pulumi-vault 5.21.0a1710160723__py3-none-any.whl → 6.5.0a1736836139__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (229) hide show
  1. pulumi_vault/__init__.py +52 -0
  2. pulumi_vault/_inputs.py +560 -0
  3. pulumi_vault/_utilities.py +41 -5
  4. pulumi_vault/ad/get_access_credentials.py +22 -7
  5. pulumi_vault/ad/secret_backend.py +14 -144
  6. pulumi_vault/ad/secret_library.py +14 -11
  7. pulumi_vault/ad/secret_role.py +12 -11
  8. pulumi_vault/alicloud/auth_backend_role.py +74 -192
  9. pulumi_vault/approle/auth_backend_login.py +12 -11
  10. pulumi_vault/approle/auth_backend_role.py +75 -193
  11. pulumi_vault/approle/auth_backend_role_secret_id.py +106 -11
  12. pulumi_vault/approle/get_auth_backend_role_id.py +18 -9
  13. pulumi_vault/audit.py +24 -27
  14. pulumi_vault/audit_request_header.py +11 -6
  15. pulumi_vault/auth_backend.py +64 -12
  16. pulumi_vault/aws/auth_backend_cert.py +12 -7
  17. pulumi_vault/aws/auth_backend_client.py +265 -24
  18. pulumi_vault/aws/auth_backend_config_identity.py +12 -11
  19. pulumi_vault/aws/auth_backend_identity_whitelist.py +18 -17
  20. pulumi_vault/aws/auth_backend_login.py +19 -22
  21. pulumi_vault/aws/auth_backend_role.py +75 -193
  22. pulumi_vault/aws/auth_backend_role_tag.py +12 -7
  23. pulumi_vault/aws/auth_backend_roletag_blacklist.py +18 -17
  24. pulumi_vault/aws/auth_backend_sts_role.py +12 -11
  25. pulumi_vault/aws/get_access_credentials.py +34 -7
  26. pulumi_vault/aws/get_static_access_credentials.py +19 -5
  27. pulumi_vault/aws/secret_backend.py +75 -7
  28. pulumi_vault/aws/secret_backend_role.py +183 -11
  29. pulumi_vault/aws/secret_backend_static_role.py +14 -11
  30. pulumi_vault/azure/_inputs.py +24 -0
  31. pulumi_vault/azure/auth_backend_config.py +151 -17
  32. pulumi_vault/azure/auth_backend_role.py +75 -193
  33. pulumi_vault/azure/backend.py +223 -29
  34. pulumi_vault/azure/backend_role.py +42 -41
  35. pulumi_vault/azure/get_access_credentials.py +39 -11
  36. pulumi_vault/azure/outputs.py +5 -0
  37. pulumi_vault/cert_auth_backend_role.py +87 -271
  38. pulumi_vault/config/__init__.pyi +5 -0
  39. pulumi_vault/config/_inputs.py +73 -0
  40. pulumi_vault/config/outputs.py +35 -0
  41. pulumi_vault/config/ui_custom_message.py +529 -0
  42. pulumi_vault/config/vars.py +5 -0
  43. pulumi_vault/consul/secret_backend.py +22 -25
  44. pulumi_vault/consul/secret_backend_role.py +14 -80
  45. pulumi_vault/database/_inputs.py +2770 -881
  46. pulumi_vault/database/outputs.py +721 -838
  47. pulumi_vault/database/secret_backend_connection.py +117 -114
  48. pulumi_vault/database/secret_backend_role.py +29 -24
  49. pulumi_vault/database/secret_backend_static_role.py +85 -15
  50. pulumi_vault/database/secrets_mount.py +425 -138
  51. pulumi_vault/egp_policy.py +16 -15
  52. pulumi_vault/gcp/_inputs.py +111 -0
  53. pulumi_vault/gcp/auth_backend.py +248 -35
  54. pulumi_vault/gcp/auth_backend_role.py +75 -271
  55. pulumi_vault/gcp/get_auth_backend_role.py +43 -9
  56. pulumi_vault/gcp/outputs.py +5 -0
  57. pulumi_vault/gcp/secret_backend.py +287 -16
  58. pulumi_vault/gcp/secret_impersonated_account.py +74 -17
  59. pulumi_vault/gcp/secret_roleset.py +29 -26
  60. pulumi_vault/gcp/secret_static_account.py +37 -34
  61. pulumi_vault/generic/endpoint.py +22 -21
  62. pulumi_vault/generic/get_secret.py +68 -12
  63. pulumi_vault/generic/secret.py +19 -14
  64. pulumi_vault/get_auth_backend.py +24 -11
  65. pulumi_vault/get_auth_backends.py +33 -11
  66. pulumi_vault/get_namespace.py +226 -0
  67. pulumi_vault/get_namespaces.py +153 -0
  68. pulumi_vault/get_nomad_access_token.py +31 -15
  69. pulumi_vault/get_policy_document.py +34 -23
  70. pulumi_vault/get_raft_autopilot_state.py +29 -14
  71. pulumi_vault/github/_inputs.py +55 -0
  72. pulumi_vault/github/auth_backend.py +17 -16
  73. pulumi_vault/github/outputs.py +5 -0
  74. pulumi_vault/github/team.py +14 -13
  75. pulumi_vault/github/user.py +14 -13
  76. pulumi_vault/identity/entity.py +18 -15
  77. pulumi_vault/identity/entity_alias.py +18 -15
  78. pulumi_vault/identity/entity_policies.py +24 -19
  79. pulumi_vault/identity/get_entity.py +40 -14
  80. pulumi_vault/identity/get_group.py +45 -13
  81. pulumi_vault/identity/get_oidc_client_creds.py +21 -11
  82. pulumi_vault/identity/get_oidc_openid_config.py +39 -13
  83. pulumi_vault/identity/get_oidc_public_keys.py +29 -14
  84. pulumi_vault/identity/group.py +50 -49
  85. pulumi_vault/identity/group_alias.py +14 -11
  86. pulumi_vault/identity/group_member_entity_ids.py +24 -74
  87. pulumi_vault/identity/group_member_group_ids.py +36 -27
  88. pulumi_vault/identity/group_policies.py +16 -15
  89. pulumi_vault/identity/mfa_duo.py +9 -8
  90. pulumi_vault/identity/mfa_login_enforcement.py +13 -8
  91. pulumi_vault/identity/mfa_okta.py +9 -8
  92. pulumi_vault/identity/mfa_pingid.py +5 -4
  93. pulumi_vault/identity/mfa_totp.py +5 -4
  94. pulumi_vault/identity/oidc.py +12 -11
  95. pulumi_vault/identity/oidc_assignment.py +22 -13
  96. pulumi_vault/identity/oidc_client.py +34 -25
  97. pulumi_vault/identity/oidc_key.py +28 -19
  98. pulumi_vault/identity/oidc_key_allowed_client_id.py +28 -19
  99. pulumi_vault/identity/oidc_provider.py +34 -23
  100. pulumi_vault/identity/oidc_role.py +40 -27
  101. pulumi_vault/identity/oidc_scope.py +18 -15
  102. pulumi_vault/identity/outputs.py +8 -3
  103. pulumi_vault/jwt/_inputs.py +55 -0
  104. pulumi_vault/jwt/auth_backend.py +39 -46
  105. pulumi_vault/jwt/auth_backend_role.py +131 -260
  106. pulumi_vault/jwt/outputs.py +5 -0
  107. pulumi_vault/kmip/secret_backend.py +22 -21
  108. pulumi_vault/kmip/secret_role.py +12 -11
  109. pulumi_vault/kmip/secret_scope.py +12 -11
  110. pulumi_vault/kubernetes/auth_backend_config.py +55 -7
  111. pulumi_vault/kubernetes/auth_backend_role.py +68 -179
  112. pulumi_vault/kubernetes/get_auth_backend_config.py +60 -8
  113. pulumi_vault/kubernetes/get_auth_backend_role.py +40 -5
  114. pulumi_vault/kubernetes/get_service_account_token.py +39 -15
  115. pulumi_vault/kubernetes/secret_backend.py +314 -29
  116. pulumi_vault/kubernetes/secret_backend_role.py +135 -56
