pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendArgs', 'AuthBackend']
@@ -21,6 +26,7 @@ class AuthBackendArgs:
21
26
  certificate: Optional[pulumi.Input[str]] = None,
22
27
  client_tls_cert: Optional[pulumi.Input[str]] = None,
23
28
  client_tls_key: Optional[pulumi.Input[str]] = None,
29
+ connection_timeout: Optional[pulumi.Input[int]] = None,
24
30
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
25
31
  description: Optional[pulumi.Input[str]] = None,
26
32
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -58,6 +64,7 @@ class AuthBackendArgs:
58
64
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
59
65
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
60
66
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
67
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
61
68
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
62
69
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
63
70
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -72,33 +79,20 @@ class AuthBackendArgs:
72
79
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
73
80
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
74
81
  The value should not contain leading or trailing forward slashes.
75
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
82
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
76
83
  *Available only for Vault Enterprise*.
77
84
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
78
85
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
79
86
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
80
87
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
81
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
82
- addresses which can authenticate successfully, and ties the resulting token to these blocks
83
- as well.
84
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
85
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
86
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
87
- `token_max_ttl` would otherwise allow a renewal.
88
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
89
- Its current value will be referenced at renewal time.
90
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
91
- generated tokens; otherwise it will be added to the policies set in token_policies.
92
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
93
- of times a generated token may be used (within its lifetime); 0 means unlimited.
94
- :param pulumi.Input[int] token_period: If set, indicates that the
95
- token generated using this role should never expire. The token should be renewed within the
96
- duration specified by this value. At each renewal, the token's TTL will be set to the
97
- value of this field. Specified in seconds.
98
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
99
- on the auth method, this list may be supplemented by user/group/other values.
100
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
101
- Its current value will be referenced at renewal time.
88
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
89
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
90
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
91
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
92
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
93
+ :param pulumi.Input[int] token_period: Generated Token's Period
94
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
95
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
102
96
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
103
97
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
104
98
  :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
@@ -120,6 +114,8 @@ class AuthBackendArgs:
120
114
  pulumi.set(__self__, "client_tls_cert", client_tls_cert)
121
115
  if client_tls_key is not None:
122
116
  pulumi.set(__self__, "client_tls_key", client_tls_key)
117
+ if connection_timeout is not None:
118
+ pulumi.set(__self__, "connection_timeout", connection_timeout)
123
119
  if deny_null_bind is not None:
124
120
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
125
121
  if description is not None:
@@ -259,6 +255,18 @@ class AuthBackendArgs:
259
255
  def client_tls_key(self, value: Optional[pulumi.Input[str]]):
260
256
  pulumi.set(self, "client_tls_key", value)
261
257
 
258
+ @property
259
+ @pulumi.getter(name="connectionTimeout")
260
+ def connection_timeout(self) -> Optional[pulumi.Input[int]]:
261
+ """
262
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
263
+ """
264
+ return pulumi.get(self, "connection_timeout")
265
+
266
+ @connection_timeout.setter
267
+ def connection_timeout(self, value: Optional[pulumi.Input[int]]):
268
+ pulumi.set(self, "connection_timeout", value)
269
+
262
270
  @property
263
271
  @pulumi.getter(name="denyNullBind")
264
272
  def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
@@ -387,7 +395,7 @@ class AuthBackendArgs:
387
395
  """
388
396
  The namespace to provision the resource in.
389
397
  The value should not contain leading or trailing forward slashes.
390
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
398
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
391
399
  *Available only for Vault Enterprise*.
392
400
  """
393
401
  return pulumi.get(self, "namespace")
@@ -448,9 +456,7 @@ class AuthBackendArgs:
448
456
  @pulumi.getter(name="tokenBoundCidrs")
449
457
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
450
458
  """
451
- List of CIDR blocks; if set, specifies blocks of IP
452
- addresses which can authenticate successfully, and ties the resulting token to these blocks
453
- as well.
459
+ Specifies the blocks of IP addresses which are allowed to use the generated token
454
460
  """
455
461
  return pulumi.get(self, "token_bound_cidrs")
456
462
 
