PyPI - pulumi-vault - Versions diffs - 6.5.0a1736850018__py3-none-any.whl → 6.6.0__py3-none-any.whl - Mend

pulumi-vault 6.5.0a1736850018py3-none-any.whl → 6.6.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

pulumi_vault/__init__.py +32 -0
pulumi_vault/_utilities.py +8 -4
pulumi_vault/aws/auth_backend_client.py +228 -4
pulumi_vault/aws/auth_backend_sts_role.py +47 -0
pulumi_vault/aws/secret_backend.py +395 -38
pulumi_vault/aws/secret_backend_static_role.py +217 -0
pulumi_vault/azure/auth_backend_config.py +257 -5
pulumi_vault/azure/backend.py +249 -4
pulumi_vault/database/_inputs.py +1740 -44
pulumi_vault/database/outputs.py +1198 -18
pulumi_vault/database/secret_backend_connection.py +220 -0
pulumi_vault/database/secret_backend_static_role.py +143 -1
pulumi_vault/database/secrets_mount.py +8 -0
pulumi_vault/gcp/auth_backend.py +222 -2
pulumi_vault/gcp/secret_backend.py +244 -4
pulumi_vault/ldap/auth_backend.py +222 -2
pulumi_vault/ldap/secret_backend.py +222 -2
pulumi_vault/pkisecret/__init__.py +6 -0
pulumi_vault/pkisecret/_inputs.py +34 -6
pulumi_vault/pkisecret/backend_acme_eab.py +549 -0
pulumi_vault/pkisecret/backend_config_acme.py +689 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +572 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
pulumi_vault/pkisecret/outputs.py +40 -4
pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
pulumi_vault/pkisecret/secret_backend_role.py +299 -3
pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/ssh/__init__.py +1 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/secret_backend_role.py +27 -0
pulumi_vault/terraformcloud/secret_role.py +7 -7
pulumi_vault/transit/__init__.py +2 -0
pulumi_vault/transit/get_sign.py +324 -0
pulumi_vault/transit/get_verify.py +354 -0
pulumi_vault/transit/secret_backend_key.py +162 -0
{pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/METADATA +1 -1
{pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/RECORD +48 -39
{pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/WHEEL +1 -1
{pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/top_level.txt +0 -0

pulumi_vault/aws/secret_backend.py CHANGED Viewed

@@ -22,6 +22,7 @@ class SecretBackendArgs:
                  access_key: Optional[pulumi.Input[str]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  description: Optional[pulumi.Input[str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  iam_endpoint: Optional[pulumi.Input[str]] = None,
                  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -33,8 +34,14 @@ class SecretBackendArgs:
                  path: Optional[pulumi.Input[str]] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  role_arn: Optional[pulumi.Input[str]] = None,
+                 rotation_period: Optional[pulumi.Input[int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[str]] = None,
+                 rotation_window: Optional[pulumi.Input[int]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a SecretBackend resource.
@@ -43,6 +50,7 @@ class SecretBackendArgs:
         :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
                issued by this backend.
         :param pulumi.Input[str] description: A human-friendly description for this backend.
+        :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
@@ -60,6 +68,19 @@ class SecretBackendArgs:
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+        :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
+        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
                ```
                {{ if (eq .Type "STS") }}
@@ -69,9 +90,6 @@ class SecretBackendArgs:
                {{ end }}
                ```
-        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
-        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
-        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         if access_key is not None:
             pulumi.set(__self__, "access_key", access_key)
@@ -79,6 +97,8 @@ class SecretBackendArgs:
             pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
         if description is not None:
             pulumi.set(__self__, "description", description)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if disable_remount is not None:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if iam_endpoint is not None:
@@ -101,10 +121,22 @@ class SecretBackendArgs:
             pulumi.set(__self__, "region", region)
         if role_arn is not None:
             pulumi.set(__self__, "role_arn", role_arn)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if secret_key is not None:
             pulumi.set(__self__, "secret_key", secret_key)
         if sts_endpoint is not None:
             pulumi.set(__self__, "sts_endpoint", sts_endpoint)
+        if sts_fallback_endpoints is not None:
+            pulumi.set(__self__, "sts_fallback_endpoints", sts_fallback_endpoints)
+        if sts_fallback_regions is not None:
+            pulumi.set(__self__, "sts_fallback_regions", sts_fallback_regions)
+        if sts_region is not None:
+            pulumi.set(__self__, "sts_region", sts_region)
         if username_template is not None:
             pulumi.set(__self__, "username_template", username_template)
@@ -146,6 +178,18 @@ class SecretBackendArgs:
     def description(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "description", value)
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
     @property
     @pulumi.getter(name="disableRemount")
     def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -277,15 +321,6 @@ class SecretBackendArgs:
     def role_arn(self) -> Optional[pulumi.Input[str]]:
         """
         Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
-        ```
-        {{ if (eq .Type "STS") }}
-        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
-        {{ else }}
-        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
-        {{ end }}
-        ```
         """
         return pulumi.get(self, "role_arn")
@@ -293,6 +328,46 @@ class SecretBackendArgs:
     def role_arn(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "role_arn", value)
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "rotation_period", value)
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "rotation_schedule", value)
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "rotation_window", value)
     @property
     @pulumi.getter(name="secretKey")
     def secret_key(self) -> Optional[pulumi.Input[str]]:
@@ -317,11 +392,56 @@ class SecretBackendArgs:
     def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "sts_endpoint", value)
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+    @sts_fallback_endpoints.setter
+    def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_endpoints", value)
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+    @sts_fallback_regions.setter
+    def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_regions", value)
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+    @sts_region.setter
