pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendArgs', 'AuthBackend']
@@ -21,6 +26,7 @@ class AuthBackendArgs:
21
26
  certificate: Optional[pulumi.Input[str]] = None,
22
27
  client_tls_cert: Optional[pulumi.Input[str]] = None,
23
28
  client_tls_key: Optional[pulumi.Input[str]] = None,
29
+ connection_timeout: Optional[pulumi.Input[int]] = None,
24
30
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
25
31
  description: Optional[pulumi.Input[str]] = None,
26
32
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -58,6 +64,7 @@ class AuthBackendArgs:
58
64
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
59
65
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
60
66
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
67
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
61
68
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
62
69
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
63
70
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -72,33 +79,20 @@ class AuthBackendArgs:
72
79
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
73
80
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
74
81
  The value should not contain leading or trailing forward slashes.
75
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
82
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
76
83
  *Available only for Vault Enterprise*.
77
84
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
78
85
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
79
86
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
80
87
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
81
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
82
- addresses which can authenticate successfully, and ties the resulting token to these blocks
83
- as well.
84
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
85
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
86
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
87
- `token_max_ttl` would otherwise allow a renewal.
88
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
89
- Its current value will be referenced at renewal time.
90
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
91
- generated tokens; otherwise it will be added to the policies set in token_policies.
92
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
93
- of times a generated token may be used (within its lifetime); 0 means unlimited.
94
- :param pulumi.Input[int] token_period: If set, indicates that the
95
- token generated using this role should never expire. The token should be renewed within the
96
- duration specified by this value. At each renewal, the token's TTL will be set to the
97
- value of this field. Specified in seconds.
98
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
99
- on the auth method, this list may be supplemented by user/group/other values.
100
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
101
- Its current value will be referenced at renewal time.
88
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
89
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
90
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
91
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
92
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
93
+ :param pulumi.Input[int] token_period: Generated Token's Period
94
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
95
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
102
96
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
103
97
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
104
98
  :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
@@ -120,6 +114,8 @@ class AuthBackendArgs:
120
114
  pulumi.set(__self__, "client_tls_cert", client_tls_cert)
121
115
  if client_tls_key is not None:
122
116
  pulumi.set(__self__, "client_tls_key", client_tls_key)
117
+ if connection_timeout is not None:
118
+ pulumi.set(__self__, "connection_timeout", connection_timeout)
123
119
  if deny_null_bind is not None:
124
120
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
125
121
  if description is not None:
@@ -259,6 +255,18 @@ class AuthBackendArgs:
259
255
  def client_tls_key(self, value: Optional[pulumi.Input[str]]):
260
256
  pulumi.set(self, "client_tls_key", value)
261
257
 
258
+ @property
259
+ @pulumi.getter(name="connectionTimeout")
260
+ def connection_timeout(self) -> Optional[pulumi.Input[int]]:
261
+ """
262
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
263
+ """
264
+ return pulumi.get(self, "connection_timeout")
265
+
266
+ @connection_timeout.setter
267
+ def connection_timeout(self, value: Optional[pulumi.Input[int]]):
268
+ pulumi.set(self, "connection_timeout", value)
269
+
262
270
  @property
263
271
  @pulumi.getter(name="denyNullBind")
264
272
  def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
@@ -387,7 +395,7 @@ class AuthBackendArgs:
387
395
  """
388
396
  The namespace to provision the resource in.
389
397
  The value should not contain leading or trailing forward slashes.
390
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
398
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
391
399
  *Available only for Vault Enterprise*.
392
400
  """
393
401
  return pulumi.get(self, "namespace")
@@ -448,9 +456,7 @@ class AuthBackendArgs:
448
456
  @pulumi.getter(name="tokenBoundCidrs")
449
457
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
450
458
  """
451
- List of CIDR blocks; if set, specifies blocks of IP
452
- addresses which can authenticate successfully, and ties the resulting token to these blocks
453
- as well.
459
+ Specifies the blocks of IP addresses which are allowed to use the generated token
454
460
  """
455
461
  return pulumi.get(self, "token_bound_cidrs")
456
462
 