@@ -462,10 +468,7 @@ class AuthBackendArgs:
462
468
  @pulumi.getter(name="tokenExplicitMaxTtl")
463
469
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
464
470
  """
465
- If set, will encode an
466
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
467
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
468
- `token_max_ttl` would otherwise allow a renewal.
471
+ Generated Token's Explicit Maximum TTL in seconds
469
472
  """
470
473
  return pulumi.get(self, "token_explicit_max_ttl")
471
474
 
@@ -477,8 +480,7 @@ class AuthBackendArgs:
477
480
  @pulumi.getter(name="tokenMaxTtl")
478
481
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
479
482
  """
480
- The maximum lifetime for generated tokens in number of seconds.
481
- Its current value will be referenced at renewal time.
483
+ The maximum lifetime of the generated token
482
484
  """
483
485
  return pulumi.get(self, "token_max_ttl")
484
486
 
@@ -490,8 +492,7 @@ class AuthBackendArgs:
490
492
  @pulumi.getter(name="tokenNoDefaultPolicy")
491
493
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
492
494
  """
493
- If set, the default policy will not be set on
494
- generated tokens; otherwise it will be added to the policies set in token_policies.
495
+ If true, the 'default' policy will not automatically be added to generated tokens
495
496
  """
496
497
  return pulumi.get(self, "token_no_default_policy")
497
498
 
@@ -503,8 +504,7 @@ class AuthBackendArgs:
503
504
  @pulumi.getter(name="tokenNumUses")
504
505
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
505
506
  """
506
- The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
507
- of times a generated token may be used (within its lifetime); 0 means unlimited.
507
+ The maximum number of times a token may be used, a value of zero means unlimited
508
508
  """
509
509
  return pulumi.get(self, "token_num_uses")
510
510
 
@@ -516,10 +516,7 @@ class AuthBackendArgs:
516
516
  @pulumi.getter(name="tokenPeriod")
517
517
  def token_period(self) -> Optional[pulumi.Input[int]]:
518
518
  """
519
- If set, indicates that the
520
- token generated using this role should never expire. The token should be renewed within the
521
- duration specified by this value. At each renewal, the token's TTL will be set to the
522
- value of this field. Specified in seconds.
519
+ Generated Token's Period
523
520
  """
524
521
  return pulumi.get(self, "token_period")
525
522
 
@@ -531,8 +528,7 @@ class AuthBackendArgs:
531
528
  @pulumi.getter(name="tokenPolicies")
532
529
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
533
530
  """
534
- List of policies to encode onto generated tokens. Depending
535
- on the auth method, this list may be supplemented by user/group/other values.
531
+ Generated Token's Policies
536
532
  """
537
533
  return pulumi.get(self, "token_policies")
538
534
 
@@ -544,8 +540,7 @@ class AuthBackendArgs:
544
540
  @pulumi.getter(name="tokenTtl")
545
541
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
546
542
  """
547
- The incremental lifetime for generated tokens in number of seconds.
548
- Its current value will be referenced at renewal time.
543
+ The initial ttl of the token to generate in seconds
549
544
  """
550
545
  return pulumi.get(self, "token_ttl")
551
546
 