  117. pulumi_vault/kv/_inputs.py +36 -4
  118. pulumi_vault/kv/get_secret.py +23 -12
  119. pulumi_vault/kv/get_secret_subkeys_v2.py +31 -14
  120. pulumi_vault/kv/get_secret_v2.py +89 -9
  121. pulumi_vault/kv/get_secrets_list.py +22 -15
  122. pulumi_vault/kv/get_secrets_list_v2.py +35 -19
  123. pulumi_vault/kv/outputs.py +8 -3
  124. pulumi_vault/kv/secret.py +19 -18
  125. pulumi_vault/kv/secret_backend_v2.py +12 -11
  126. pulumi_vault/kv/secret_v2.py +55 -52
  127. pulumi_vault/ldap/auth_backend.py +125 -168
  128. pulumi_vault/ldap/auth_backend_group.py +12 -11
  129. pulumi_vault/ldap/auth_backend_user.py +12 -11
  130. pulumi_vault/ldap/get_dynamic_credentials.py +23 -5
  131. pulumi_vault/ldap/get_static_credentials.py +24 -5
  132. pulumi_vault/ldap/secret_backend.py +352 -84
  133. pulumi_vault/ldap/secret_backend_dynamic_role.py +12 -11
  134. pulumi_vault/ldap/secret_backend_library_set.py +14 -11
  135. pulumi_vault/ldap/secret_backend_static_role.py +67 -12
  136. pulumi_vault/managed/_inputs.py +289 -132
  137. pulumi_vault/managed/keys.py +27 -43
  138. pulumi_vault/managed/outputs.py +89 -132
  139. pulumi_vault/mfa_duo.py +16 -13
  140. pulumi_vault/mfa_okta.py +16 -13
  141. pulumi_vault/mfa_pingid.py +16 -13
  142. pulumi_vault/mfa_totp.py +22 -19
  143. pulumi_vault/mongodbatlas/secret_backend.py +18 -17
  144. pulumi_vault/mongodbatlas/secret_role.py +41 -38
  145. pulumi_vault/mount.py +389 -65
  146. pulumi_vault/namespace.py +26 -21
  147. pulumi_vault/nomad_secret_backend.py +16 -15
  148. pulumi_vault/nomad_secret_role.py +12 -11
  149. pulumi_vault/okta/_inputs.py +47 -8
  150. pulumi_vault/okta/auth_backend.py +483 -41
  151. pulumi_vault/okta/auth_backend_group.py +12 -11
  152. pulumi_vault/okta/auth_backend_user.py +12 -11
  153. pulumi_vault/okta/outputs.py +13 -8
  154. pulumi_vault/outputs.py +5 -0
  155. pulumi_vault/password_policy.py +18 -15
  156. pulumi_vault/pkisecret/__init__.py +3 -0
  157. pulumi_vault/pkisecret/_inputs.py +81 -0
  158. pulumi_vault/pkisecret/backend_config_cluster.py +369 -0
  159. pulumi_vault/pkisecret/backend_config_est.py +619 -0
  160. pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
  161. pulumi_vault/pkisecret/get_backend_issuer.py +63 -7
  162. pulumi_vault/pkisecret/get_backend_issuers.py +21 -12
  163. pulumi_vault/pkisecret/get_backend_key.py +24 -13
  164. pulumi_vault/pkisecret/get_backend_keys.py +21 -12
  165. pulumi_vault/pkisecret/outputs.py +69 -0
  166. pulumi_vault/pkisecret/secret_backend_cert.py +18 -15
  167. pulumi_vault/pkisecret/secret_backend_config_ca.py +16 -15
  168. pulumi_vault/pkisecret/secret_backend_config_issuers.py +12 -11
  169. pulumi_vault/pkisecret/secret_backend_config_urls.py +59 -11
  170. pulumi_vault/pkisecret/secret_backend_crl_config.py +14 -13
  171. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +16 -15
  172. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +22 -21
  173. pulumi_vault/pkisecret/secret_backend_issuer.py +12 -11
  174. pulumi_vault/pkisecret/secret_backend_key.py +12 -7
  175. pulumi_vault/pkisecret/secret_backend_role.py +19 -16
  176. pulumi_vault/pkisecret/secret_backend_root_cert.py +16 -52
  177. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +18 -62
  178. pulumi_vault/pkisecret/secret_backend_sign.py +18 -60
  179. pulumi_vault/plugin.py +595 -0
  180. pulumi_vault/plugin_pinned_version.py +298 -0
  181. pulumi_vault/policy.py +12 -7
  182. pulumi_vault/provider.py +48 -53
  183. pulumi_vault/pulumi-plugin.json +2 -1
  184. pulumi_vault/quota_lease_count.py +58 -8
  185. pulumi_vault/quota_rate_limit.py +54 -4
  186. pulumi_vault/rabbitmq/_inputs.py +61 -0
  187. pulumi_vault/rabbitmq/outputs.py +5 -0
  188. pulumi_vault/rabbitmq/secret_backend.py +16 -15
  189. pulumi_vault/rabbitmq/secret_backend_role.py +52 -49
  190. pulumi_vault/raft_autopilot.py +12 -11
  191. pulumi_vault/raft_snapshot_agent_config.py +121 -311
  192. pulumi_vault/rgp_policy.py +14 -13
  193. pulumi_vault/saml/auth_backend.py +20 -19
  194. pulumi_vault/saml/auth_backend_role.py +90 -199
  195. pulumi_vault/secrets/__init__.py +3 -0
  196. pulumi_vault/secrets/_inputs.py +110 -0
  197. pulumi_vault/secrets/outputs.py +94 -0
  198. pulumi_vault/secrets/sync_association.py +56 -75
  199. pulumi_vault/secrets/sync_aws_destination.py +240 -29
  200. pulumi_vault/secrets/sync_azure_destination.py +90 -33
  201. pulumi_vault/secrets/sync_config.py +7 -6
  202. pulumi_vault/secrets/sync_gcp_destination.py +156 -27
  203. pulumi_vault/secrets/sync_gh_destination.py +187 -15
  204. pulumi_vault/secrets/sync_github_apps.py +375 -0
  205. pulumi_vault/secrets/sync_vercel_destination.py +72 -15
  206. pulumi_vault/ssh/_inputs.py +28 -32
  207. pulumi_vault/ssh/outputs.py +11 -32
  208. pulumi_vault/ssh/secret_backend_ca.py +106 -11
  209. pulumi_vault/ssh/secret_backend_role.py +83 -120
  210. pulumi_vault/terraformcloud/secret_backend.py +5 -56
  211. pulumi_vault/terraformcloud/secret_creds.py +14 -24
  212. pulumi_vault/terraformcloud/secret_role.py +14 -76
  213. pulumi_vault/token.py +26 -25
  214. pulumi_vault/tokenauth/auth_backend_role.py +76 -201
  215. pulumi_vault/transform/alphabet.py +16 -13
  216. pulumi_vault/transform/get_decode.py +45 -21
  217. pulumi_vault/transform/get_encode.py +45 -21
  218. pulumi_vault/transform/role.py +16 -13
  219. pulumi_vault/transform/template.py +30 -25
  220. pulumi_vault/transform/transformation.py +12 -7
  221. pulumi_vault/transit/get_decrypt.py +26 -25
  222. pulumi_vault/transit/get_encrypt.py +24 -19
  223. pulumi_vault/transit/secret_backend_key.py +25 -97
  224. pulumi_vault/transit/secret_cache_config.py +12 -11
  225. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/METADATA +8 -7
  226. pulumi_vault-6.5.0a1736836139.dist-info/RECORD +256 -0
  227. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/WHEEL +1 -1
  228. pulumi_vault-5.21.0a1710160723.dist-info/RECORD +0 -244
  229. {pulumi_vault-5.21.0a1710160723.dist-info → pulumi_vault-6.5.0a1736836139.dist-info}/top_level.txt +0 -0
@@ -4,9 +4,14 @@
4
4
 