@@ -462,10 +468,7 @@ class AuthBackendArgs:
462
468
  @pulumi.getter(name="tokenExplicitMaxTtl")
463
469
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
464
470
  """
465
- If set, will encode an
466
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
467
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
468
- `token_max_ttl` would otherwise allow a renewal.
471
+ Generated Token's Explicit Maximum TTL in seconds
469
472
  """
470
473
  return pulumi.get(self, "token_explicit_max_ttl")
471
474
 
@@ -477,8 +480,7 @@ class AuthBackendArgs:
477
480
  @pulumi.getter(name="tokenMaxTtl")
478
481
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
479
482
  """
480
- The maximum lifetime for generated tokens in number of seconds.
481
- Its current value will be referenced at renewal time.
483
+ The maximum lifetime of the generated token
482
484
  """
483
485
  return pulumi.get(self, "token_max_ttl")
484
486
 
@@ -490,8 +492,7 @@ class AuthBackendArgs:
490
492
  @pulumi.getter(name="tokenNoDefaultPolicy")
491
493
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
492
494
  """
493
- If set, the default policy will not be set on
494
- generated tokens; otherwise it will be added to the policies set in token_policies.
495
+ If true, the 'default' policy will not automatically be added to generated tokens
495
496
  """
496
497
  return pulumi.get(self, "token_no_default_policy")
497
498
 
@@ -503,8 +504,7 @@ class AuthBackendArgs:
503
504
  @pulumi.getter(name="tokenNumUses")
504
505
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
505
506
  """
506
- The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
507
- of times a generated token may be used (within its lifetime); 0 means unlimited.
507
+ The maximum number of times a token may be used, a value of zero means unlimited
508
508
  """
509
509
  return pulumi.get(self, "token_num_uses")
510
510
 
@@ -516,10 +516,7 @@ class AuthBackendArgs:
516
516
  @pulumi.getter(name="tokenPeriod")
517
517
  def token_period(self) -> Optional[pulumi.Input[int]]:
518
518
  """
519
- If set, indicates that the
520
- token generated using this role should never expire. The token should be renewed within the
521
- duration specified by this value. At each renewal, the token's TTL will be set to the
522
- value of this field. Specified in seconds.
519
+ Generated Token's Period
523
520
  """
524
521
  return pulumi.get(self, "token_period")
525
522
 
@@ -531,8 +528,7 @@ class AuthBackendArgs:
531
528
  @pulumi.getter(name="tokenPolicies")
532
529
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
533
530
  """
534
- List of policies to encode onto generated tokens. Depending
535
- on the auth method, this list may be supplemented by user/group/other values.
531
+ Generated Token's Policies
536
532
  """
537
533
  return pulumi.get(self, "token_policies")
538
534
 
@@ -544,8 +540,7 @@ class AuthBackendArgs:
544
540
  @pulumi.getter(name="tokenTtl")
545
541
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
546
542
  """
547
- The incremental lifetime for generated tokens in number of seconds.
548
- Its current value will be referenced at renewal time.
543
+ The initial ttl of the token to generate in seconds
549
544
  """
550
545
  return pulumi.get(self, "token_ttl")
551
546
 