@@ -648,6 +643,7 @@ class _AuthBackendState:
648
643
  certificate: Optional[pulumi.Input[str]] = None,
649
644
  client_tls_cert: Optional[pulumi.Input[str]] = None,
650
645
  client_tls_key: Optional[pulumi.Input[str]] = None,
646
+ connection_timeout: Optional[pulumi.Input[int]] = None,
651
647
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
652
648
  description: Optional[pulumi.Input[str]] = None,
653
649
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -686,6 +682,7 @@ class _AuthBackendState:
686
682
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
687
683
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
688
684
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
685
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
689
686
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
690
687
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
691
688
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -700,33 +697,20 @@ class _AuthBackendState:
700
697
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
701
698
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
702
699
  The value should not contain leading or trailing forward slashes.
703
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
700
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
704
701
  *Available only for Vault Enterprise*.
705
702
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
706
703
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
707
704
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
708
705
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
709
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
710
- addresses which can authenticate successfully, and ties the resulting token to these blocks
711
- as well.
712
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
713
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
714
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
715
- `token_max_ttl` would otherwise allow a renewal.
716
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
717
- Its current value will be referenced at renewal time.
718
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
719
- generated tokens; otherwise it will be added to the policies set in token_policies.
720
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
721
- of times a generated token may be used (within its lifetime); 0 means unlimited.
722
- :param pulumi.Input[int] token_period: If set, indicates that the
723
- token generated using this role should never expire. The token should be renewed within the
724
- duration specified by this value. At each renewal, the token's TTL will be set to the
725
- value of this field. Specified in seconds.
726
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
727
- on the auth method, this list may be supplemented by user/group/other values.
728
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
729
- Its current value will be referenced at renewal time.
706
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
707
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
708
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
709
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
710
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
711
+ :param pulumi.Input[int] token_period: Generated Token's Period
712
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
713
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
730
714
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
731
715
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
732
716
  :param pulumi.Input[str] url: The URL of the LDAP server
@@ -750,6 +734,8 @@ class _AuthBackendState:
750
734
  pulumi.set(__self__, "client_tls_cert", client_tls_cert)
751
735
  if client_tls_key is not None:
752
736
  pulumi.set(__self__, "client_tls_key", client_tls_key)
737
+ if connection_timeout is not None:
738
+ pulumi.set(__self__, "connection_timeout", connection_timeout)
753
739
  if deny_null_bind is not None:
754
740
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
755
741
  if description is not None:
@@ -891,6 +877,18 @@ class _AuthBackendState:
891
877
  def client_tls_key(self, value: Optional[pulumi.Input[str]]):
892
878
  pulumi.set(self, "client_tls_key", value)
893
879
 
880
+ @property
881
+ @pulumi.getter(name="connectionTimeout")
882
+ def connection_timeout(self) -> Optional[pulumi.Input[int]]:
883
+ """
884
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
885
+ """
886
+ return pulumi.get(self, "connection_timeout")
887
+
888
+ @connection_timeout.setter
889
+ def connection_timeout(self, value: Optional[pulumi.Input[int]]):
890
+ pulumi.set(self, "connection_timeout", value)
891
+
894
892
  @property
895
893
  @pulumi.getter(name="denyNullBind")
896
894
  def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
@@ -1019,7 +1017,7 @@ class _AuthBackendState:
1019
1017
  """
1020
1018
  The namespace to provision the resource in.
1021
1019
  The value should not contain leading or trailing forward slashes.
1022
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1020
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1023
1021
  *Available only for Vault Enterprise*.
1024
1022
  """
1025
1023
  return pulumi.get(self, "namespace")
@@ -1080,9 +1078,7 @@ class _AuthBackendState:
1080
1078
  @pulumi.getter(name="tokenBoundCidrs")
1081
1079
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1082
1080
  """
1083
- List of CIDR blocks; if set, specifies blocks of IP
1084
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1085
- as well.
1081
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1086
1082
  """
1087
1083
  return pulumi.get(self, "token_bound_cidrs")
1088
1084
 
@@ -1094,10 +1090,7 @@ class _AuthBackendState:
1094
1090
  @pulumi.getter(name="tokenExplicitMaxTtl")
1095
1091
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
1096
1092
  """
1097
- If set, will encode an
1098
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1099
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1100
- `token_max_ttl` would otherwise allow a renewal.
1093
+ Generated Token's Explicit Maximum TTL in seconds
1101
1094
  """
1102
1095
  return pulumi.get(self, "token_explicit_max_ttl")
1103
1096
 