5
5
  import copy
6
6
  import warnings
7
+ import sys
7
8
  import pulumi
8
9
  import pulumi.runtime
9
10
  from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
10
15
  from .. import _utilities
11
16
 
12
17
  __all__ = ['AuthBackendRoleArgs', 'AuthBackendRole']
@@ -43,38 +48,20 @@ class AuthBackendRoleArgs:
43
48
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
44
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
45
50
  The value should not contain leading or trailing forward slashes.
46
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
51
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
47
52
  *Available only for Vault Enterprise*.
48
53
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
49
54
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
50
-
51
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
52
55
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
53
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
54
- addresses which can authenticate successfully, and ties the resulting token to these blocks
55
- as well.
56
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
57
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
58
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
59
- `token_max_ttl` would otherwise allow a renewal.
60
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
61
- Its current value will be referenced at renewal time.
62
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
63
- generated tokens; otherwise it will be added to the policies set in token_policies.
64
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
65
- of times a generated token may be used (within its lifetime); 0 means unlimited.
66
- :param pulumi.Input[int] token_period: If set, indicates that the
67
- token generated using this role should never expire. The token should be renewed within the
68
- duration specified by this value. At each renewal, the token's TTL will be set to the
69
- value of this field. Specified in seconds.
56
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
57
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
58
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
59
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
60
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
61
+ :param pulumi.Input[int] token_period: Generated Token's Period
70
62
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
71
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
72
- Its current value will be referenced at renewal time.
73
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
74
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
75
- `service` tokens). For token store roles, there are two additional possibilities:
76
- `default-service` and `default-batch` which specify the type to return unless the client
77
- requests a different type at generation time.
63
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
64
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
78
65
  """
79
66
  pulumi.set(__self__, "role_name", role_name)
80
67
  if allowed_entity_aliases is not None:
@@ -192,7 +179,7 @@ class AuthBackendRoleArgs:
192
179
  """
193
180
  The namespace to provision the resource in.
194
181
  The value should not contain leading or trailing forward slashes.
195
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
182
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
196
183
  *Available only for Vault Enterprise*.
197
184
  """
198
185
  return pulumi.get(self, "namespace")
@@ -218,8 +205,6 @@ class AuthBackendRoleArgs:
218
205
  def path_suffix(self) -> Optional[pulumi.Input[str]]:
219
206
  """
220
207
  Tokens created against this role will have the given suffix as part of their path in addition to the role name.
221
-
222
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
223
208
  """
224
209
  return pulumi.get(self, "path_suffix")
225
210
 