@@ -648,6 +643,7 @@ class _AuthBackendState:
648
643
  certificate: Optional[pulumi.Input[str]] = None,
649
644
  client_tls_cert: Optional[pulumi.Input[str]] = None,
650
645
  client_tls_key: Optional[pulumi.Input[str]] = None,
646
+ connection_timeout: Optional[pulumi.Input[int]] = None,
651
647
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
652
648
  description: Optional[pulumi.Input[str]] = None,
653
649
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -686,6 +682,7 @@ class _AuthBackendState:
686
682
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
687
683
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
688
684
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
685
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
689
686
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
690
687
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
691
688
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -700,33 +697,20 @@ class _AuthBackendState:
700
697
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
701
698
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
702
699
  The value should not contain leading or trailing forward slashes.
703
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
700
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
704
701
  *Available only for Vault Enterprise*.
705
702
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
706
703
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
707
704
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
708
705
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
709
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
710
- addresses which can authenticate successfully, and ties the resulting token to these blocks
711
- as well.
712
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
713
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
714
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
715
- `token_max_ttl` would otherwise allow a renewal.
716
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
717
- Its current value will be referenced at renewal time.
718
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
719
- generated tokens; otherwise it will be added to the policies set in token_policies.
720
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
721
- of times a generated token may be used (within its lifetime); 0 means unlimited.
722
- :param pulumi.Input[int] token_period: If set, indicates that the
723
- token generated using this role should never expire. The token should be renewed within the
724
- duration specified by this value. At each renewal, the token's TTL will be set to the
725
- value of this field. Specified in seconds.
726
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
727
- on the auth method, this list may be supplemented by user/group/other values.
728
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
729
- Its current value will be referenced at renewal time.
706
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
707
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
708
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
709
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
710
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
711
+ :param pulumi.Input[int] token_period: Generated Token's Period
712
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
713
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
730
714
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
731
715
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
732
716
  :param pulumi.Input[str] url: The URL of the LDAP server
@@ -750,6 +734,8 @@ class _AuthBackendState:
750
734
  pulumi.set(__self__, "client_tls_cert", client_tls_cert)
751
735
  if client_tls_key is not None:
752
736
  pulumi.set(__self__, "client_tls_key", client_tls_key)
737
+ if connection_timeout is not None:
738
+ pulumi.set(__self__, "connection_timeout", connection_timeout)
753
739
  if deny_null_bind is not None:
754
740
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
755
741
  if description is not None:
@@ -891,6 +877,18 @@ class _AuthBackendState:
891
877
  def client_tls_key(self, value: Optional[pulumi.Input[str]]):
892
878
  pulumi.set(self, "client_tls_key", value)
893
879
 
880
+ @property
881
+ @pulumi.getter(name="connectionTimeout")
882
+ def connection_timeout(self) -> Optional[pulumi.Input[int]]:
883
+ """
884
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
885
+ """
886
+ return pulumi.get(self, "connection_timeout")
887
+
888
+ @connection_timeout.setter
889
+ def connection_timeout(self, value: Optional[pulumi.Input[int]]):
890
+ pulumi.set(self, "connection_timeout", value)
891
+
894
892
  @property
895
893
  @pulumi.getter(name="denyNullBind")
896
894
  def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
@@ -1019,7 +1017,7 @@ class _AuthBackendState:
1019
1017
  """
1020
1018
  The namespace to provision the resource in.
1021
1019
  The value should not contain leading or trailing forward slashes.
1022
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1020
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1023
1021
  *Available only for Vault Enterprise*.
1024
1022
  """
1025
1023
  return pulumi.get(self, "namespace")
@@ -1080,9 +1078,7 @@ class _AuthBackendState:
1080
1078
  @pulumi.getter(name="tokenBoundCidrs")
1081
1079
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1082
1080
  """
1083
- List of CIDR blocks; if set, specifies blocks of IP
1084
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1085
- as well.
1081
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1086
1082
  """
1087
1083
  return pulumi.get(self, "token_bound_cidrs")
1088
1084
 
@@ -1094,10 +1090,7 @@ class _AuthBackendState:
1094
1090
  @pulumi.getter(name="tokenExplicitMaxTtl")
1095
1091
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
1096
1092
  """
1097
- If set, will encode an
1098
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1099
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1100
- `token_max_ttl` would otherwise allow a renewal.
1093
+ Generated Token's Explicit Maximum TTL in seconds
1101
1094
  """
1102
1095
  return pulumi.get(self, "token_explicit_max_ttl")
1103
1096
 