+    def sts_region(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sts_region", value)
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> Optional[pulumi.Input[str]]:
         """
         Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
+        ```
+        {{ if (eq .Type "STS") }}
+        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+        {{ else }}
+        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+        {{ end }}
+        ```
         """
         return pulumi.get(self, "username_template")
@@ -336,6 +456,7 @@ class _SecretBackendState:
                  access_key: Optional[pulumi.Input[str]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  description: Optional[pulumi.Input[str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  iam_endpoint: Optional[pulumi.Input[str]] = None,
                  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -347,8 +468,14 @@ class _SecretBackendState:
                  path: Optional[pulumi.Input[str]] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  role_arn: Optional[pulumi.Input[str]] = None,
+                 rotation_period: Optional[pulumi.Input[int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[str]] = None,
+                 rotation_window: Optional[pulumi.Input[int]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering SecretBackend resources.
@@ -357,6 +484,7 @@ class _SecretBackendState:
         :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
                issued by this backend.
         :param pulumi.Input[str] description: A human-friendly description for this backend.
+        :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
@@ -374,6 +502,19 @@ class _SecretBackendState:
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+        :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
+        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
                ```
                {{ if (eq .Type "STS") }}
@@ -383,9 +524,6 @@ class _SecretBackendState:
                {{ end }}
                ```
-        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
-        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
-        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         if access_key is not None:
             pulumi.set(__self__, "access_key", access_key)
@@ -393,6 +531,8 @@ class _SecretBackendState:
             pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
         if description is not None:
             pulumi.set(__self__, "description", description)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if disable_remount is not None:
             pulumi.set(__self__, "disable_remount", disable_remount)
         if iam_endpoint is not None:
@@ -415,10 +555,22 @@ class _SecretBackendState:
             pulumi.set(__self__, "region", region)
         if role_arn is not None:
             pulumi.set(__self__, "role_arn", role_arn)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if secret_key is not None:
             pulumi.set(__self__, "secret_key", secret_key)
         if sts_endpoint is not None:
             pulumi.set(__self__, "sts_endpoint", sts_endpoint)
+        if sts_fallback_endpoints is not None:
+            pulumi.set(__self__, "sts_fallback_endpoints", sts_fallback_endpoints)
+        if sts_fallback_regions is not None:
+            pulumi.set(__self__, "sts_fallback_regions", sts_fallback_regions)
+        if sts_region is not None:
+            pulumi.set(__self__, "sts_region", sts_region)
         if username_template is not None:
             pulumi.set(__self__, "username_template", username_template)
@@ -460,6 +612,18 @@ class _SecretBackendState:
     def description(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "description", value)
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
     @property
     @pulumi.getter(name="disableRemount")
     def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -591,15 +755,6 @@ class _SecretBackendState:
     def role_arn(self) -> Optional[pulumi.Input[str]]:
         """
         Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
-        ```
-        {{ if (eq .Type "STS") }}
-        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
-        {{ else }}
-        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
-        {{ end }}
-        ```
         """
         return pulumi.get(self, "role_arn")
@@ -607,6 +762,46 @@ class _SecretBackendState:
     def role_arn(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "role_arn", value)
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "rotation_period", value)
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "rotation_schedule", value)
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "rotation_window", value)
     @property
     @pulumi.getter(name="secretKey")
     def secret_key(self) -> Optional[pulumi.Input[str]]:
@@ -631,11 +826,56 @@ class _SecretBackendState:
     def sts_endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "sts_endpoint", value)
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+    @sts_fallback_endpoints.setter
+    def sts_fallback_endpoints(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_endpoints", value)
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+    @sts_fallback_regions.setter
+    def sts_fallback_regions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "sts_fallback_regions", value)
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
+    @sts_region.setter
+    def sts_region(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sts_region", value)
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> Optional[pulumi.Input[str]]:
         """
         Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
+        ```
+        {{ if (eq .Type "STS") }}
+        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+        {{ else }}
+        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+        {{ end }}
+        ```
         """
         return pulumi.get(self, "username_template")
@@ -652,6 +892,7 @@ class SecretBackend(pulumi.CustomResource):
                  access_key: Optional[pulumi.Input[str]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  description: Optional[pulumi.Input[str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  iam_endpoint: Optional[pulumi.Input[str]] = None,
                  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -663,8 +904,14 @@ class SecretBackend(pulumi.CustomResource):
                  path: Optional[pulumi.Input[str]] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  role_arn: Optional[pulumi.Input[str]] = None,
+                 rotation_period: Optional[pulumi.Input[int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[str]] = None,
+                 rotation_window: Optional[pulumi.Input[int]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
@@ -683,6 +930,7 @@ class SecretBackend(pulumi.CustomResource):
         :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
                issued by this backend.
