pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +26 -9
  5. pulumi_vault/ad/secret_backend.py +16 -142
  6. pulumi_vault/ad/secret_library.py +16 -9
  7. pulumi_vault/ad/secret_role.py +14 -9
  8. pulumi_vault/alicloud/auth_backend_role.py +76 -190
  9. pulumi_vault/approle/auth_backend_login.py +12 -7
  10. pulumi_vault/approle/auth_backend_role.py +77 -191
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -7
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -5
  13. pulumi_vault/audit.py +30 -21
  14. pulumi_vault/audit_request_header.py +11 -2
  15. pulumi_vault/auth_backend.py +66 -14
  16. pulumi_vault/aws/auth_backend_cert.py +18 -9
  17. pulumi_vault/aws/auth_backend_client.py +267 -22
  18. pulumi_vault/aws/auth_backend_config_identity.py +14 -9
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +20 -15
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +77 -191
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -13
  24. pulumi_vault/aws/auth_backend_sts_role.py +14 -9
  25. pulumi_vault/aws/get_access_credentials.py +38 -9
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +77 -9
  28. pulumi_vault/aws/secret_backend_role.py +185 -9
  29. pulumi_vault/aws/secret_backend_static_role.py +20 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +153 -15
  32. pulumi_vault/azure/auth_backend_role.py +77 -191
  33. pulumi_vault/azure/backend.py +227 -21
  34. pulumi_vault/azure/backend_role.py +42 -37
  35. pulumi_vault/azure/get_access_credentials.py +41 -7
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -267
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +28 -19
  44. pulumi_vault/consul/secret_backend_role.py +18 -78
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +119 -112
  48. pulumi_vault/database/secret_backend_role.py +31 -22
  49. pulumi_vault/database/secret_backend_static_role.py +87 -13
  50. pulumi_vault/database/secrets_mount.py +427 -136
  51. pulumi_vault/egp_policy.py +16 -11
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +250 -33
  54. pulumi_vault/gcp/auth_backend_role.py +77 -269
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -5
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -12
  58. pulumi_vault/gcp/secret_impersonated_account.py +76 -15
  59. pulumi_vault/gcp/secret_roleset.py +31 -24
  60. pulumi_vault/gcp/secret_static_account.py +39 -32
  61. pulumi_vault/generic/endpoint.py +24 -17
  62. pulumi_vault/generic/get_secret.py +64 -8
  63. pulumi_vault/generic/secret.py +21 -16
  64. pulumi_vault/get_auth_backend.py +24 -7
  65. pulumi_vault/get_auth_backends.py +51 -9
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -11
  69. pulumi_vault/get_policy_document.py +34 -19
  70. pulumi_vault/get_raft_autopilot_state.py +29 -10
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +19 -14
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +16 -11
  75. pulumi_vault/github/user.py +16 -11
  76. pulumi_vault/identity/entity.py +20 -13
  77. pulumi_vault/identity/entity_alias.py +20 -13
  78. pulumi_vault/identity/entity_policies.py +28 -11
  79. pulumi_vault/identity/get_entity.py +42 -10
  80. pulumi_vault/identity/get_group.py +47 -9
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -7
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -9
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -10
  84. pulumi_vault/identity/group.py +58 -39
  85. pulumi_vault/identity/group_alias.py +16 -9
  86. pulumi_vault/identity/group_member_entity_ids.py +28 -66
  87. pulumi_vault/identity/group_member_group_ids.py +40 -19
  88. pulumi_vault/identity/group_policies.py +20 -7
  89. pulumi_vault/identity/mfa_duo.py +11 -6
  90. pulumi_vault/identity/mfa_login_enforcement.py +15 -6
  91. pulumi_vault/identity/mfa_okta.py +11 -6
  92. pulumi_vault/identity/mfa_pingid.py +7 -2
  93. pulumi_vault/identity/mfa_totp.py +7 -2
  94. pulumi_vault/identity/oidc.py +12 -7
  95. pulumi_vault/identity/oidc_assignment.py +24 -11
  96. pulumi_vault/identity/oidc_client.py +36 -23
  97. pulumi_vault/identity/oidc_key.py +30 -17
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -15
  99. pulumi_vault/identity/oidc_provider.py +36 -21
  100. pulumi_vault/identity/oidc_role.py +42 -21
  101. pulumi_vault/identity/oidc_scope.py +20 -13
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +45 -40
  105. pulumi_vault/jwt/auth_backend_role.py +133 -254