@@ -1109,8 +1102,7 @@ class _AuthBackendState:
1109
1102
  @pulumi.getter(name="tokenMaxTtl")
1110
1103
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
1111
1104
  """
1112
- The maximum lifetime for generated tokens in number of seconds.
1113
- Its current value will be referenced at renewal time.
1105
+ The maximum lifetime of the generated token
1114
1106
  """
1115
1107
  return pulumi.get(self, "token_max_ttl")
1116
1108
 
@@ -1122,8 +1114,7 @@ class _AuthBackendState:
1122
1114
  @pulumi.getter(name="tokenNoDefaultPolicy")
1123
1115
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
1124
1116
  """
1125
- If set, the default policy will not be set on
1126
- generated tokens; otherwise it will be added to the policies set in token_policies.
1117
+ If true, the 'default' policy will not automatically be added to generated tokens
1127
1118
  """
1128
1119
  return pulumi.get(self, "token_no_default_policy")
1129
1120
 
@@ -1135,8 +1126,7 @@ class _AuthBackendState:
1135
1126
  @pulumi.getter(name="tokenNumUses")
1136
1127
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
1137
1128
  """
1138
- The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1139
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1129
+ The maximum number of times a token may be used, a value of zero means unlimited
1140
1130
  """
1141
1131
  return pulumi.get(self, "token_num_uses")
1142
1132
 
@@ -1148,10 +1138,7 @@ class _AuthBackendState:
1148
1138
  @pulumi.getter(name="tokenPeriod")
1149
1139
  def token_period(self) -> Optional[pulumi.Input[int]]:
1150
1140
  """
1151
- If set, indicates that the
1152
- token generated using this role should never expire. The token should be renewed within the
1153
- duration specified by this value. At each renewal, the token's TTL will be set to the
1154
- value of this field. Specified in seconds.
1141
+ Generated Token's Period
1155
1142
  """
1156
1143
  return pulumi.get(self, "token_period")
1157
1144
 
@@ -1163,8 +1150,7 @@ class _AuthBackendState:
1163
1150
  @pulumi.getter(name="tokenPolicies")
1164
1151
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1165
1152
  """
1166
- List of policies to encode onto generated tokens. Depending
1167
- on the auth method, this list may be supplemented by user/group/other values.
1153
+ Generated Token's Policies
1168
1154
  """
1169
1155
  return pulumi.get(self, "token_policies")
1170
1156
 
@@ -1176,8 +1162,7 @@ class _AuthBackendState:
1176
1162
  @pulumi.getter(name="tokenTtl")
1177
1163
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
1178
1164
  """
1179
- The incremental lifetime for generated tokens in number of seconds.
1180
- Its current value will be referenced at renewal time.
1165
+ The initial ttl of the token to generate in seconds
1181
1166
  """
1182
1167
  return pulumi.get(self, "token_ttl")
1183
1168
 
@@ -1293,6 +1278,7 @@ class AuthBackend(pulumi.CustomResource):
1293
1278
  certificate: Optional[pulumi.Input[str]] = None,
1294
1279
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1295
1280
  client_tls_key: Optional[pulumi.Input[str]] = None,
1281
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1296
1282
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1297
1283
  description: Optional[pulumi.Input[str]] = None,
1298
1284
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1335,14 +1321,14 @@ class AuthBackend(pulumi.CustomResource):
1335
1321
  import pulumi_vault as vault
1336
1322
 
