    def formatter(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "formatter", value)
-
     @property
     @pulumi.getter
     def groupattr(self) -> Optional[pulumi.Input[str]]:
@@ -1078,22 +1007,6 @@ class _SecretBackendState:
     def last_rotation_tolerance(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "last_rotation_tolerance", value)
 
-    @property
-    @pulumi.getter
-    def length(self) -> Optional[pulumi.Input[int]]:
-        """
-        **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-        *Mutually exclusive with `password_policy` on vault-1.11+*
-        """
-        warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-        pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
-
-        return pulumi.get(self, "length")
-
-    @length.setter
-    def length(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "length", value)
-
     @property
     @pulumi.getter
     def local(self) -> Optional[pulumi.Input[bool]]:
@@ -1137,7 +1050,7 @@ class _SecretBackendState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -1319,13 +1232,11 @@ class SecretBackend(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  discoverdn: Optional[pulumi.Input[bool]] = None,
-                 formatter: Optional[pulumi.Input[str]] = None,
                  groupattr: Optional[pulumi.Input[str]] = None,
                  groupdn: Optional[pulumi.Input[str]] = None,
                  groupfilter: Optional[pulumi.Input[str]] = None,
                  insecure_tls: Optional[pulumi.Input[bool]] = None,
                  last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 length: Optional[pulumi.Input[int]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  max_ttl: Optional[pulumi.Input[int]] = None,
@@ -1354,8 +1265,8 @@ class SecretBackend(pulumi.CustomResource):
             backend="ad",
             binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
             bindpass="SuperSecretPassw0rd",
-            insecure_tls=True,
             url="ldaps://ad",
+            insecure_tls=True,
             userdn="CN=Users,DC=corp,DC=example,DC=net")
         ```
 
@@ -1364,7 +1275,7 @@ class SecretBackend(pulumi.CustomResource):
         AD secret backend can be imported using the `backend`, e.g.
 
         ```sh
-         $ pulumi import vault:ad/secretBackend:SecretBackend ad ad
+        $ pulumi import vault:ad/secretBackend:SecretBackend ad ad
         ```
 
         :param str resource_name: The name of the resource.
@@ -1388,7 +1299,6 @@ class SecretBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] formatter: **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
         :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
         :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
@@ -1398,15 +1308,13 @@ class SecretBackend(pulumi.CustomResource):
                Defaults to `false`.
         :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-               *Mutually exclusive with `password_policy` on vault-1.11+*
         :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
         :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
         :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
@@ -1448,8 +1356,8 @@ class SecretBackend(pulumi.CustomResource):
             backend="ad",
             binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
             bindpass="SuperSecretPassw0rd",
-            insecure_tls=True,
             url="ldaps://ad",
+            insecure_tls=True,
             userdn="CN=Users,DC=corp,DC=example,DC=net")
         ```
 
@@ -1458,7 +1366,7 @@ class SecretBackend(pulumi.CustomResource):
         AD secret backend can be imported using the `backend`, e.g.
 
         ```sh
-         $ pulumi import vault:ad/secretBackend:SecretBackend ad ad
+        $ pulumi import vault:ad/secretBackend:SecretBackend ad ad
         ```
 
