pulumi-vault 6.1.1a1717550614__py3-none-any.whl → 6.2.0a1712470779__py3-none-any.whl

pulumi_vault/ldap/auth_backend.py

@@ -78,14 +78,27 @@ class AuthBackendArgs:
         :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
         :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
         :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+               addresses which can authenticate successfully, and ties the resulting token to these blocks
+               as well.
+        :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
+               [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+               onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+               `token_max_ttl` would otherwise allow a renewal.
+        :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
+        :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
+               generated tokens; otherwise it will be added to the policies set in token_policies.
+        :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+               of times a generated token may be used (within its lifetime); 0 means unlimited.
+        :param pulumi.Input[int] token_period: If set, indicates that the
+               token generated using this role should never expire. The token should be renewed within the
+               duration specified by this value. At each renewal, the token's TTL will be set to the
+               value of this field. Specified in seconds.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
+               on the auth method, this list may be supplemented by user/group/other values.
+        :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
         :param pulumi.Input[str] token_type: The type of token to generate, service or batch
         :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
@@ -435,7 +448,9 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenBoundCidrs")
     def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Specifies the blocks of IP addresses which are allowed to use the generated token
+        List of CIDR blocks; if set, specifies blocks of IP
+        addresses which can authenticate successfully, and ties the resulting token to these blocks
+        as well.
         """
         return pulumi.get(self, "token_bound_cidrs")
 
@@ -447,7 +462,10 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenExplicitMaxTtl")
     def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        Generated Token's Explicit Maximum TTL in seconds
+        If set, will encode an
+        [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+        onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+        `token_max_ttl` would otherwise allow a renewal.
         """
         return pulumi.get(self, "token_explicit_max_ttl")
 
@@ -459,7 +477,8 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenMaxTtl")
     def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        The maximum lifetime of the generated token
+        The maximum lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_max_ttl")
 
@@ -471,7 +490,8 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenNoDefaultPolicy")
     def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
         """
-        If true, the 'default' policy will not automatically be added to generated tokens
+        If set, the default policy will not be set on
+        generated tokens; otherwise it will be added to the policies set in token_policies.
         """
         return pulumi.get(self, "token_no_default_policy")
 
@@ -483,7 +503,8 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenNumUses")
     def token_num_uses(self) -> Optional[pulumi.Input[int]]:
         """
-        The maximum number of times a token may be used, a value of zero means unlimited
+        The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+        of times a generated token may be used (within its lifetime); 0 means unlimited.
         """
         return pulumi.get(self, "token_num_uses")
 
@@ -495,7 +516,10 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenPeriod")
     def token_period(self) -> Optional[pulumi.Input[int]]:
         """
-        Generated Token's Period
+        If set, indicates that the
+        token generated using this role should never expire. The token should be renewed within the
+        duration specified by this value. At each renewal, the token's TTL will be set to the
+        value of this field. Specified in seconds.
         """
         return pulumi.get(self, "token_period")
 
@@ -507,7 +531,8 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenPolicies")
     def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Generated Token's Policies
+        List of policies to encode onto generated tokens. Depending
+        on the auth method, this list may be supplemented by user/group/other values.
         """
         return pulumi.get(self, "token_policies")
 
@@ -519,7 +544,8 @@ class AuthBackendArgs:
     @pulumi.getter(name="tokenTtl")
     def token_ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        The initial ttl of the token to generate in seconds
+        The incremental lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_ttl")
 
@@ -680,14 +706,27 @@ class _AuthBackendState:
         :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
         :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
         :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+               addresses which can authenticate successfully, and ties the resulting token to these blocks
+               as well.
+        :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
+               [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+               onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+               `token_max_ttl` would otherwise allow a renewal.
+        :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
+        :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
+               generated tokens; otherwise it will be added to the policies set in token_policies.
+        :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+               of times a generated token may be used (within its lifetime); 0 means unlimited.
+        :param pulumi.Input[int] token_period: If set, indicates that the
+               token generated using this role should never expire. The token should be renewed within the
+               duration specified by this value. At each renewal, the token's TTL will be set to the
+               value of this field. Specified in seconds.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
+               on the auth method, this list may be supplemented by user/group/other values.
+        :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
         :param pulumi.Input[str] token_type: The type of token to generate, service or batch
         :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1041,7 +1080,9 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenBoundCidrs")
     def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Specifies the blocks of IP addresses which are allowed to use the generated token
+        List of CIDR blocks; if set, specifies blocks of IP
+        addresses which can authenticate successfully, and ties the resulting token to these blocks
+        as well.
         """
         return pulumi.get(self, "token_bound_cidrs")
 