1337
1323
  ldap = vault.ldap.AuthBackend("ldap",
1338
- discoverdn=False,
1339
- groupdn="OU=Groups,DC=example,DC=org",
1340
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1341
1324
  path="ldap",
1342
- upndomain="EXAMPLE.ORG",
1343
1325
  url="ldaps://dc-01.example.org",
1326
+ userdn="OU=Users,OU=Accounts,DC=example,DC=org",
1344
1327
  userattr="sAMAccountName",
1345
- userdn="OU=Users,OU=Accounts,DC=example,DC=org")
1328
+ upndomain="EXAMPLE.ORG",
1329
+ discoverdn=False,
1330
+ groupdn="OU=Groups,DC=example,DC=org",
1331
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1346
1332
  ```
1347
1333
 
1348
1334
  ## Import
@@ -1350,7 +1336,7 @@ class AuthBackend(pulumi.CustomResource):
1350
1336
  LDAP authentication backends can be imported using the `path`, e.g.
1351
1337
 
1352
1338
  ```sh
1353
- $ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
1339
+ $ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
1354
1340
  ```
1355
1341
 
1356
1342
  :param str resource_name: The name of the resource.
@@ -1359,6 +1345,7 @@ class AuthBackend(pulumi.CustomResource):
1359
1345
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1360
1346
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1361
1347
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1348
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1362
1349
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1363
1350
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1364
1351
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -1373,33 +1360,20 @@ class AuthBackend(pulumi.CustomResource):
1373
1360
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
1374
1361
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1375
1362
  The value should not contain leading or trailing forward slashes.
1376
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1363
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1377
1364
  *Available only for Vault Enterprise*.
1378
1365
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1379
1366
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1380
1367
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1381
1368
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
1382
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1383
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1384
- as well.
1385
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1386
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1387
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1388
- `token_max_ttl` would otherwise allow a renewal.
1389
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1390
- Its current value will be referenced at renewal time.
1391
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1392
- generated tokens; otherwise it will be added to the policies set in token_policies.
1393
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1394
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1395
- :param pulumi.Input[int] token_period: If set, indicates that the
1396
- token generated using this role should never expire. The token should be renewed within the
1397
- duration specified by this value. At each renewal, the token's TTL will be set to the
1398
- value of this field. Specified in seconds.
1399
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1400
- on the auth method, this list may be supplemented by user/group/other values.
1401
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1402
- Its current value will be referenced at renewal time.
1369
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1370
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1371
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1372
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1373
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1374
+ :param pulumi.Input[int] token_period: Generated Token's Period
1375
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1376
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1403
1377
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1404
1378
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1405
1379
  :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1425,14 +1399,14 @@ class AuthBackend(pulumi.CustomResource):
1425
1399
  import pulumi_vault as vault
1426
1400
 
1427
1401
  ldap = vault.ldap.AuthBackend("ldap",
1428
- discoverdn=False,
1429
- groupdn="OU=Groups,DC=example,DC=org",
1430
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1431
1402
  path="ldap",
1432
- upndomain="EXAMPLE.ORG",
1433
1403
  url="ldaps://dc-01.example.org",
1404
+ userdn="OU=Users,OU=Accounts,DC=example,DC=org",
1434
1405
  userattr="sAMAccountName",
1435
- userdn="OU=Users,OU=Accounts,DC=example,DC=org")
1406
+ upndomain="EXAMPLE.ORG",
1407
+ discoverdn=False,
1408
+ groupdn="OU=Groups,DC=example,DC=org",
1409
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1436
1410
  ```
1437
1411
 
1438
1412
  ## Import
@@ -1440,7 +1414,7 @@ class AuthBackend(pulumi.CustomResource):
1440
1414
  LDAP authentication backends can be imported using the `path`, e.g.
1441
1415
 
1442
1416
  ```sh
1443
- $ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
1417
+ $ pulumi import vault:ldap/authBackend:AuthBackend ldap ldap
1444
1418
  ```
1445
1419
 