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +24 -19
  108. pulumi_vault/kmip/secret_role.py +14 -9
  109. pulumi_vault/kmip/secret_scope.py +14 -9
  110. pulumi_vault/kubernetes/auth_backend_config.py +57 -5
  111. pulumi_vault/kubernetes/auth_backend_role.py +70 -177
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -11
  115. pulumi_vault/kubernetes/secret_backend.py +316 -27
  116. pulumi_vault/kubernetes/secret_backend_role.py +137 -46
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +25 -8
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +33 -10
  120. pulumi_vault/kv/get_secret_v2.py +85 -9
  121. pulumi_vault/kv/get_secrets_list.py +24 -11
  122. pulumi_vault/kv/get_secrets_list_v2.py +37 -15
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +23 -16
  125. pulumi_vault/kv/secret_backend_v2.py +20 -11
  126. pulumi_vault/kv/secret_v2.py +59 -50
  127. pulumi_vault/ldap/auth_backend.py +127 -166
  128. pulumi_vault/ldap/auth_backend_group.py +14 -9
  129. pulumi_vault/ldap/auth_backend_user.py +14 -9
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +354 -82
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +18 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +16 -9
  135. pulumi_vault/ldap/secret_backend_static_role.py +73 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +29 -57
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +18 -11
  140. pulumi_vault/mfa_okta.py +18 -11
  141. pulumi_vault/mfa_pingid.py +18 -11
  142. pulumi_vault/mfa_totp.py +24 -17
  143. pulumi_vault/mongodbatlas/secret_backend.py +20 -15
  144. pulumi_vault/mongodbatlas/secret_role.py +47 -38
  145. pulumi_vault/mount.py +391 -51
  146. pulumi_vault/namespace.py +68 -83
  147. pulumi_vault/nomad_secret_backend.py +18 -13
  148. pulumi_vault/nomad_secret_role.py +14 -9
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +485 -39
  151. pulumi_vault/okta/auth_backend_group.py +14 -9
  152. pulumi_vault/okta/auth_backend_user.py +14 -9
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +20 -13
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +67 -9
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -8
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -9
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -8
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -11
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -11
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +14 -9
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +67 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -9
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -11
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -17
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +14 -9
  174. pulumi_vault/pkisecret/secret_backend_key.py +14 -9
  175. pulumi_vault/pkisecret/secret_backend_role.py +21 -14
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -48
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -56
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -54
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +14 -9
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +60 -6
  185. pulumi_vault/quota_rate_limit.py +56 -2
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +18 -13
  189. pulumi_vault/rabbitmq/secret_backend_role.py +54 -47
  190. pulumi_vault/raft_autopilot.py +14 -9
  191. pulumi_vault/raft_snapshot_agent_config.py +129 -224
  192. pulumi_vault/rgp_policy.py +14 -9
  193. pulumi_vault/saml/auth_backend.py +22 -17
  194. pulumi_vault/saml/auth_backend_role.py +92 -197
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -71
  199. pulumi_vault/secrets/sync_aws_destination.py +242 -27
  200. pulumi_vault/secrets/sync_azure_destination.py +92 -31
  201. pulumi_vault/secrets/sync_config.py +9 -4
  202. pulumi_vault/secrets/sync_gcp_destination.py +158 -25
  203. pulumi_vault/secrets/sync_gh_destination.py +189 -13
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +74 -13
  206. pulumi_vault/ssh/_inputs.py +28 -28
  207. pulumi_vault/ssh/outputs.py +11 -28
  208. pulumi_vault/ssh/secret_backend_ca.py +108 -9
  209. pulumi_vault/ssh/secret_backend_role.py +85 -118
  210. pulumi_vault/terraformcloud/secret_backend.py +7 -54
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -20
  212. pulumi_vault/terraformcloud/secret_role.py +16 -74
