pulumi-vault 6.5.0a1736850018__py3-none-any.whl → 6.6.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. pulumi_vault/__init__.py +32 -0
  2. pulumi_vault/_utilities.py +8 -4
  3. pulumi_vault/aws/auth_backend_client.py +228 -4
  4. pulumi_vault/aws/auth_backend_sts_role.py +47 -0
  5. pulumi_vault/aws/secret_backend.py +395 -38
  6. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  7. pulumi_vault/azure/auth_backend_config.py +257 -5
  8. pulumi_vault/azure/backend.py +249 -4
  9. pulumi_vault/database/_inputs.py +1740 -44
  10. pulumi_vault/database/outputs.py +1198 -18
  11. pulumi_vault/database/secret_backend_connection.py +220 -0
  12. pulumi_vault/database/secret_backend_static_role.py +143 -1
  13. pulumi_vault/database/secrets_mount.py +8 -0
  14. pulumi_vault/gcp/auth_backend.py +222 -2
  15. pulumi_vault/gcp/secret_backend.py +244 -4
  16. pulumi_vault/ldap/auth_backend.py +222 -2
  17. pulumi_vault/ldap/secret_backend.py +222 -2
  18. pulumi_vault/pkisecret/__init__.py +6 -0
  19. pulumi_vault/pkisecret/_inputs.py +34 -6
  20. pulumi_vault/pkisecret/backend_acme_eab.py +549 -0
  21. pulumi_vault/pkisecret/backend_config_acme.py +689 -0
  22. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  23. pulumi_vault/pkisecret/backend_config_cmpv2.py +572 -0
  24. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  25. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
  26. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  27. pulumi_vault/pkisecret/outputs.py +40 -4
  28. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  29. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  30. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  31. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  32. pulumi_vault/pkisecret/secret_backend_role.py +299 -3
  33. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  34. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  35. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  36. pulumi_vault/pulumi-plugin.json +1 -1
  37. pulumi_vault/ssh/__init__.py +1 -0
  38. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  39. pulumi_vault/ssh/secret_backend_role.py +27 -0
  40. pulumi_vault/terraformcloud/secret_role.py +7 -7
  41. pulumi_vault/transit/__init__.py +2 -0
  42. pulumi_vault/transit/get_sign.py +324 -0
  43. pulumi_vault/transit/get_verify.py +354 -0
  44. pulumi_vault/transit/secret_backend_key.py +162 -0
  45. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/METADATA +1 -1
  46. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/RECORD +48 -39
  47. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/WHEEL +1 -1
  48. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/top_level.txt +0 -0
pulumi_vault/database/outputs.py CHANGED
@@ -1928,6 +1928,8 @@ class SecretBackendConnectionPostgresql(dict):
1928
1928
  suggest = "max_idle_connections"
1929
1929
  elif key == "maxOpenConnections":
1930
1930
  suggest = "max_open_connections"
1931
+ elif key == "passwordAuthentication":
1932
+ suggest = "password_authentication"
1931
1933
  elif key == "privateKey":
1932
1934
  suggest = "private_key"
1933
1935
  elif key == "selfManaged":
@@ -1960,6 +1962,7 @@ class SecretBackendConnectionPostgresql(dict):
1960
1962
  max_idle_connections: Optional[int] = None,
1961
1963
  max_open_connections: Optional[int] = None,
1962
1964
  password: Optional[str] = None,
1965
+ password_authentication: Optional[str] = None,
1963
1966
  private_key: Optional[str] = None,
1964
1967
  self_managed: Optional[bool] = None,
1965
1968
  service_account_json: Optional[str] = None,
@@ -1975,6 +1978,7 @@ class SecretBackendConnectionPostgresql(dict):
1975
1978
  :param int max_idle_connections: Maximum number of idle connections to the database.
1976
1979
  :param int max_open_connections: Maximum number of open connections to the database.
1977
1980
  :param str password: The root credential password used in the connection URL
1981
+ :param str password_authentication: When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
1978
1982
  :param str private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
1979
1983
  :param bool self_managed: If set, allows onboarding static roles with a rootless connection configuration.
1980
1984
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
@@ -1997,6 +2001,8 @@ class SecretBackendConnectionPostgresql(dict):
1997
2001
  pulumi.set(__self__, "max_open_connections", max_open_connections)
1998
2002
  if password is not None:
1999
2003
  pulumi.set(__self__, "password", password)
2004
+ if password_authentication is not None:
2005
+ pulumi.set(__self__, "password_authentication", password_authentication)
2000
2006
  if private_key is not None:
2001
2007
  pulumi.set(__self__, "private_key", private_key)
2002
2008
  if self_managed is not None:
@@ -2068,6 +2074,14 @@ class SecretBackendConnectionPostgresql(dict):
2068
2074
  """
2069
2075
  return pulumi.get(self, "password")
2070
2076
 