@@ -243,9 +228,7 @@ class AuthBackendRoleArgs:
243
228
  @pulumi.getter(name="tokenBoundCidrs")
244
229
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
245
230
  """
246
- List of CIDR blocks; if set, specifies blocks of IP
247
- addresses which can authenticate successfully, and ties the resulting token to these blocks
248
- as well.
231
+ Specifies the blocks of IP addresses which are allowed to use the generated token
249
232
  """
250
233
  return pulumi.get(self, "token_bound_cidrs")
251
234
 
@@ -257,10 +240,7 @@ class AuthBackendRoleArgs:
257
240
  @pulumi.getter(name="tokenExplicitMaxTtl")
258
241
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
259
242
  """
260
- If set, will encode an
261
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
262
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
263
- `token_max_ttl` would otherwise allow a renewal.
243
+ Generated Token's Explicit Maximum TTL in seconds
264
244
  """
265
245
  return pulumi.get(self, "token_explicit_max_ttl")
266
246
 
@@ -272,8 +252,7 @@ class AuthBackendRoleArgs:
272
252
  @pulumi.getter(name="tokenMaxTtl")
273
253
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
274
254
  """
275
- The maximum lifetime for generated tokens in number of seconds.
276
- Its current value will be referenced at renewal time.
255
+ The maximum lifetime of the generated token
277
256
  """
278
257
  return pulumi.get(self, "token_max_ttl")
279
258
 