  213. pulumi_vault/token.py +28 -23
  214. pulumi_vault/tokenauth/auth_backend_role.py +78 -199
  215. pulumi_vault/transform/alphabet.py +16 -9
  216. pulumi_vault/transform/get_decode.py +45 -17
  217. pulumi_vault/transform/get_encode.py +45 -17
  218. pulumi_vault/transform/role.py +16 -9
  219. pulumi_vault/transform/template.py +30 -21
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -21
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +27 -93
  224. pulumi_vault/transit/secret_cache_config.py +12 -7
  225. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1709368526.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1709368526.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -43,38 +48,20 @@ class AuthBackendRoleArgs:
43
48
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
44
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
45
50
  The value should not contain leading or trailing forward slashes.
46
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
51
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
47
52
  *Available only for Vault Enterprise*.
48
53
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
49
54
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
50
-
51
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
52
55
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
53
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
54
- addresses which can authenticate successfully, and ties the resulting token to these blocks
55
- as well.
56
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
57
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
58
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
59
- `token_max_ttl` would otherwise allow a renewal.
60
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
61
- Its current value will be referenced at renewal time.
62
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
63
- generated tokens; otherwise it will be added to the policies set in token_policies.
64
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
65
- of times a generated token may be used (within its lifetime); 0 means unlimited.
66
- :param pulumi.Input[int] token_period: If set, indicates that the
67
- token generated using this role should never expire. The token should be renewed within the
68
- duration specified by this value. At each renewal, the token's TTL will be set to the
69
- value of this field. Specified in seconds.
56
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
57
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
58
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
59
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
60
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
61
+ :param pulumi.Input[int] token_period: Generated Token's Period
70
62
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
71
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
72
- Its current value will be referenced at renewal time.
73
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
74
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
75
- `service` tokens). For token store roles, there are two additional possibilities:
76
- `default-service` and `default-batch` which specify the type to return unless the client
77
- requests a different type at generation time.
63
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
64
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
78
65
  """
79
66
  pulumi.set(__self__, "role_name", role_name)
80
67
  if allowed_entity_aliases is not None:
@@ -192,7 +179,7 @@ class AuthBackendRoleArgs:
192
179
  """
193
180
  The namespace to provision the resource in.
194
181
  The value should not contain leading or trailing forward slashes.
195
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
182
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
196
183
  *Available only for Vault Enterprise*.
197
184
  """
198
185
  return pulumi.get(self, "namespace")
@@ -218,8 +205,6 @@ class AuthBackendRoleArgs:
218
205
  def path_suffix(self) -> Optional[pulumi.Input[str]]:
219
206
  """
220
207
  Tokens created against this role will have the given suffix as part of their path in addition to the role name.
221
-
222
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
223
208
  """
224
209
  return pulumi.get(self, "path_suffix")
225
210
 