@@ -1109,8 +1102,7 @@ class _AuthBackendState:
1109
1102
  @pulumi.getter(name="tokenMaxTtl")
1110
1103
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
1111
1104
  """
1112
- The maximum lifetime for generated tokens in number of seconds.
1113
- Its current value will be referenced at renewal time.
1105
+ The maximum lifetime of the generated token
1114
1106
  """
1115
1107
  return pulumi.get(self, "token_max_ttl")
1116
1108
 
@@ -1122,8 +1114,7 @@ class _AuthBackendState:
1122
1114
  @pulumi.getter(name="tokenNoDefaultPolicy")
1123
1115
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
1124
1116
  """
1125
- If set, the default policy will not be set on
1126
- generated tokens; otherwise it will be added to the policies set in token_policies.
1117
+ If true, the 'default' policy will not automatically be added to generated tokens
1127
1118
  """
1128
1119
  return pulumi.get(self, "token_no_default_policy")
1129
1120
 
@@ -1135,8 +1126,7 @@ class _AuthBackendState:
1135
1126
  @pulumi.getter(name="tokenNumUses")
1136
1127
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
1137
1128
  """
1138
- The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1139
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1129
+ The maximum number of times a token may be used, a value of zero means unlimited
1140
1130
  """
1141
1131
  return pulumi.get(self, "token_num_uses")
1142
1132
 
@@ -1148,10 +1138,7 @@ class _AuthBackendState:
1148
1138
  @pulumi.getter(name="tokenPeriod")
1149
1139
  def token_period(self) -> Optional[pulumi.Input[int]]:
1150
1140
  """
1151
- If set, indicates that the
1152
- token generated using this role should never expire. The token should be renewed within the
1153
- duration specified by this value. At each renewal, the token's TTL will be set to the
1154
- value of this field. Specified in seconds.
1141
+ Generated Token's Period
1155
1142
  """
1156
1143
  return pulumi.get(self, "token_period")
1157
1144
 
@@ -1163,8 +1150,7 @@ class _AuthBackendState:
1163
1150
  @pulumi.getter(name="tokenPolicies")
1164
1151
  def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1165
1152
  """
1166
- List of policies to encode onto generated tokens. Depending
1167
- on the auth method, this list may be supplemented by user/group/other values.
1153
+ Generated Token's Policies
1168
1154
  """
1169
1155
  return pulumi.get(self, "token_policies")
1170
1156
 
@@ -1176,8 +1162,7 @@ class _AuthBackendState:
1176
1162
  @pulumi.getter(name="tokenTtl")
1177
1163
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
1178
1164
  """
1179
- The incremental lifetime for generated tokens in number of seconds.
1180
- Its current value will be referenced at renewal time.
1165
+ The initial ttl of the token to generate in seconds
1181
1166
  """
1182
1167
  return pulumi.get(self, "token_ttl")
1183
1168
 
@@ -1293,6 +1278,7 @@ class AuthBackend(pulumi.CustomResource):
1293
1278
  certificate: Optional[pulumi.Input[str]] = None,
1294
1279
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1295
1280
  client_tls_key: Optional[pulumi.Input[str]] = None,
1281
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1296
1282
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1297
1283
  description: Optional[pulumi.Input[str]] = None,
1298
1284
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1330,22 +1316,20 @@ class AuthBackend(pulumi.CustomResource):
1330
1316
 