1446
1420
  :param str resource_name: The name of the resource.
@@ -1464,6 +1438,7 @@ class AuthBackend(pulumi.CustomResource):
1464
1438
  certificate: Optional[pulumi.Input[str]] = None,
1465
1439
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1466
1440
  client_tls_key: Optional[pulumi.Input[str]] = None,
1441
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1467
1442
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1468
1443
  description: Optional[pulumi.Input[str]] = None,
1469
1444
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1510,6 +1485,7 @@ class AuthBackend(pulumi.CustomResource):
1510
1485
  __props__.__dict__["certificate"] = certificate
1511
1486
  __props__.__dict__["client_tls_cert"] = client_tls_cert
1512
1487
  __props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
1488
+ __props__.__dict__["connection_timeout"] = connection_timeout
1513
1489
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1514
1490
  __props__.__dict__["description"] = description
1515
1491
  __props__.__dict__["disable_remount"] = disable_remount
@@ -1563,6 +1539,7 @@ class AuthBackend(pulumi.CustomResource):
1563
1539
  certificate: Optional[pulumi.Input[str]] = None,
1564
1540
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1565
1541
  client_tls_key: Optional[pulumi.Input[str]] = None,
1542
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1566
1543
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1567
1544
  description: Optional[pulumi.Input[str]] = None,
1568
1545
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1606,6 +1583,7 @@ class AuthBackend(pulumi.CustomResource):
1606
1583
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1607
1584
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1608
1585
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1586
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1609
1587
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1610
1588
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1611
1589
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -1620,33 +1598,20 @@ class AuthBackend(pulumi.CustomResource):
1620
1598
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
1621
1599
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1622
1600
  The value should not contain leading or trailing forward slashes.
1623
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1601
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1624
1602
  *Available only for Vault Enterprise*.
1625
1603
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1626
1604
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1627
1605
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1628
1606
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
1629
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1630
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1631
- as well.
1632
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1633
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1634
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1635
- `token_max_ttl` would otherwise allow a renewal.
1636
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1637
- Its current value will be referenced at renewal time.
1638
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1639
- generated tokens; otherwise it will be added to the policies set in token_policies.
1640
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1641
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1642
- :param pulumi.Input[int] token_period: If set, indicates that the
1643
- token generated using this role should never expire. The token should be renewed within the
1644
- duration specified by this value. At each renewal, the token's TTL will be set to the
1645
- value of this field. Specified in seconds.
1646
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1647
- on the auth method, this list may be supplemented by user/group/other values.
1648
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1649
- Its current value will be referenced at renewal time.
1607
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1608
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1609
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1610
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1611
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1612
+ :param pulumi.Input[int] token_period: Generated Token's Period
1613
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1614
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1650
1615
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1651
1616
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1652
1617
  :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1667,6 +1632,7 @@ class AuthBackend(pulumi.CustomResource):
1667
1632
  __props__.__dict__["certificate"] = certificate
1668
1633
  __props__.__dict__["client_tls_cert"] = client_tls_cert
1669
1634
  __props__.__dict__["client_tls_key"] = client_tls_key
1635
+ __props__.__dict__["connection_timeout"] = connection_timeout
1670
1636
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1671
1637
  __props__.__dict__["description"] = description
1672
1638
  __props__.__dict__["disable_remount"] = disable_remount
@@ -1750,6 +1716,14 @@ class AuthBackend(pulumi.CustomResource):
1750
1716
  def client_tls_key(self) -> pulumi.Output[str]:
1751
1717
  return pulumi.get(self, "client_tls_key")
1752
1718
 