2077
+ @property
2078
+ @pulumi.getter(name="passwordAuthentication")
2079
+ def password_authentication(self) -> Optional[str]:
2080
+ """
2081
+ When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
2082
+ """
2083
+ return pulumi.get(self, "password_authentication")
2084
+
2071
2085
  @property
2072
2086
  @pulumi.getter(name="privateKey")
2073
2087
  def private_key(self) -> Optional[str]:
@@ -2541,6 +2555,8 @@ class SecretsMountCassandra(dict):
2541
2555
  suggest = "allowed_roles"
2542
2556
  elif key == "connectTimeout":
2543
2557
  suggest = "connect_timeout"
2558
+ elif key == "disableAutomatedRotation":
2559
+ suggest = "disable_automated_rotation"
2544
2560
  elif key == "insecureTls":
2545
2561
  suggest = "insecure_tls"
2546
2562
  elif key == "pemBundle":
@@ -2553,6 +2569,12 @@ class SecretsMountCassandra(dict):
2553
2569
  suggest = "protocol_version"
2554
2570
  elif key == "rootRotationStatements":
2555
2571
  suggest = "root_rotation_statements"
2572
+ elif key == "rotationPeriod":
2573
+ suggest = "rotation_period"
2574
+ elif key == "rotationSchedule":
2575
+ suggest = "rotation_schedule"
2576
+ elif key == "rotationWindow":
2577
+ suggest = "rotation_window"
2556
2578
  elif key == "skipVerification":
2557
2579
  suggest = "skip_verification"
2558
2580
  elif key == "verifyConnection":
@@ -2574,6 +2596,7 @@ class SecretsMountCassandra(dict):
2574
2596
  allowed_roles: Optional[Sequence[str]] = None,
2575
2597
  connect_timeout: Optional[int] = None,
2576
2598
  data: Optional[Mapping[str, str]] = None,
2599
+ disable_automated_rotation: Optional[bool] = None,
2577
2600
  hosts: Optional[Sequence[str]] = None,
2578
2601
  insecure_tls: Optional[bool] = None,
2579
2602
  password: Optional[str] = None,
@@ -2583,6 +2606,9 @@ class SecretsMountCassandra(dict):
2583
2606
  port: Optional[int] = None,
2584
2607
  protocol_version: Optional[int] = None,
2585
2608
  root_rotation_statements: Optional[Sequence[str]] = None,
2609
+ rotation_period: Optional[int] = None,
2610
+ rotation_schedule: Optional[str] = None,
2611
+ rotation_window: Optional[int] = None,
2586
2612
  skip_verification: Optional[bool] = None,
2587
2613
  tls: Optional[bool] = None,
2588
2614
  username: Optional[str] = None,
@@ -2593,6 +2619,7 @@ class SecretsMountCassandra(dict):
2593
2619
  connection.
2594
2620
  :param int connect_timeout: The number of seconds to use as a connection timeout.
2595
2621
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
2622
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2596
2623
 