1331
1317
  ## Example Usage
1332
1318
 
1333
- <!--Start PulumiCodeChooser -->
1334
1319
  ```python
1335
1320
  import pulumi
1336
1321
  import pulumi_vault as vault
1337
1322
 
1338
1323
  ldap = vault.ldap.AuthBackend("ldap",
1339
- discoverdn=False,
1340
- groupdn="OU=Groups,DC=example,DC=org",
1341
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1342
1324
  path="ldap",
1343
- upndomain="EXAMPLE.ORG",
1344
1325
  url="ldaps://dc-01.example.org",
1326
+ userdn="OU=Users,OU=Accounts,DC=example,DC=org",
1345
1327
  userattr="sAMAccountName",
1346
- userdn="OU=Users,OU=Accounts,DC=example,DC=org")
1328
+ upndomain="EXAMPLE.ORG",
1329
+ discoverdn=False,
1330
+ groupdn="OU=Groups,DC=example,DC=org",
1331
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1347
1332
  ```
1348
- <!--End PulumiCodeChooser -->
1349
1333
 
1350
1334
  ## Import
1351
1335
 
@@ -1361,6 +1345,7 @@ class AuthBackend(pulumi.CustomResource):
1361
1345
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1362
1346
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1363
1347
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1348
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1364
1349
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1365
1350
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1366
1351
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -1375,33 +1360,20 @@ class AuthBackend(pulumi.CustomResource):
1375
1360
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
1376
1361
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1377
1362
  The value should not contain leading or trailing forward slashes.
1378
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1363
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1379
1364
  *Available only for Vault Enterprise*.
1380
1365
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1381
1366
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1382
1367
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1383
1368
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
1384
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1385
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1386
- as well.
1387
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1388
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1389
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1390
- `token_max_ttl` would otherwise allow a renewal.
1391
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1392
- Its current value will be referenced at renewal time.
1393
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1394
- generated tokens; otherwise it will be added to the policies set in token_policies.
1395
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1396
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1397
- :param pulumi.Input[int] token_period: If set, indicates that the
1398
- token generated using this role should never expire. The token should be renewed within the
1399
- duration specified by this value. At each renewal, the token's TTL will be set to the
1400
- value of this field. Specified in seconds.
1401
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1402
- on the auth method, this list may be supplemented by user/group/other values.
1403
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1404
- Its current value will be referenced at renewal time.
1369
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1370
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1371
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1372
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1373
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1374
+ :param pulumi.Input[int] token_period: Generated Token's Period
1375
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1376
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1405
1377
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1406
1378
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1407
1379
  :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1422,22 +1394,20 @@ class AuthBackend(pulumi.CustomResource):
1422
1394
 
1423
1395
  ## Example Usage
1424
1396
 
1425
- <!--Start PulumiCodeChooser -->
1426
1397
  ```python
1427
1398
  import pulumi
1428
1399
  import pulumi_vault as vault
1429
1400
 
1430
1401
  ldap = vault.ldap.AuthBackend("ldap",
1431
- discoverdn=False,
1432
- groupdn="OU=Groups,DC=example,DC=org",
1433
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1434
1402
  path="ldap",
1435
- upndomain="EXAMPLE.ORG",
1436
1403
  url="ldaps://dc-01.example.org",
1404
+ userdn="OU=Users,OU=Accounts,DC=example,DC=org",
1437
1405
  userattr="sAMAccountName",
1438
- userdn="OU=Users,OU=Accounts,DC=example,DC=org")
1406
+ upndomain="EXAMPLE.ORG",
1407
+ discoverdn=False,
1408
+ groupdn="OU=Groups,DC=example,DC=org",
1409
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1439
1410
  ```
1440
- <!--End PulumiCodeChooser -->
1441
1411
 