1719
+ @property
1720
+ @pulumi.getter(name="connectionTimeout")
1721
+ def connection_timeout(self) -> pulumi.Output[int]:
1722
+ """
1723
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1724
+ """
1725
+ return pulumi.get(self, "connection_timeout")
1726
+
1753
1727
  @property
1754
1728
  @pulumi.getter(name="denyNullBind")
1755
1729
  def deny_null_bind(self) -> pulumi.Output[bool]:
@@ -1838,7 +1812,7 @@ class AuthBackend(pulumi.CustomResource):
1838
1812
  """
1839
1813
  The namespace to provision the resource in.
1840
1814
  The value should not contain leading or trailing forward slashes.
1841
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1815
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1842
1816
  *Available only for Vault Enterprise*.
1843
1817
  """
1844
1818
  return pulumi.get(self, "namespace")
@@ -1879,9 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
1879
1853
  @pulumi.getter(name="tokenBoundCidrs")
1880
1854
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1881
1855
  """
1882
- List of CIDR blocks; if set, specifies blocks of IP
1883
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1884
- as well.
1856
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1885
1857
  """
1886
1858
  return pulumi.get(self, "token_bound_cidrs")
1887
1859
 
@@ -1889,10 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
1889
1861
  @pulumi.getter(name="tokenExplicitMaxTtl")
1890
1862
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1891
1863
  """
1892
- If set, will encode an
1893
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1894
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1895
- `token_max_ttl` would otherwise allow a renewal.
1864
+ Generated Token's Explicit Maximum TTL in seconds
1896
1865
  """
1897
1866
  return pulumi.get(self, "token_explicit_max_ttl")
1898
1867
 
@@ -1900,8 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
1900
1869
  @pulumi.getter(name="tokenMaxTtl")
1901
1870
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1902
1871
  """
1903
- The maximum lifetime for generated tokens in number of seconds.
1904
- Its current value will be referenced at renewal time.
1872
+ The maximum lifetime of the generated token
1905
1873
  """
1906
1874
  return pulumi.get(self, "token_max_ttl")
1907
1875
 
@@ -1909,8 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
1909
1877
  @pulumi.getter(name="tokenNoDefaultPolicy")
1910
1878
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1911
1879
  """
1912
- If set, the default policy will not be set on
1913
- generated tokens; otherwise it will be added to the policies set in token_policies.
1880
+ If true, the 'default' policy will not automatically be added to generated tokens
1914
1881
  """
1915
1882
  return pulumi.get(self, "token_no_default_policy")
1916
1883
 
@@ -1918,8 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
1918
1885
  @pulumi.getter(name="tokenNumUses")
1919
1886
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1920
1887
  """
1921
- The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1922
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1888
+ The maximum number of times a token may be used, a value of zero means unlimited
1923
1889
  """
1924
1890
  return pulumi.get(self, "token_num_uses")
1925
1891
 
@@ -1927,10 +1893,7 @@ class AuthBackend(pulumi.CustomResource):
1927
1893
  @pulumi.getter(name="tokenPeriod")
1928
1894
  def token_period(self) -> pulumi.Output[Optional[int]]:
1929
1895
  """
1930
- If set, indicates that the
1931
- token generated using this role should never expire. The token should be renewed within the
1932
- duration specified by this value. At each renewal, the token's TTL will be set to the
1933
- value of this field. Specified in seconds.
1896
+ Generated Token's Period
1934
1897
  """
1935
1898
  return pulumi.get(self, "token_period")
1936
1899
 
@@ -1938,8 +1901,7 @@ class AuthBackend(pulumi.CustomResource):
1938
1901
  @pulumi.getter(name="tokenPolicies")
1939
1902
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1940
1903
  """
1941
- List of policies to encode onto generated tokens. Depending
1942
- on the auth method, this list may be supplemented by user/group/other values.
1904
+ Generated Token's Policies
1943
1905
  """
1944
1906
  return pulumi.get(self, "token_policies")
1945
1907
 
@@ -1947,8 +1909,7 @@ class AuthBackend(pulumi.CustomResource):
1947
1909
  @pulumi.getter(name="tokenTtl")
1948
1910
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1949
1911
  """
1950
- The incremental lifetime for generated tokens in number of seconds.
1951
- Its current value will be referenced at renewal time.
1912
+ The initial ttl of the token to generate in seconds
1952
1913
  """
1953
1914
  return pulumi.get(self, "token_ttl")
1954
1915