@@ -1053,7 +1094,10 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenExplicitMaxTtl")
     def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        Generated Token's Explicit Maximum TTL in seconds
+        If set, will encode an
+        [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+        onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+        `token_max_ttl` would otherwise allow a renewal.
         """
         return pulumi.get(self, "token_explicit_max_ttl")
 
@@ -1065,7 +1109,8 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenMaxTtl")
     def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        The maximum lifetime of the generated token
+        The maximum lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_max_ttl")
 
@@ -1077,7 +1122,8 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenNoDefaultPolicy")
     def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
         """
-        If true, the 'default' policy will not automatically be added to generated tokens
+        If set, the default policy will not be set on
+        generated tokens; otherwise it will be added to the policies set in token_policies.
         """
         return pulumi.get(self, "token_no_default_policy")
 
@@ -1089,7 +1135,8 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenNumUses")
     def token_num_uses(self) -> Optional[pulumi.Input[int]]:
         """
-        The maximum number of times a token may be used, a value of zero means unlimited
+        The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+        of times a generated token may be used (within its lifetime); 0 means unlimited.
         """
         return pulumi.get(self, "token_num_uses")
 
@@ -1101,7 +1148,10 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenPeriod")
     def token_period(self) -> Optional[pulumi.Input[int]]:
         """
-        Generated Token's Period
+        If set, indicates that the
+        token generated using this role should never expire. The token should be renewed within the
+        duration specified by this value. At each renewal, the token's TTL will be set to the
+        value of this field. Specified in seconds.
         """
         return pulumi.get(self, "token_period")
 
@@ -1113,7 +1163,8 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenPolicies")
     def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Generated Token's Policies
+        List of policies to encode onto generated tokens. Depending
+        on the auth method, this list may be supplemented by user/group/other values.
         """
         return pulumi.get(self, "token_policies")
 
@@ -1125,7 +1176,8 @@ class _AuthBackendState:
     @pulumi.getter(name="tokenTtl")
     def token_ttl(self) -> Optional[pulumi.Input[int]]:
         """
-        The initial ttl of the token to generate in seconds
+        The incremental lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_ttl")
 