1442
1412
  ## Import
1443
1413
 
@@ -1468,6 +1438,7 @@ class AuthBackend(pulumi.CustomResource):
1468
1438
  certificate: Optional[pulumi.Input[str]] = None,
1469
1439
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1470
1440
  client_tls_key: Optional[pulumi.Input[str]] = None,
1441
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1471
1442
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1472
1443
  description: Optional[pulumi.Input[str]] = None,
1473
1444
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1514,6 +1485,7 @@ class AuthBackend(pulumi.CustomResource):
1514
1485
  __props__.__dict__["certificate"] = certificate
1515
1486
  __props__.__dict__["client_tls_cert"] = client_tls_cert
1516
1487
  __props__.__dict__["client_tls_key"] = None if client_tls_key is None else pulumi.Output.secret(client_tls_key)
1488
+ __props__.__dict__["connection_timeout"] = connection_timeout
1517
1489
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1518
1490
  __props__.__dict__["description"] = description
1519
1491
  __props__.__dict__["disable_remount"] = disable_remount
@@ -1567,6 +1539,7 @@ class AuthBackend(pulumi.CustomResource):
1567
1539
  certificate: Optional[pulumi.Input[str]] = None,
1568
1540
  client_tls_cert: Optional[pulumi.Input[str]] = None,
1569
1541
  client_tls_key: Optional[pulumi.Input[str]] = None,
1542
+ connection_timeout: Optional[pulumi.Input[int]] = None,
1570
1543
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1571
1544
  description: Optional[pulumi.Input[str]] = None,
1572
1545
  disable_remount: Optional[pulumi.Input[bool]] = None,
@@ -1610,6 +1583,7 @@ class AuthBackend(pulumi.CustomResource):
1610
1583
  :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1611
1584
  :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1612
1585
  :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1586
+ :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1613
1587
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1614
1588
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1615
1589
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
@@ -1624,33 +1598,20 @@ class AuthBackend(pulumi.CustomResource):
1624
1598
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
1625
1599
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1626
1600
  The value should not contain leading or trailing forward slashes.
1627
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1601
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1628
1602
  *Available only for Vault Enterprise*.
1629
1603
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1630
1604
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1631
1605
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1632
1606
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
1633
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
1634
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1635
- as well.
1636
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
1637
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1638
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1639
- `token_max_ttl` would otherwise allow a renewal.
1640
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
1641
- Its current value will be referenced at renewal time.
1642
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
1643
- generated tokens; otherwise it will be added to the policies set in token_policies.
1644
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1645
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1646
- :param pulumi.Input[int] token_period: If set, indicates that the
1647
- token generated using this role should never expire. The token should be renewed within the
1648
- duration specified by this value. At each renewal, the token's TTL will be set to the
1649
- value of this field. Specified in seconds.
1650
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
1651
- on the auth method, this list may be supplemented by user/group/other values.
1652
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1653
- Its current value will be referenced at renewal time.
1607
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1608
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1609
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1610
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1611
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1612
+ :param pulumi.Input[int] token_period: Generated Token's Period
1613
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1614
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1654
1615
  :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1655
1616
  :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1656
1617
  :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1671,6 +1632,7 @@ class AuthBackend(pulumi.CustomResource):
1671
1632
  __props__.__dict__["certificate"] = certificate
1672
1633
  __props__.__dict__["client_tls_cert"] = client_tls_cert
1673
1634
  __props__.__dict__["client_tls_key"] = client_tls_key
1635
+ __props__.__dict__["connection_timeout"] = connection_timeout
1674
1636
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1675
1637
  __props__.__dict__["description"] = description
1676
1638
  __props__.__dict__["disable_remount"] = disable_remount
@@ -1754,6 +1716,14 @@ class AuthBackend(pulumi.CustomResource):
1754
1716
  def client_tls_key(self) -> pulumi.Output[str]:
1755
1717
  return pulumi.get(self, "client_tls_key")
1756
1718
 