         :param pulumi.Input[str] description: A human-friendly description for this backend.
+        :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
@@ -700,6 +948,19 @@ class SecretBackend(pulumi.CustomResource):
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+        :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
+        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
                ```
                {{ if (eq .Type "STS") }}
@@ -709,9 +970,6 @@ class SecretBackend(pulumi.CustomResource):
                {{ end }}
                ```
-        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
-        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
-        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         ...
     @overload
@@ -746,6 +1004,7 @@ class SecretBackend(pulumi.CustomResource):
                  access_key: Optional[pulumi.Input[str]] = None,
                  default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
                  description: Optional[pulumi.Input[str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
                  disable_remount: Optional[pulumi.Input[bool]] = None,
                  iam_endpoint: Optional[pulumi.Input[str]] = None,
                  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -757,8 +1016,14 @@ class SecretBackend(pulumi.CustomResource):
                  path: Optional[pulumi.Input[str]] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  role_arn: Optional[pulumi.Input[str]] = None,
+                 rotation_period: Optional[pulumi.Input[int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[str]] = None,
+                 rotation_window: Optional[pulumi.Input[int]] = None,
                  secret_key: Optional[pulumi.Input[str]] = None,
                  sts_endpoint: Optional[pulumi.Input[str]] = None,
+                 sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 sts_region: Optional[pulumi.Input[str]] = None,
                  username_template: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -772,6 +1037,7 @@ class SecretBackend(pulumi.CustomResource):
             __props__.__dict__["access_key"] = None if access_key is None else pulumi.Output.secret(access_key)
             __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
             __props__.__dict__["description"] = description
+            __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
             __props__.__dict__["disable_remount"] = disable_remount
             __props__.__dict__["iam_endpoint"] = iam_endpoint
             __props__.__dict__["identity_token_audience"] = identity_token_audience
@@ -783,8 +1049,14 @@ class SecretBackend(pulumi.CustomResource):
             __props__.__dict__["path"] = path
             __props__.__dict__["region"] = region
             __props__.__dict__["role_arn"] = role_arn
+            __props__.__dict__["rotation_period"] = rotation_period
+            __props__.__dict__["rotation_schedule"] = rotation_schedule
+            __props__.__dict__["rotation_window"] = rotation_window
             __props__.__dict__["secret_key"] = None if secret_key is None else pulumi.Output.secret(secret_key)
             __props__.__dict__["sts_endpoint"] = sts_endpoint
+            __props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
+            __props__.__dict__["sts_fallback_regions"] = sts_fallback_regions
+            __props__.__dict__["sts_region"] = sts_region
             __props__.__dict__["username_template"] = username_template
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["accessKey", "secretKey"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
@@ -801,6 +1073,7 @@ class SecretBackend(pulumi.CustomResource):
             access_key: Optional[pulumi.Input[str]] = None,
             default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
             description: Optional[pulumi.Input[str]] = None,
+            disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
             disable_remount: Optional[pulumi.Input[bool]] = None,
             iam_endpoint: Optional[pulumi.Input[str]] = None,
             identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -812,8 +1085,14 @@ class SecretBackend(pulumi.CustomResource):
             path: Optional[pulumi.Input[str]] = None,
             region: Optional[pulumi.Input[str]] = None,
             role_arn: Optional[pulumi.Input[str]] = None,
+            rotation_period: Optional[pulumi.Input[int]] = None,
+            rotation_schedule: Optional[pulumi.Input[str]] = None,
+            rotation_window: Optional[pulumi.Input[int]] = None,
             secret_key: Optional[pulumi.Input[str]] = None,
             sts_endpoint: Optional[pulumi.Input[str]] = None,
+            sts_fallback_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            sts_fallback_regions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            sts_region: Optional[pulumi.Input[str]] = None,
             username_template: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
         """
         Get an existing SecretBackend resource's state with the given name, id, and optional extra
@@ -827,6 +1106,7 @@ class SecretBackend(pulumi.CustomResource):
         :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
                issued by this backend.