@@ -1278,20 +1330,22 @@ class AuthBackend(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         ldap = vault.ldap.AuthBackend("ldap",
+            discoverdn=False,
+            groupdn="OU=Groups,DC=example,DC=org",
+            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
             path="ldap",
+            upndomain="EXAMPLE.ORG",
             url="ldaps://dc-01.example.org",
-            userdn="OU=Users,OU=Accounts,DC=example,DC=org",
             userattr="sAMAccountName",
-            upndomain="EXAMPLE.ORG",
-            discoverdn=False,
-            groupdn="OU=Groups,DC=example,DC=org",
-            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
+            userdn="OU=Users,OU=Accounts,DC=example,DC=org")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -1327,14 +1381,27 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
         :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
         :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+               addresses which can authenticate successfully, and ties the resulting token to these blocks
+               as well.
+        :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
+               [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+               onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+               `token_max_ttl` would otherwise allow a renewal.
+        :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
+        :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
+               generated tokens; otherwise it will be added to the policies set in token_policies.
+        :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+               of times a generated token may be used (within its lifetime); 0 means unlimited.
+        :param pulumi.Input[int] token_period: If set, indicates that the
+               token generated using this role should never expire. The token should be renewed within the
+               duration specified by this value. At each renewal, the token's TTL will be set to the
+               value of this field. Specified in seconds.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
+               on the auth method, this list may be supplemented by user/group/other values.
+        :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
         :param pulumi.Input[str] token_type: The type of token to generate, service or batch
         :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1355,20 +1422,22 @@ class AuthBackend(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         ldap = vault.ldap.AuthBackend("ldap",
+            discoverdn=False,
+            groupdn="OU=Groups,DC=example,DC=org",
+            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
             path="ldap",
+            upndomain="EXAMPLE.ORG",
             url="ldaps://dc-01.example.org",
-            userdn="OU=Users,OU=Accounts,DC=example,DC=org",
             userattr="sAMAccountName",
-            upndomain="EXAMPLE.ORG",
-            discoverdn=False,
-            groupdn="OU=Groups,DC=example,DC=org",
-            groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
+            userdn="OU=Users,OU=Accounts,DC=example,DC=org")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -1561,14 +1630,27 @@ class AuthBackend(pulumi.CustomResource):
         :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
         :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
         :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
-        :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
-        :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
-        :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
-        :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
-        :param pulumi.Input[int] token_period: Generated Token's Period
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
-        :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: List of CIDR blocks; if set, specifies blocks of IP
+               addresses which can authenticate successfully, and ties the resulting token to these blocks
+               as well.
+        :param pulumi.Input[int] token_explicit_max_ttl: If set, will encode an
+               [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+               onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+               `token_max_ttl` would otherwise allow a renewal.
+        :param pulumi.Input[int] token_max_ttl: The maximum lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
+        :param pulumi.Input[bool] token_no_default_policy: If set, the default policy will not be set on
+               generated tokens; otherwise it will be added to the policies set in token_policies.
+        :param pulumi.Input[int] token_num_uses: The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+               of times a generated token may be used (within its lifetime); 0 means unlimited.
+        :param pulumi.Input[int] token_period: If set, indicates that the
+               token generated using this role should never expire. The token should be renewed within the
+               duration specified by this value. At each renewal, the token's TTL will be set to the
+               value of this field. Specified in seconds.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: List of policies to encode onto generated tokens. Depending
+               on the auth method, this list may be supplemented by user/group/other values.
+        :param pulumi.Input[int] token_ttl: The incremental lifetime for generated tokens in number of seconds.
+               Its current value will be referenced at renewal time.
         :param pulumi.Input[str] token_type: The type of token to generate, service or batch
         :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
         :param pulumi.Input[str] url: The URL of the LDAP server
@@ -1801,7 +1883,9 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenBoundCidrs")
     def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        Specifies the blocks of IP addresses which are allowed to use the generated token
+        List of CIDR blocks; if set, specifies blocks of IP
+        addresses which can authenticate successfully, and ties the resulting token to these blocks
+        as well.
         """
         return pulumi.get(self, "token_bound_cidrs")
 
@@ -1809,7 +1893,10 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenExplicitMaxTtl")
     def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
         """
-        Generated Token's Explicit Maximum TTL in seconds
+        If set, will encode an
+        [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
+        onto the token in number of seconds. This is a hard cap even if `token_ttl` and
+        `token_max_ttl` would otherwise allow a renewal.
         """
         return pulumi.get(self, "token_explicit_max_ttl")
 
@@ -1817,7 +1904,8 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenMaxTtl")
     def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
         """
-        The maximum lifetime of the generated token
+        The maximum lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_max_ttl")
 
@@ -1825,7 +1913,8 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenNoDefaultPolicy")
     def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
         """
-        If true, the 'default' policy will not automatically be added to generated tokens
+        If set, the default policy will not be set on
+        generated tokens; otherwise it will be added to the policies set in token_policies.
         """
         return pulumi.get(self, "token_no_default_policy")
 
@@ -1833,7 +1922,8 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenNumUses")
     def token_num_uses(self) -> pulumi.Output[Optional[int]]:
         """
-        The maximum number of times a token may be used, a value of zero means unlimited
+        The [maximum number](https://www.vaultproject.io/api-docs/ldap#token_num_uses)
+        of times a generated token may be used (within its lifetime); 0 means unlimited.
         """
         return pulumi.get(self, "token_num_uses")
 
@@ -1841,7 +1931,10 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenPeriod")
     def token_period(self) -> pulumi.Output[Optional[int]]:
         """
-        Generated Token's Period
+        If set, indicates that the
+        token generated using this role should never expire. The token should be renewed within the
+        duration specified by this value. At each renewal, the token's TTL will be set to the
+        value of this field. Specified in seconds.
         """
         return pulumi.get(self, "token_period")
 
@@ -1849,7 +1942,8 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenPolicies")
     def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        Generated Token's Policies
+        List of policies to encode onto generated tokens. Depending
+        on the auth method, this list may be supplemented by user/group/other values.
         """
         return pulumi.get(self, "token_policies")
 