@@ -285,8 +264,7 @@ class AuthBackendRoleArgs:
285
264
  @pulumi.getter(name="tokenNoDefaultPolicy")
286
265
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
287
266
  """
288
- If set, the default policy will not be set on
289
- generated tokens; otherwise it will be added to the policies set in token_policies.
267
+ If true, the 'default' policy will not automatically be added to generated tokens
290
268
  """
291
269
  return pulumi.get(self, "token_no_default_policy")
292
270
 
@@ -298,8 +276,7 @@ class AuthBackendRoleArgs:
298
276
  @pulumi.getter(name="tokenNumUses")
299
277
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
300
278
  """
301
- The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
302
- of times a generated token may be used (within its lifetime); 0 means unlimited.
279
+ The maximum number of times a token may be used, a value of zero means unlimited
303
280
  """
304
281
  return pulumi.get(self, "token_num_uses")
305
282
 
@@ -311,10 +288,7 @@ class AuthBackendRoleArgs:
311
288
  @pulumi.getter(name="tokenPeriod")
312
289
  def token_period(self) -> Optional[pulumi.Input[int]]:
313
290
  """
314
- If set, indicates that the
315
- token generated using this role should never expire. The token should be renewed within the
316
- duration specified by this value. At each renewal, the token's TTL will be set to the
317
- value of this field. Specified in seconds.
291
+ Generated Token's Period
318
292
  """
319
293
  return pulumi.get(self, "token_period")
320
294
 
@@ -338,8 +312,7 @@ class AuthBackendRoleArgs:
338
312
  @pulumi.getter(name="tokenTtl")
339
313
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
340
314
  """
341
- The incremental lifetime for generated tokens in number of seconds.
342
- Its current value will be referenced at renewal time.
315
+ The initial ttl of the token to generate in seconds
343
316
  """
344
317
  return pulumi.get(self, "token_ttl")
345
318
 
@@ -351,11 +324,7 @@ class AuthBackendRoleArgs:
351
324
  @pulumi.getter(name="tokenType")
352
325
  def token_type(self) -> Optional[pulumi.Input[str]]:
353
326
  """
354
- The type of token that should be generated. Can be `service`,
355
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
356
- `service` tokens). For token store roles, there are two additional possibilities:
357
- `default-service` and `default-batch` which specify the type to return unless the client
358
- requests a different type at generation time.
327
+ The type of token to generate, service or batch
359
328
  """
360
329
  return pulumi.get(self, "token_type")
361
330
 
@@ -395,39 +364,21 @@ class _AuthBackendRoleState:
395
364
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
396
365
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
397
366
  The value should not contain leading or trailing forward slashes.
398
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
367
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
399
368
  *Available only for Vault Enterprise*.
400
369
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
401
370
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
402
-
403
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
404
371
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
405
372
  :param pulumi.Input[str] role_name: The name of the role.
406
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
407
- addresses which can authenticate successfully, and ties the resulting token to these blocks
408
- as well.
409
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
410
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
411
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
412
- `token_max_ttl` would otherwise allow a renewal.
413
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
414
- Its current value will be referenced at renewal time.
415
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
416
- generated tokens; otherwise it will be added to the policies set in token_policies.
417
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
418
- of times a generated token may be used (within its lifetime); 0 means unlimited.
419
- :param pulumi.Input[int] token_period: If set, indicates that the
420
- token generated using this role should never expire. The token should be renewed within the
421
- duration specified by this value. At each renewal, the token's TTL will be set to the
422
- value of this field. Specified in seconds.
373
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
374
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
375
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
376
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
377
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
378
+ :param pulumi.Input[int] token_period: Generated Token's Period
423
379
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
424
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
425
- Its current value will be referenced at renewal time.
426
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
427
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
428
- `service` tokens). For token store roles, there are two additional possibilities:
429
- `default-service` and `default-batch` which specify the type to return unless the client
430
- requests a different type at generation time.
380
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
381
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
431
382
  """
432
383
  if allowed_entity_aliases is not None:
433
384
  pulumi.set(__self__, "allowed_entity_aliases", allowed_entity_aliases)
@@ -534,7 +485,7 @@ class _AuthBackendRoleState:
534
485
  """
535
486
  The namespace to provision the resource in.
536
487
  The value should not contain leading or trailing forward slashes.
537
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
488
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
538
489
  *Available only for Vault Enterprise*.
539
490
  """
540
491
  return pulumi.get(self, "namespace")
@@ -560,8 +511,6 @@ class _AuthBackendRoleState:
560
511
  def path_suffix(self) -> Optional[pulumi.Input[str]]:
561
512
  """
562
513
  Tokens created against this role will have the given suffix as part of their path in addition to the role name.
563
-
564
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
565
514
  """
566
515
  return pulumi.get(self, "path_suffix")
567
516
 
@@ -597,9 +546,7 @@ class _AuthBackendRoleState:
597
546
  @pulumi.getter(name="tokenBoundCidrs")
598
547
  def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
599
548
  """
600
- List of CIDR blocks; if set, specifies blocks of IP
601
- addresses which can authenticate successfully, and ties the resulting token to these blocks
602
- as well.
549
+ Specifies the blocks of IP addresses which are allowed to use the generated token
603
550
  """
604
551
  return pulumi.get(self, "token_bound_cidrs")
605
552
 