@@ -243,9 +228,7 @@ class AuthBackendRoleArgs:
243
228
  @pulumi.getter(name="tokenBoundCidrs")
244
229
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
245
230
  """
246
- List of CIDR blocks; if set, specifies blocks of IP
247
- addresses which can authenticate successfully, and ties the resulting token to these blocks
248
- as well.
231
+ Specifies the blocks of IP addresses which are allowed to use the generated token
249
232
  """
250
233
  return pulumi.get(self, "token_bound_cidrs")
251
234
 
@@ -257,10 +240,7 @@ class AuthBackendRoleArgs:
257
240
  @pulumi.getter(name="tokenExplicitMaxTtl")
258
241
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
259
242
  """
260
- If set, will encode an
261
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
262
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
263
- `token_max_ttl` would otherwise allow a renewal.
243
+ Generated Token's Explicit Maximum TTL in seconds
264
244
  """
265
245
  return pulumi.get(self, "token_explicit_max_ttl")
266
246
 
@@ -272,8 +252,7 @@ class AuthBackendRoleArgs:
272
252
  @pulumi.getter(name="tokenMaxTtl")
273
253
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
274
254
  """
275
- The maximum lifetime for generated tokens in number of seconds.
276
- Its current value will be referenced at renewal time.
255
+ The maximum lifetime of the generated token
277
256
  """
278
257
  return pulumi.get(self, "token_max_ttl")
279
258
 
@@ -285,8 +264,7 @@ class AuthBackendRoleArgs:
285
264
  @pulumi.getter(name="tokenNoDefaultPolicy")
286
265
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
287
266
  """
288
- If set, the default policy will not be set on
289
- generated tokens; otherwise it will be added to the policies set in token_policies.
267
+ If true, the 'default' policy will not automatically be added to generated tokens
290
268
  """
291
269
  return pulumi.get(self, "token_no_default_policy")
292
270
 
@@ -298,8 +276,7 @@ class AuthBackendRoleArgs:
298
276
  @pulumi.getter(name="tokenNumUses")
299
277
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
300
278
  """
301
- The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
302
- of times a generated token may be used (within its lifetime); 0 means unlimited.
279
+ The maximum number of times a token may be used, a value of zero means unlimited
303
280
  """
304
281
  return pulumi.get(self, "token_num_uses")
305
282
 
@@ -311,10 +288,7 @@ class AuthBackendRoleArgs:
311
288
  @pulumi.getter(name="tokenPeriod")
312
289
  def token_period(self) -> Optional[pulumi.Input[int]]:
313
290
  """
314
- If set, indicates that the
315
- token generated using this role should never expire. The token should be renewed within the
316
- duration specified by this value. At each renewal, the token's TTL will be set to the
317
- value of this field. Specified in seconds.
291
+ Generated Token's Period
318
292
  """
319
293
  return pulumi.get(self, "token_period")
320
294
 
@@ -338,8 +312,7 @@ class AuthBackendRoleArgs:
338
312
  @pulumi.getter(name="tokenTtl")
339
313
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
340
314
  """
341
- The incremental lifetime for generated tokens in number of seconds.
342
- Its current value will be referenced at renewal time.
315
+ The initial ttl of the token to generate in seconds
343
316
  """
344
317
  return pulumi.get(self, "token_ttl")
345
318
 
@@ -351,11 +324,7 @@ class AuthBackendRoleArgs:
351
324
  @pulumi.getter(name="tokenType")
352
325
  def token_type(self) -> Optional[pulumi.Input[str]]:
353
326
  """
354
- The type of token that should be generated. Can be `service`,
355
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
356
- `service` tokens). For token store roles, there are two additional possibilities:
357
- `default-service` and `default-batch` which specify the type to return unless the client
358
- requests a different type at generation time.
327
+ The type of token to generate, service or batch
359
328
  """
360
329
  return pulumi.get(self, "token_type")
361
330
 