1719
+ @property
1720
+ @pulumi.getter(name="connectionTimeout")
1721
+ def connection_timeout(self) -> pulumi.Output[int]:
1722
+ """
1723
+ Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1724
+ """
1725
+ return pulumi.get(self, "connection_timeout")
1726
+
1757
1727
  @property
1758
1728
  @pulumi.getter(name="denyNullBind")
1759
1729
  def deny_null_bind(self) -> pulumi.Output[bool]:
@@ -1842,7 +1812,7 @@ class AuthBackend(pulumi.CustomResource):
1842
1812
  """
1843
1813
  The namespace to provision the resource in.
1844
1814
  The value should not contain leading or trailing forward slashes.
1845
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
1815
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1846
1816
  *Available only for Vault Enterprise*.
1847
1817
  """
1848
1818
  return pulumi.get(self, "namespace")
@@ -1883,9 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
1883
1853
  @pulumi.getter(name="tokenBoundCidrs")
1884
1854
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1885
1855
  """
1886
- List of CIDR blocks; if set, specifies blocks of IP
1887
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1888
- as well.
1856
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1889
1857
  """
1890
1858
  return pulumi.get(self, "token_bound_cidrs")
1891
1859
 
@@ -1893,10 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
1893
1861
  @pulumi.getter(name="tokenExplicitMaxTtl")
1894
1862
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1895
1863
  """
1896
- If set, will encode an
1897
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1898
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1899
- `token_max_ttl` would otherwise allow a renewal.
1864
+ Generated Token's Explicit Maximum TTL in seconds
1900
1865
  """
1901
1866
  return pulumi.get(self, "token_explicit_max_ttl")
1902
1867
 
@@ -1904,8 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
1904
1869
  @pulumi.getter(name="tokenMaxTtl")
1905
1870
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1906
1871
  """
1907
- The maximum lifetime for generated tokens in number of seconds.
1908
- Its current value will be referenced at renewal time.
1872
+ The maximum lifetime of the generated token
1909
1873
  """
1910
1874
  return pulumi.get(self, "token_max_ttl")
1911
1875
 
@@ -1913,8 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
1913
1877
  @pulumi.getter(name="tokenNoDefaultPolicy")
1914
1878
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1915
1879
  """
1916
- If set, the default policy will not be set on
1917
- generated tokens; otherwise it will be added to the policies set in token_policies.
1880
+ If true, the 'default' policy will not automatically be added to generated tokens
1918
1881
  """
1919
1882
  return pulumi.get(self, "token_no_default_policy")
1920
1883
 
@@ -1922,8 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
1922
1885
  @pulumi.getter(name="tokenNumUses")
1923
1886
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1924
1887
  """
1925
- The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
1926
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1888
+ The maximum number of times a token may be used, a value of zero means unlimited
1927
1889
  """
1928
1890
  return pulumi.get(self, "token_num_uses")
1929
1891
 
@@ -1931,10 +1893,7 @@ class AuthBackend(pulumi.CustomResource):
1931
1893
  @pulumi.getter(name="tokenPeriod")
1932
1894
  def token_period(self) -> pulumi.Output[Optional[int]]:
1933
1895
  """
1934
- If set, indicates that the
1935
- token generated using this role should never expire. The token should be renewed within the
1936
- duration specified by this value. At each renewal, the token's TTL will be set to the
1937
- value of this field. Specified in seconds.
1896
+ Generated Token's Period
1938
1897
  """
1939
1898
  return pulumi.get(self, "token_period")
1940
1899
 
@@ -1942,8 +1901,7 @@ class AuthBackend(pulumi.CustomResource):
1942
1901
  @pulumi.getter(name="tokenPolicies")
1943
1902
  def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
1944
1903
  """
1945
- List of policies to encode onto generated tokens. Depending
1946
- on the auth method, this list may be supplemented by user/group/other values.
1904
+ Generated Token's Policies
1947
1905
  """
1948
1906
  return pulumi.get(self, "token_policies")
1949
1907
 
@@ -1951,8 +1909,7 @@ class AuthBackend(pulumi.CustomResource):
1951
1909
  @pulumi.getter(name="tokenTtl")
1952
1910
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1953
1911
  """
1954
- The incremental lifetime for generated tokens in number of seconds.
1955
- Its current value will be referenced at renewal time.
1912
+ The initial ttl of the token to generate in seconds
1956
1913
  """
1957
1914
  return pulumi.get(self, "token_ttl")
1958
1915