@@ -611,10 +558,7 @@ class _AuthBackendRoleState:
611
558
  @pulumi.getter(name="tokenExplicitMaxTtl")
612
559
  def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
613
560
  """
614
- If set, will encode an
615
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
616
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
617
- `token_max_ttl` would otherwise allow a renewal.
561
+ Generated Token's Explicit Maximum TTL in seconds
618
562
  """
619
563
  return pulumi.get(self, "token_explicit_max_ttl")
620
564
 
@@ -626,8 +570,7 @@ class _AuthBackendRoleState:
626
570
  @pulumi.getter(name="tokenMaxTtl")
627
571
  def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
628
572
  """
629
- The maximum lifetime for generated tokens in number of seconds.
630
- Its current value will be referenced at renewal time.
573
+ The maximum lifetime of the generated token
631
574
  """
632
575
  return pulumi.get(self, "token_max_ttl")
633
576
 
@@ -639,8 +582,7 @@ class _AuthBackendRoleState:
639
582
  @pulumi.getter(name="tokenNoDefaultPolicy")
640
583
  def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
641
584
  """
642
- If set, the default policy will not be set on
643
- generated tokens; otherwise it will be added to the policies set in token_policies.
585
+ If true, the 'default' policy will not automatically be added to generated tokens
644
586
  """
645
587
  return pulumi.get(self, "token_no_default_policy")
646
588
 
@@ -652,8 +594,7 @@ class _AuthBackendRoleState:
652
594
  @pulumi.getter(name="tokenNumUses")
653
595
  def token_num_uses(self) -> Optional[pulumi.Input[int]]:
654
596
  """
655
- The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
656
- of times a generated token may be used (within its lifetime); 0 means unlimited.
597
+ The maximum number of times a token may be used, a value of zero means unlimited
657
598
  """
658
599
  return pulumi.get(self, "token_num_uses")
659
600
 
@@ -665,10 +606,7 @@ class _AuthBackendRoleState:
665
606
  @pulumi.getter(name="tokenPeriod")
666
607
  def token_period(self) -> Optional[pulumi.Input[int]]:
667
608
  """
668
- If set, indicates that the
669
- token generated using this role should never expire. The token should be renewed within the
670
- duration specified by this value. At each renewal, the token's TTL will be set to the
671
- value of this field. Specified in seconds.
609
+ Generated Token's Period
672
610
  """
673
611
  return pulumi.get(self, "token_period")
674
612
 
@@ -692,8 +630,7 @@ class _AuthBackendRoleState:
692
630
  @pulumi.getter(name="tokenTtl")
693
631
  def token_ttl(self) -> Optional[pulumi.Input[int]]:
694
632
  """
695
- The incremental lifetime for generated tokens in number of seconds.
696
- Its current value will be referenced at renewal time.
633
+ The initial ttl of the token to generate in seconds
697
634
  """
698
635
  return pulumi.get(self, "token_ttl")
699
636
 
@@ -705,11 +642,7 @@ class _AuthBackendRoleState:
705
642
  @pulumi.getter(name="tokenType")
706
643
  def token_type(self) -> Optional[pulumi.Input[str]]:
707
644
  """
708
- The type of token that should be generated. Can be `service`,
709
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
710
- `service` tokens). For token store roles, there are two additional possibilities:
711
- `default-service` and `default-batch` which specify the type to return unless the client
712
- requests a different type at generation time.
645
+ The type of token to generate, service or batch
713
646
  """
714
647
  return pulumi.get(self, "token_type")
715
648
 
@@ -750,26 +683,24 @@ class AuthBackendRole(pulumi.CustomResource):
750
683
 
751
684
  ## Example Usage
752
685
 
753
- <!--Start PulumiCodeChooser -->
754
686
  ```python
755
687
  import pulumi
756
688
  import pulumi_vault as vault
757
689
 
758
690
  example = vault.tokenauth.AuthBackendRole("example",
759
- allowed_entity_aliases=["test_entity"],
691
+ role_name="my-role",
760
692
  allowed_policies=[
761
693
  "dev",
762
694
  "test",
763
695
  ],
764
696
  disallowed_policies=["default"],
697
+ allowed_entity_aliases=["test_entity"],
765
698
  orphan=True,
766
- path_suffix="path-suffix",
699
+ token_period=86400,
767
700
  renewable=True,
768
- role_name="my-role",
769
701
  token_explicit_max_ttl=115200,
770
- token_period=86400)
702
+ path_suffix="path-suffix")
771
703
  ```
772
- <!--End PulumiCodeChooser -->
773
704
 