         :param str resource_name: The name of the resource.
@@ -1489,13 +1397,11 @@ class SecretBackend(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  discoverdn: Optional[pulumi.Input[bool]] = None,
-                 formatter: Optional[pulumi.Input[str]] = None,
                  groupattr: Optional[pulumi.Input[str]] = None,
                  groupdn: Optional[pulumi.Input[str]] = None,
                  groupfilter: Optional[pulumi.Input[str]] = None,
                  insecure_tls: Optional[pulumi.Input[bool]] = None,
                  last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 length: Optional[pulumi.Input[int]] = None,
                  local: Optional[pulumi.Input[bool]] = None,
                  max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  max_ttl: Optional[pulumi.Input[int]] = None,
@@ -1538,13 +1444,11 @@ class SecretBackend(pulumi.CustomResource):
             __props__.__dict__["description"] = description
             __props__.__dict__["disable_remount"] = disable_remount
             __props__.__dict__["discoverdn"] = discoverdn
-            __props__.__dict__["formatter"] = formatter
             __props__.__dict__["groupattr"] = groupattr
             __props__.__dict__["groupdn"] = groupdn
             __props__.__dict__["groupfilter"] = groupfilter
             __props__.__dict__["insecure_tls"] = insecure_tls
             __props__.__dict__["last_rotation_tolerance"] = last_rotation_tolerance
-            __props__.__dict__["length"] = length
             __props__.__dict__["local"] = local
             __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
             __props__.__dict__["max_ttl"] = max_ttl
@@ -1586,13 +1490,11 @@ class SecretBackend(pulumi.CustomResource):
             description: Optional[pulumi.Input[str]] = None,
             disable_remount: Optional[pulumi.Input[bool]] = None,
             discoverdn: Optional[pulumi.Input[bool]] = None,
-            formatter: Optional[pulumi.Input[str]] = None,
             groupattr: Optional[pulumi.Input[str]] = None,
             groupdn: Optional[pulumi.Input[str]] = None,
             groupfilter: Optional[pulumi.Input[str]] = None,
             insecure_tls: Optional[pulumi.Input[bool]] = None,
             last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-            length: Optional[pulumi.Input[int]] = None,
             local: Optional[pulumi.Input[bool]] = None,
             max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
             max_ttl: Optional[pulumi.Input[int]] = None,
@@ -1635,7 +1537,6 @@ class SecretBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] formatter: **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
         :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
         :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
@@ -1645,15 +1546,13 @@ class SecretBackend(pulumi.CustomResource):
                Defaults to `false`.
         :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[int] length: **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-               *Mutually exclusive with `password_policy` on vault-1.11+*
         :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
         :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
         :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
         :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
@@ -1695,13 +1594,11 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["description"] = description
         __props__.__dict__["disable_remount"] = disable_remount
         __props__.__dict__["discoverdn"] = discoverdn
-        __props__.__dict__["formatter"] = formatter
         __props__.__dict__["groupattr"] = groupattr
         __props__.__dict__["groupdn"] = groupdn
         __props__.__dict__["groupfilter"] = groupfilter
         __props__.__dict__["insecure_tls"] = insecure_tls
         __props__.__dict__["last_rotation_tolerance"] = last_rotation_tolerance
-        __props__.__dict__["length"] = length
         __props__.__dict__["local"] = local
         __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
         __props__.__dict__["max_ttl"] = max_ttl
@@ -1830,17 +1727,6 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "discoverdn")
 
-    @property
-    @pulumi.getter
-    def formatter(self) -> pulumi.Output[str]:
-        """
-        **Deprecated** use `password_policy`. Text to insert the password into, ex. "customPrefix{{PASSWORD}}customSuffix".
-        """
-        warnings.warn("""Formatter is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-        pulumi.log.warn("""formatter is deprecated: Formatter is deprecated and password_policy should be used with Vault >= 1.5.""")
-
-        return pulumi.get(self, "formatter")
-
     @property
     @pulumi.getter
     def groupattr(self) -> pulumi.Output[Optional[str]]:
@@ -1885,18 +1771,6 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "last_rotation_tolerance")
 
-    @property
-    @pulumi.getter
-    def length(self) -> pulumi.Output[int]:
-        """
-        **Deprecated** use `password_policy`. The desired length of passwords that Vault generates.
-        *Mutually exclusive with `password_policy` on vault-1.11+*
-        """
-        warnings.warn("""Length is deprecated and password_policy should be used with Vault >= 1.5.""", DeprecationWarning)
-        pulumi.log.warn("""length is deprecated: Length is deprecated and password_policy should be used with Vault >= 1.5.""")
-
-        return pulumi.get(self, "length")
-
     @property
     @pulumi.getter
     def local(self) -> pulumi.Output[Optional[bool]]:
@@ -1928,7 +1802,7 @@ class SecretBackend(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")