@@ -395,39 +364,21 @@ class _AuthBackendRoleState:
395
364
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
396
365
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
397
366
  The value should not contain leading or trailing forward slashes.
398
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
367
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
399
368
  *Available only for Vault Enterprise*.
400
369
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
401
370
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
402
-
403
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
404
371
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
405
372
  :param pulumi.Input[str] role_name: The name of the role.
406
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
407
- addresses which can authenticate successfully, and ties the resulting token to these blocks
408
- as well.
409
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
410
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
411
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
412
- `token_max_ttl` would otherwise allow a renewal.
413
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
414
- Its current value will be referenced at renewal time.
415
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
416
- generated tokens; otherwise it will be added to the policies set in token_policies.
417
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
418
- of times a generated token may be used (within its lifetime); 0 means unlimited.
419
- :param pulumi.Input[int] token_period: If set, indicates that the
420
- token generated using this role should never expire. The token should be renewed within the
421
- duration specified by this value. At each renewal, the token's TTL will be set to the
422
- value of this field. Specified in seconds.
373
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
374
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
375
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
376
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
377
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
378
+ :param pulumi.Input[int] token_period: Generated Token's Period
423
379
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
424
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
425
- Its current value will be referenced at renewal time.
426
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
427
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
428
- `service` tokens). For token store roles, there are two additional possibilities:
429
- `default-service` and `default-batch` which specify the type to return unless the client
430
- requests a different type at generation time.
380
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
381
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
431
382
  """
432
383
  if allowed_entity_aliases is not None:
433
384
  pulumi.set(__self__, "allowed_entity_aliases", allowed_entity_aliases)
@@ -534,7 +485,7 @@ class _AuthBackendRoleState:
534
485
  """
535
486
  The namespace to provision the resource in.
536
487
  The value should not contain leading or trailing forward slashes.
537
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
488
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
538
489
  *Available only for Vault Enterprise*.
539
490
  """
540
491
  return pulumi.get(self, "namespace")
@@ -560,8 +511,6 @@ class _AuthBackendRoleState:
560
511
  def path_suffix(self) -> Optional[pulumi.Input[str]]:
561
512
  """
562
513
  Tokens created against this role will have the given suffix as part of their path in addition to the role name.
563
-
564
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
565
514
  """
566
515
  return pulumi.get(self, "path_suffix")
567
516
 
@@ -597,9 +546,7 @@ class _AuthBackendRoleState:
597
546
  @pulumi.getter(name="tokenBoundCidrs")
598
547
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
599
548
  """
600
- List of CIDR blocks; if set, specifies blocks of IP
601
- addresses which can authenticate successfully, and ties the resulting token to these blocks
602
- as well.
549
+ Specifies the blocks of IP addresses which are allowed to use the generated token
603
550
  """
604
551
  return pulumi.get(self, "token_bound_cidrs")
605
552
 
@@ -611,10 +558,7 @@ class _AuthBackendRoleState:
611
558
  @pulumi.getter(name="tokenExplicitMaxTtl")
612
559
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
613
560
  """
614
- If set, will encode an
615
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
616
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
617
- `token_max_ttl` would otherwise allow a renewal.
561
+ Generated Token's Explicit Maximum TTL in seconds
618
562
  """
619
563
  return pulumi.get(self, "token_explicit_max_ttl")
620
564
 
@@ -626,8 +570,7 @@ class _AuthBackendRoleState:
626
570
  @pulumi.getter(name="tokenMaxTtl")
627
571
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
628
572
  """
629
- The maximum lifetime for generated tokens in number of seconds.
630
- Its current value will be referenced at renewal time.
573
+ The maximum lifetime of the generated token
631
574
  """
632
575
  return pulumi.get(self, "token_max_ttl")
633
576
 
@@ -639,8 +582,7 @@ class _AuthBackendRoleState:
639
582
  @pulumi.getter(name="tokenNoDefaultPolicy")
640
583
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
641
584
  """
642
- If set, the default policy will not be set on
643
- generated tokens; otherwise it will be added to the policies set in token_policies.
585
+ If true, the 'default' policy will not automatically be added to generated tokens
644
586
  """
645
587
  return pulumi.get(self, "token_no_default_policy")
646
588
 
@@ -652,8 +594,7 @@ class _AuthBackendRoleState:
652
594
  @pulumi.getter(name="tokenNumUses")
653
595
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
654
596
  """
655
- The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
656
- of times a generated token may be used (within its lifetime); 0 means unlimited.
597
+ The maximum number of times a token may be used, a value of zero means unlimited
657
598
  """
658
599
  return pulumi.get(self, "token_num_uses")
659
600
 