774
705
  ## Import
775
706
 
@@ -788,39 +719,21 @@ class AuthBackendRole(pulumi.CustomResource):
788
719
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
789
720
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
790
721
  The value should not contain leading or trailing forward slashes.
791
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
722
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
792
723
  *Available only for Vault Enterprise*.
793
724
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
794
725
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
795
-
796
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
797
726
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
798
727
  :param pulumi.Input[str] role_name: The name of the role.
799
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
800
- addresses which can authenticate successfully, and ties the resulting token to these blocks
801
- as well.
802
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
803
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
804
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
805
- `token_max_ttl` would otherwise allow a renewal.
806
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
807
- Its current value will be referenced at renewal time.
808
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
809
- generated tokens; otherwise it will be added to the policies set in token_policies.
810
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
811
- of times a generated token may be used (within its lifetime); 0 means unlimited.
812
- :param pulumi.Input[int] token_period: If set, indicates that the
813
- token generated using this role should never expire. The token should be renewed within the
814
- duration specified by this value. At each renewal, the token's TTL will be set to the
815
- value of this field. Specified in seconds.
728
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
729
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
730
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
731
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
732
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
733
+ :param pulumi.Input[int] token_period: Generated Token's Period
816
734
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
817
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
818
- Its current value will be referenced at renewal time.
819
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
820
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
821
- `service` tokens). For token store roles, there are two additional possibilities:
822
- `default-service` and `default-batch` which specify the type to return unless the client
823
- requests a different type at generation time.
735
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
736
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
824
737
  """
825
738
  ...
826
739
  @overload
@@ -835,26 +748,24 @@ class AuthBackendRole(pulumi.CustomResource):
835
748
 
836
749
  ## Example Usage
837
750
 
838
- <!--Start PulumiCodeChooser -->
839
751
  ```python
840
752
  import pulumi
841
753
  import pulumi_vault as vault
842
754
 
843
755
  example = vault.tokenauth.AuthBackendRole("example",
844
- allowed_entity_aliases=["test_entity"],
756
+ role_name="my-role",
845
757
  allowed_policies=[
846
758
  "dev",
847
759
  "test",
848
760
  ],
849
761
  disallowed_policies=["default"],
762
+ allowed_entity_aliases=["test_entity"],
850
763
  orphan=True,
851
- path_suffix="path-suffix",
764
+ token_period=86400,
852
765
  renewable=True,
853
- role_name="my-role",
854
766
  token_explicit_max_ttl=115200,
855
- token_period=86400)
767
+ path_suffix="path-suffix")
856
768
  ```
857
- <!--End PulumiCodeChooser -->
858
769
 
859
770
  ## Import
860
771
 
@@ -971,39 +882,21 @@ class AuthBackendRole(pulumi.CustomResource):
971
882
  :param pulumi.Input[Sequence[pulumi.Input[str]]] disallowed_policies_globs: Set of disallowed policies with glob match for given role.
972
883
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
973
884
  The value should not contain leading or trailing forward slashes.
974
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
885
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
975
886
  *Available only for Vault Enterprise*.
976
887
  :param pulumi.Input[bool] orphan: If true, tokens created against this policy will be orphan tokens.
977
888
  :param pulumi.Input[str] path_suffix: Tokens created against this role will have the given suffix as part of their path in addition to the role name.
978
-
979
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
980
889
  :param pulumi.Input[bool] renewable: Whether to disable the ability of the token to be renewed past its initial TTL.
981
890
  :param pulumi.Input[str] role_name: The name of the role.
982
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
983
- addresses which can authenticate successfully, and ties the resulting token to these blocks
984
- as well.
985
- :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
986
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
987
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
988
- `token_max_ttl` would otherwise allow a renewal.
989
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
990
- Its current value will be referenced at renewal time.
991
- :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
992
- generated tokens; otherwise it will be added to the policies set in token_policies.
993
- :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
994
- of times a generated token may be used (within its lifetime); 0 means unlimited.
995
- :param pulumi.Input[int] token_period: If set, indicates that the
996
- token generated using this role should never expire. The token should be renewed within the
997
- duration specified by this value. At each renewal, the token's TTL will be set to the
998
- value of this field. Specified in seconds.
891
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
892
+ :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
893
+ :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
894
+ :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
895
+ :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
896
+ :param pulumi.Input[int] token_period: Generated Token's Period
999
897
  :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1000
- :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
1001
- Its current value will be referenced at renewal time.
1002
- :param pulumi.Input[str] token_type: The type of token that should be generated. Can be `service`,
1003
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1004
- `service` tokens). For token store roles, there are two additional possibilities:
1005
- `default-service` and `default-batch` which specify the type to return unless the client
1006
- requests a different type at generation time.
898
+ :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
899
+ :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1007
900
  """
1008
901
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1009
902
 
@@ -1076,7 +969,7 @@ class AuthBackendRole(pulumi.CustomResource):
1076
969
  """
1077
970
  The namespace to provision the resource in.
1078
971
  The value should not contain leading or trailing forward slashes.
1079
- The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
972
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1080
973
  *Available only for Vault Enterprise*.
1081
974
  """
1082
975
  return pulumi.get(self, "namespace")
@@ -1094,8 +987,6 @@ class AuthBackendRole(pulumi.CustomResource):
1094
987
  def path_suffix(self) -> pulumi.Output[Optional[str]]:
1095
988
  """
1096
989
  Tokens created against this role will have the given suffix as part of their path in addition to the role name.
1097
-
1098
- > Due to a bug the resource. This *will* cause all existing tokens issued by this role to be revoked.
1099
990
  """
1100
991
  return pulumi.get(self, "path_suffix")
1101
992
 