         :param pulumi.Input[str] description: A human-friendly description for this backend.
+        :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
         :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
         :param pulumi.Input[str] iam_endpoint: Specifies a custom HTTP IAM endpoint to use.
@@ -844,6 +1124,19 @@ class SecretBackend(pulumi.CustomResource):
                not begin or end with a `/`. Defaults to `aws`.
         :param pulumi.Input[str] region: The AWS region to make API calls against. Defaults to us-east-1.
         :param pulumi.Input[str] role_arn: Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+        :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
+        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_endpoints: Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] sts_fallback_regions: Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        :param pulumi.Input[str] sts_region: Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
                ```
                {{ if (eq .Type "STS") }}
@@ -853,9 +1146,6 @@ class SecretBackend(pulumi.CustomResource):
                {{ end }}
                ```
-        :param pulumi.Input[str] secret_key: The AWS Secret Access Key to use when generating new credentials.
-        :param pulumi.Input[str] sts_endpoint: Specifies a custom HTTP STS endpoint to use.
-        :param pulumi.Input[str] username_template: Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -864,6 +1154,7 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["access_key"] = access_key
         __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
         __props__.__dict__["description"] = description
+        __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
         __props__.__dict__["disable_remount"] = disable_remount
         __props__.__dict__["iam_endpoint"] = iam_endpoint
         __props__.__dict__["identity_token_audience"] = identity_token_audience
@@ -875,8 +1166,14 @@ class SecretBackend(pulumi.CustomResource):
         __props__.__dict__["path"] = path
         __props__.__dict__["region"] = region
         __props__.__dict__["role_arn"] = role_arn
+        __props__.__dict__["rotation_period"] = rotation_period
+        __props__.__dict__["rotation_schedule"] = rotation_schedule
+        __props__.__dict__["rotation_window"] = rotation_window
         __props__.__dict__["secret_key"] = secret_key
         __props__.__dict__["sts_endpoint"] = sts_endpoint
+        __props__.__dict__["sts_fallback_endpoints"] = sts_fallback_endpoints
+        __props__.__dict__["sts_fallback_regions"] = sts_fallback_regions
+        __props__.__dict__["sts_region"] = sts_region
         __props__.__dict__["username_template"] = username_template
         return SecretBackend(resource_name, opts=opts, __props__=__props__)
@@ -906,6 +1203,14 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "description")
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "disable_automated_rotation")
     @property
     @pulumi.getter(name="disableRemount")
     def disable_remount(self) -> pulumi.Output[Optional[bool]]:
@@ -997,17 +1302,36 @@ class SecretBackend(pulumi.CustomResource):
     def role_arn(self) -> pulumi.Output[Optional[str]]:
         """
         Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
+        """
+        return pulumi.get(self, "role_arn")
-        ```
-        {{ if (eq .Type "STS") }}
-        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
-        {{ else }}
-        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
-        {{ end }}
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> pulumi.Output[Optional[int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_period")
-        ```
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
         """
-        return pulumi.get(self, "role_arn")
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_schedule")
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> pulumi.Output[Optional[int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        """
+        return pulumi.get(self, "rotation_window")
     @property
     @pulumi.getter(name="secretKey")
@@ -1025,11 +1349,44 @@ class SecretBackend(pulumi.CustomResource):
         """
         return pulumi.get(self, "sts_endpoint")
+    @property
+    @pulumi.getter(name="stsFallbackEndpoints")
+    def sts_fallback_endpoints(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Ordered list of `sts_endpoint`s to try if the defined one fails. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_endpoints")
+    @property
+    @pulumi.getter(name="stsFallbackRegions")
+    def sts_fallback_regions(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Ordered list of `sts_region`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_fallback_regions")
+    @property
+    @pulumi.getter(name="stsRegion")
+    def sts_region(self) -> pulumi.Output[Optional[str]]:
+        """
+        Specifies the region of the STS endpoint. Should be included if `sts_endpoint` is supplied. Requires Vault 1.19+
+        """
+        return pulumi.get(self, "sts_region")
     @property
     @pulumi.getter(name="usernameTemplate")
     def username_template(self) -> pulumi.Output[str]:
         """
         Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
+        ```
+        {{ if (eq .Type "STS") }}
+        {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
+        {{ else }}
+        {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
+        {{ end }}
+        ```
         """
         return pulumi.get(self, "username_template")

pulumi-vault 6.5.0a1736850018__py3-none-any.whl → 6.6.0__py3-none-any.whl

pulumi-vault 6.5.0a1736850018py3-none-any.whl → 6.6.0py3-none-any.whl