@@ -665,10 +606,7 @@ class _AuthBackendRoleState:
665
606
  @pulumi.getter(name="tokenPeriod")
666
607
  def token_period(self) -> Optional[pulumi.Input[int]]:
667
608
  """
668
- If set, indicates that the
669
- token generated using this role should never expire. The token should be renewed within the
670
- duration specified by this value. At each renewal, the token's TTL will be set to the
671
- value of this field. Specified in seconds.
609
+ Generated Token's Period
672
610
  """
673
611
  return pulumi.get(self, "token_period")
674
612
 
@@ -692,8 +630,7 @@ class _AuthBackendRoleState:
692
630
  @pulumi.getter(name="tokenTtl")
693
631
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
694
632
  """
695
- The incremental lifetime for generated tokens in number of seconds.
696
- Its current value will be referenced at renewal time.
633
+ The initial ttl of the token to generate in seconds
697
634
  """
698
635
  return pulumi.get(self, "token_ttl")
699
636
 
@@ -705,11 +642,7 @@ class _AuthBackendRoleState:
705
642
  @pulumi.getter(name="tokenType")
706
643
  def token_type(self) -> Optional[pulumi.Input[str]]:
707
644
  """
708
- The type of token that should be generated. Can be `service`,
709
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
710
- `service` tokens). For token store roles, there are two additional possibilities:
711
- `default-service` and `default-batch` which specify the type to return unless the client
712
- requests a different type at generation time.
645
+ The type of token to generate, service or batch
713
646
  """
714
647
  return pulumi.get(self, "token_type")
715
648
 
@@ -755,18 +688,18 @@ class AuthBackendRole(pulumi.CustomResource):
755
688
  import pulumi_vault as vault
756
689
 
757
690
  example = vault.tokenauth.AuthBackendRole("example",
758
- allowed_entity_aliases=["test_entity"],
691
+ role_name="my-role",
759
692
  allowed_policies=[
760
693
  "dev",
761
694
  "test",
762
695
  ],
763
696
  disallowed_policies=["default"],
697
+ allowed_entity_aliases=["test_entity"],
764
698
  orphan=True,
765
- path_suffix="path-suffix",
699
+ token_period=86400,
766
700
  renewable=True,
767
- role_name="my-role",
768
701
  token_explicit_max_ttl=115200,
769
- token_period=86400)
702
+ path_suffix="path-suffix")
770
703
  ```
771
704
 
772
705
  ## Import
@@ -774,7 +707,7 @@ class AuthBackendRole(pulumi.CustomResource):
774
707
  Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.
775
708
 
776
709
  ```sh
777
- $ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
710
+ $ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
778
711
  ```
779
712
 
780
713
  :param str resource_name: The name of the resource.
@@ -786,39 +719,21 @@ class AuthBackendRole(pulumi.CustomResource):
786
719
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
787
720
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
788
721
  The value should not contain leading or trailing forward slashes.
789
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
722
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
790
723
  *Available only for Vault Enterprise*.
791
724
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
792
725
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
793
-
794
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
795
726
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
796
727
  :param pulumi.Input[str] role_name: The name of the role.
797
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
798
- addresses which can authenticate successfully, and ties the resulting token to these blocks
799
- as well.
800
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
801
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
802
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
803
- `token_max_ttl` would otherwise allow a renewal.
804
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
805
- Its current value will be referenced at renewal time.
806
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
807
- generated tokens; otherwise it will be added to the policies set in token_policies.
808
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
809
- of times a generated token may be used (within its lifetime); 0 means unlimited.
810
- :param pulumi.Input[int] token_period: If set, indicates that the
811
- token generated using this role should never expire. The token should be renewed within the
812
- duration specified by this value. At each renewal, the token's TTL will be set to the
813
- value of this field. Specified in seconds.
728
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
729
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
730
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
731
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
732
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
733
+ :param pulumi.Input[int] token_period: Generated Token's Period
814
734
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
815
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
816
- Its current value will be referenced at renewal time.
817
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
818
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
819
- `service` tokens). For token store roles, there are two additional possibilities:
820
- `default-service` and `default-batch` which specify the type to return unless the client
821
- requests a different type at generation time.
735
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
736
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
822
737
  """
823
738
  ...
824
739
  @overload
@@ -838,18 +753,18 @@ class AuthBackendRole(pulumi.CustomResource):
838
753
  import pulumi_vault as vault
839
754
 
840
755
  example = vault.tokenauth.AuthBackendRole("example",
841
- allowed_entity_aliases=["test_entity"],
756
+ role_name="my-role",
842
757
  allowed_policies=[
843
758
  "dev",
844
759
  "test",
845
760
  ],
846
761
  disallowed_policies=["default"],
762
+ allowed_entity_aliases=["test_entity"],
847
763
  orphan=True,
848
- path_suffix="path-suffix",
764
+ token_period=86400,
849
765
  renewable=True,
850
- role_name="my-role",
851
766
  token_explicit_max_ttl=115200,
852
- token_period=86400)
767
+ path_suffix="path-suffix")
853
768
  ```
854
769
 