@@ -1857,7 +1951,8 @@ class AuthBackend(pulumi.CustomResource):
     @pulumi.getter(name="tokenTtl")
     def token_ttl(self) -> pulumi.Output[Optional[int]]:
         """
-        The initial ttl of the token to generate in seconds
+        The incremental lifetime for generated tokens in number of seconds.
+        Its current value will be referenced at renewal time.
         """
         return pulumi.get(self, "token_ttl")
 

pulumi_vault/ldap/auth_backend_group.py

@@ -189,6 +189,7 @@ class AuthBackendGroup(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -207,6 +208,7 @@ class AuthBackendGroup(pulumi.CustomResource):
             policies=["dba"],
             backend=ldap.path)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -239,6 +241,7 @@ class AuthBackendGroup(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -257,6 +260,7 @@ class AuthBackendGroup(pulumi.CustomResource):
             policies=["dba"],
             backend=ldap.path)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 

pulumi_vault/ldap/auth_backend_user.py

@@ -222,6 +222,7 @@ class AuthBackendUser(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -243,6 +244,7 @@ class AuthBackendUser(pulumi.CustomResource):
             ],
             backend=ldap.path)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -276,6 +278,7 @@ class AuthBackendUser(pulumi.CustomResource):
 
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -297,6 +300,7 @@ class AuthBackendUser(pulumi.CustomResource):
             ],
             backend=ldap.path)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 

pulumi_vault/ldap/secret_backend.py

@@ -1051,18 +1051,20 @@ class SecretBackend(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         config = vault.ldap.SecretBackend("config",
-            path="my-custom-ldap",
             binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
             bindpass="SuperSecretPassw0rd",
-            url="ldaps://localhost",
             insecure_tls=True,
+            path="my-custom-ldap",
+            url="ldaps://localhost",
             userdn="CN=Users,DC=corp,DC=example,DC=net")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -1124,18 +1126,20 @@ class SecretBackend(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
 
         config = vault.ldap.SecretBackend("config",
-            path="my-custom-ldap",
             binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
             bindpass="SuperSecretPassw0rd",
-            url="ldaps://localhost",
             insecure_tls=True,
+            path="my-custom-ldap",
+            url="ldaps://localhost",
             userdn="CN=Users,DC=corp,DC=example,DC=net")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 

pulumi_vault/ldap/secret_backend_dynamic_role.py

@@ -422,6 +422,7 @@ class SecretBackendDynamicRole(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -450,6 +451,7 @@ class SecretBackendDynamicRole(pulumi.CustomResource):
         changetype: delete
         \"\"\")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -504,6 +506,7 @@ class SecretBackendDynamicRole(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -532,6 +535,7 @@ class SecretBackendDynamicRole(pulumi.CustomResource):
         changetype: delete
         \"\"\")
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 

pulumi_vault/ldap/secret_backend_library_set.py

@@ -298,6 +298,7 @@ class SecretBackendLibrarySet(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -311,7 +312,6 @@ class SecretBackendLibrarySet(pulumi.CustomResource):
             userdn="CN=Users,DC=corp,DC=example,DC=net")
         qa = vault.ldap.SecretBackendLibrarySet("qa",
             mount=config.path,
-            name="qa",
             service_account_names=[
                 "Bob",
                 "Mary",
@@ -320,6 +320,7 @@ class SecretBackendLibrarySet(pulumi.CustomResource):
             disable_check_in_enforcement=True,
             max_ttl=120)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import
 
@@ -356,6 +357,7 @@ class SecretBackendLibrarySet(pulumi.CustomResource):
         """
         ## Example Usage
 
+        <!--Start PulumiCodeChooser -->
         ```python
         import pulumi
         import pulumi_vault as vault
@@ -369,7 +371,6 @@ class SecretBackendLibrarySet(pulumi.CustomResource):
             userdn="CN=Users,DC=corp,DC=example,DC=net")
         qa = vault.ldap.SecretBackendLibrarySet("qa",
             mount=config.path,
-            name="qa",
             service_account_names=[
                 "Bob",
                 "Mary",
@@ -378,6 +379,7 @@ class SecretBackendLibrarySet(pulumi.CustomResource):
             disable_check_in_enforcement=True,
             max_ttl=120)
         ```
+        <!--End PulumiCodeChooser -->
 
         ## Import