@@ -1119,9 +1010,7 @@ class AuthBackendRole(pulumi.CustomResource):
1119
1010
  @pulumi.getter(name="tokenBoundCidrs")
1120
1011
  def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
1121
1012
  """
1122
- List of CIDR blocks; if set, specifies blocks of IP
1123
- addresses which can authenticate successfully, and ties the resulting token to these blocks
1124
- as well.
1013
+ Specifies the blocks of IP addresses which are allowed to use the generated token
1125
1014
  """
1126
1015
  return pulumi.get(self, "token_bound_cidrs")
1127
1016
 
@@ -1129,10 +1018,7 @@ class AuthBackendRole(pulumi.CustomResource):
1129
1018
  @pulumi.getter(name="tokenExplicitMaxTtl")
1130
1019
  def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
1131
1020
  """
1132
- If set, will encode an
1133
- [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
1134
- onto the token in number of seconds. This is a hard cap even if `token_ttl` and
1135
- `token_max_ttl` would otherwise allow a renewal.
1021
+ Generated Token's Explicit Maximum TTL in seconds
1136
1022
  """
1137
1023
  return pulumi.get(self, "token_explicit_max_ttl")
1138
1024
 
@@ -1140,8 +1026,7 @@ class AuthBackendRole(pulumi.CustomResource):
1140
1026
  @pulumi.getter(name="tokenMaxTtl")
1141
1027
  def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
1142
1028
  """
1143
- The maximum lifetime for generated tokens in number of seconds.
1144
- Its current value will be referenced at renewal time.
1029
+ The maximum lifetime of the generated token
1145
1030
  """
1146
1031
  return pulumi.get(self, "token_max_ttl")
1147
1032
 
@@ -1149,8 +1034,7 @@ class AuthBackendRole(pulumi.CustomResource):
1149
1034
  @pulumi.getter(name="tokenNoDefaultPolicy")
1150
1035
  def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
1151
1036
  """
1152
- If set, the default policy will not be set on
1153
- generated tokens; otherwise it will be added to the policies set in token_policies.
1037
+ If true, the 'default' policy will not automatically be added to generated tokens
1154
1038
  """
1155
1039
  return pulumi.get(self, "token_no_default_policy")
1156
1040
 
@@ -1158,8 +1042,7 @@ class AuthBackendRole(pulumi.CustomResource):
1158
1042
  @pulumi.getter(name="tokenNumUses")
1159
1043
  def token_num_uses(self) -> pulumi.Output[Optional[int]]:
1160
1044
  """
1161
- The [maximum number](https://www.vaultproject.io/api-docs/token#token_num_uses)
1162
- of times a generated token may be used (within its lifetime); 0 means unlimited.
1045
+ The maximum number of times a token may be used, a value of zero means unlimited
1163
1046
  """
1164
1047
  return pulumi.get(self, "token_num_uses")
1165
1048
 
@@ -1167,10 +1050,7 @@ class AuthBackendRole(pulumi.CustomResource):
1167
1050
  @pulumi.getter(name="tokenPeriod")
1168
1051
  def token_period(self) -> pulumi.Output[Optional[int]]:
1169
1052
  """
1170
- If set, indicates that the
1171
- token generated using this role should never expire. The token should be renewed within the
1172
- duration specified by this value. At each renewal, the token's TTL will be set to the
1173
- value of this field. Specified in seconds.
1053
+ Generated Token's Period
1174
1054
  """
1175
1055
  return pulumi.get(self, "token_period")
1176
1056
 
@@ -1186,8 +1066,7 @@ class AuthBackendRole(pulumi.CustomResource):
1186
1066
  @pulumi.getter(name="tokenTtl")
1187
1067
  def token_ttl(self) -> pulumi.Output[Optional[int]]:
1188
1068
  """
1189
- The incremental lifetime for generated tokens in number of seconds.
1190
- Its current value will be referenced at renewal time.
1069
+ The initial ttl of the token to generate in seconds
1191
1070
  """
1192
1071
  return pulumi.get(self, "token_ttl")
1193
1072
 
@@ -1195,11 +1074,7 @@ class AuthBackendRole(pulumi.CustomResource):
1195
1074
  @pulumi.getter(name="tokenType")
1196
1075
  def token_type(self) -> pulumi.Output[Optional[str]]:
1197
1076
  """
1198
- The type of token that should be generated. Can be `service`,
1199
- `batch`, or `default` to use the mount's tuned default (which unless changed will be
1200
- `service` tokens). For token store roles, there are two additional possibilities:
1201
- `default-service` and `default-batch` which specify the type to return unless the client
1202
- requests a different type at generation time.
1077
+ The type of token to generate, service or batch
1203
1078
  """
1204
1079
  return pulumi.get(self, "token_type")
1205
1080