855
770
  ## Import
@@ -857,7 +772,7 @@ class AuthBackendRole(pulumi.CustomResource):
857
772
  Token auth backend roles can be imported with `auth/token/roles/` followed by the `role_name`, e.g.
858
773
 
859
774
  ```sh
860
- $ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
775
+ $ pulumi import vault:tokenauth/authBackendRole:AuthBackendRole example auth/token/roles/my-role
861
776
  ```
862
777
 
863
778
  :param str resource_name: The name of the resource.
@@ -967,39 +882,21 @@ class AuthBackendRole(pulumi.CustomResource):
967
882
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
968
883
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
969
884
  The value should not contain leading or trailing forward slashes.
970
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
885
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
971
886
  *Available only for Vault Enterprise*.
972
887
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
973
888
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
974
-
975
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
976
889
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
977
890
  :param pulumi.Input[str] role_name: The name of the role.
978
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
979
- addresses which can authenticate successfully, and ties the resulting token to these blocks
980
- as well.
981
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
982
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
983
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
984
- `token_max_ttl` would otherwise allow a renewal.
985
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
986
- Its current value will be referenced at renewal time.
987
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
988
- generated tokens; otherwise it will be added to the policies set in token_policies.
989
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
990
- of times a generated token may be used (within its lifetime); 0 means unlimited.
991
- :param pulumi.Input[int] token_period: If set, indicates that the
992
- token generated using this role should never expire. The token should be renewed within the
993
- duration specified by this value. At each renewal, the token's TTL will be set to the
994
- value of this field. Specified in seconds.
891
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
892
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
893
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
894
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
895
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
896
+ :param pulumi.Input[int] token_period: Generated Token's Period
995
897
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
996
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
997
- Its current value will be referenced at renewal time.
998
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
999
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1000
- `service` tokens). For token store roles, there are two additional possibilities:
1001
- `default-service` and `default-batch` which specify the type to return unless the client
1002
- requests a different type at generation time.
898
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
899
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1003
900
  """
1004
901
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1005
902
 
@@ -1072,7 +969,7 @@ class AuthBackendRole(pulumi.CustomResource):
1072
969
  """
1073
970
  The namespace to provision the resource in.
1074
971
  The value should not contain leading or trailing forward slashes.
1075
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
972
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1076
973
  *Available only for Vault Enterprise*.
1077
974
  """
1078
975
  return pulumi.get(self, "namespace")
@@ -1090,8 +987,6 @@ class AuthBackendRole(pulumi.CustomResource):
1090
987
  def path_suffix(self) -> pulumi.Output[Optional[str]]:
1091
988
  """
1092
989
  Tokens created against this role will have the given suffix as part of their path in addition to the role name.
1093
-
1094
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
1095
990
  """
1096
991
  return pulumi.get(self, "path_suffix")
1097
992
 
@@ -1115,9 +1010,7 @@ class AuthBackendRole(pulumi.CustomResource):
1115
1010
  @pulumi.getter(name="tokenBoundCidrs")
1116
1011
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1117
1012
  """
1118
- List of CIDR blocks; if set, specifies blocks of IP
1119
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1120
- as well.
1013
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1121
1014
  """
1122
1015
  return pulumi.get(self, "token_bound_cidrs")
1123
1016
 
@@ -1125,10 +1018,7 @@ class AuthBackendRole(pulumi.CustomResource):
1125
1018
  @pulumi.getter(name="tokenExplicitMaxTtl")
1126
1019
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1127
1020
  """
1128
- If set, will encode an
1129
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1130
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1131
- `token_max_ttl` would otherwise allow a renewal.
1021
+ Generated Token's Explicit Maximum TTL in seconds
1132
1022
  """
1133
1023
  return pulumi.get(self, "token_explicit_max_ttl")
1134
1024
 
@@ -1136,8 +1026,7 @@ class AuthBackendRole(pulumi.CustomResource):
1136
1026
  @pulumi.getter(name="tokenMaxTtl")
1137
1027
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1138
1028
  """
1139
- The maximum lifetime for generated tokens in number of seconds.
1140
- Its current value will be referenced at renewal time.
1029
+ The maximum lifetime of the generated token
1141
1030
  """
1142
1031
  return pulumi.get(self, "token_max_ttl")
1143
1032
 
@@ -1145,8 +1034,7 @@ class AuthBackendRole(pulumi.CustomResource):
1145
1034
  @pulumi.getter(name="tokenNoDefaultPolicy")
1146
1035
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1147
1036
  """
1148
- If set, the default policy will not be set on
1149
- generated tokens; otherwise it will be added to the policies set in token_policies.
1037
+ If true, the 'default' policy will not automatically be added to generated tokens
1150
1038
  """
1151
1039
  return pulumi.get(self, "token_no_default_policy")
1152
1040
 
@@ -1154,8 +1042,7 @@ class AuthBackendRole(pulumi.CustomResource):
1154
1042
  @pulumi.getter(name="tokenNumUses")
1155
1043
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1156
1044
  """
1157
- The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
1158
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1045
+ The maximum number of times a token may be used, a value of zero means unlimited
1159
1046
  """
1160
1047
  return pulumi.get(self, "token_num_uses")
1161
1048
 
@@ -1163,10 +1050,7 @@ class AuthBackendRole(pulumi.CustomResource):
1163
1050
  @pulumi.getter(name="tokenPeriod")
1164
1051
  def token_period(self) -> pulumi.Output[Optional[int]]:
1165
1052
  """
1166
- If set, indicates that the
1167
- token generated using this role should never expire. The token should be renewed within the
1168
- duration specified by this value. At each renewal, the token's TTL will be set to the
1169
- value of this field. Specified in seconds.
1053
+ Generated Token's Period
1170
1054
  """
1171
1055
  return pulumi.get(self, "token_period")
1172
1056
 
@@ -1182,8 +1066,7 @@ class AuthBackendRole(pulumi.CustomResource):
1182
1066
  @pulumi.getter(name="tokenTtl")
1183
1067
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1184
1068
  """
1185
- The incremental lifetime for generated tokens in number of seconds.
1186
- Its current value will be referenced at renewal time.
1069
+ The initial ttl of the token to generate in seconds
1187
1070
  """
1188
1071
  return pulumi.get(self, "token_ttl")
1189
1072
 
@@ -1191,11 +1074,7 @@ class AuthBackendRole(pulumi.CustomResource):
1191
1074
  @pulumi.getter(name="tokenType")
1192
1075
  def token_type(self) -> pulumi.Output[Optional[str]]:
1193
1076
  """
1194
- The type of token that should be generated. Can be `service`,
1195
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1196
- `service` tokens). For token store roles, there are two additional possibilities:
1197
- `default-service` and `default-batch` which specify the type to return unless the client
1198
- requests a different type at generation time.
1077
+ The type of token to generate, service or batch
1199
1078
  """
1200
1079
  return pulumi.get(self, "token_type")
1201
1080