2597
2624
  Supported list of database secrets engines that can be configured:
2598
2625
  :param Sequence[str] hosts: Cassandra hosts to connect to.
@@ -2604,6 +2631,13 @@ class SecretsMountCassandra(dict):
2604
2631
  :param int port: The transport port to use to connect to Cassandra.
2605
2632
  :param int protocol_version: The CQL protocol version to use.
2606
2633
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
2634
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
2635
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2636
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2637
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2638
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
2639
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2640
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2607
2641
  :param bool skip_verification: Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
2608
2642
  :param bool tls: Whether to use TLS when connecting to Cassandra.
2609
2643
  :param str username: The username to use when authenticating with Cassandra.
@@ -2617,6 +2651,8 @@ class SecretsMountCassandra(dict):
2617
2651
  pulumi.set(__self__, "connect_timeout", connect_timeout)
2618
2652
  if data is not None:
2619
2653
  pulumi.set(__self__, "data", data)
2654
+ if disable_automated_rotation is not None:
2655
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
2620
2656
  if hosts is not None:
2621
2657
  pulumi.set(__self__, "hosts", hosts)
2622
2658
  if insecure_tls is not None:
@@ -2635,6 +2671,12 @@ class SecretsMountCassandra(dict):
2635
2671
  pulumi.set(__self__, "protocol_version", protocol_version)
2636
2672
  if root_rotation_statements is not None:
2637
2673
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
2674
+ if rotation_period is not None:
2675
+ pulumi.set(__self__, "rotation_period", rotation_period)
2676
+ if rotation_schedule is not None:
2677
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
2678
+ if rotation_window is not None:
2679
+ pulumi.set(__self__, "rotation_window", rotation_window)
2638
2680
  if skip_verification is not None:
2639
2681
  pulumi.set(__self__, "skip_verification", skip_verification)
2640
2682
  if tls is not None:
@@ -2674,10 +2716,18 @@ class SecretsMountCassandra(dict):
2674
2716
  def data(self) -> Optional[Mapping[str, str]]:
2675
2717
  """
2676
2718
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
2719
+ """
2720
+ return pulumi.get(self, "data")
2721
+
2722
+ @property
2723
+ @pulumi.getter(name="disableAutomatedRotation")
2724
+ def disable_automated_rotation(self) -> Optional[bool]:
2725
+ """
2726
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2677
2727
 
2678
2728
  Supported list of database secrets engines that can be configured:
2679
2729
  """
2680
- return pulumi.get(self, "data")
2730
+ return pulumi.get(self, "disable_automated_rotation")
2681
2731
 
2682
2732
  @property
2683
2733
  @pulumi.getter
@@ -2751,6 +2801,34 @@ class SecretsMountCassandra(dict):
2751
2801
  """
2752
2802
  return pulumi.get(self, "root_rotation_statements")
2753
2803
 
2804
+ @property
2805
+ @pulumi.getter(name="rotationPeriod")
2806
+ def rotation_period(self) -> Optional[int]:
2807
+ """
2808
+ The amount of time in seconds Vault should wait before rotating the root credential.
2809
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2810
+ """
2811
+ return pulumi.get(self, "rotation_period")
2812
+
2813
+ @property
2814
+ @pulumi.getter(name="rotationSchedule")
2815
+ def rotation_schedule(self) -> Optional[str]:
2816
+ """
2817
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2818
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2819
+ """
2820
+ return pulumi.get(self, "rotation_schedule")
2821
+
2822
+ @property
2823
+ @pulumi.getter(name="rotationWindow")
2824
+ def rotation_window(self) -> Optional[int]:
2825
+ """
2826
+ The maximum amount of time in seconds allowed to complete
2827
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2828
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2829
+ """
2830
+ return pulumi.get(self, "rotation_window")
2831
+
2754
2832
  @property
2755
2833
  @pulumi.getter(name="skipVerification")
2756
2834
  def skip_verification(self) -> Optional[bool]:
@@ -2796,12 +2874,20 @@ class SecretsMountCouchbase(dict):
2796
2874
  suggest = "base64_pem"
2797
2875
  elif key == "bucketName":
2798
2876
  suggest = "bucket_name"
2877
+ elif key == "disableAutomatedRotation":
2878
+ suggest = "disable_automated_rotation"
2799
2879
  elif key == "insecureTls":
2800
2880
  suggest = "insecure_tls"
2801
2881
  elif key == "pluginName":
2802
2882
  suggest = "plugin_name"
2803
2883
  elif key == "rootRotationStatements":
2804
2884
  suggest = "root_rotation_statements"
2885
+ elif key == "rotationPeriod":
2886
+ suggest = "rotation_period"
2887
+ elif key == "rotationSchedule":
2888
+ suggest = "rotation_schedule"
2889
+ elif key == "rotationWindow":
2890
+ suggest = "rotation_window"
2805
2891
  elif key == "usernameTemplate":
2806
2892
  suggest = "username_template"
2807
2893
  elif key == "verifyConnection":
@@ -2827,9 +2913,13 @@ class SecretsMountCouchbase(dict):
2827
2913
  base64_pem: Optional[str] = None,
2828
2914
  bucket_name: Optional[str] = None,
2829
2915
  data: Optional[Mapping[str, str]] = None,
2916
+ disable_automated_rotation: Optional[bool] = None,
2830
2917
  insecure_tls: Optional[bool] = None,
2831
2918
  plugin_name: Optional[str] = None,
2832
2919
  root_rotation_statements: Optional[Sequence[str]] = None,
2920
+ rotation_period: Optional[int] = None,
2921
+ rotation_schedule: Optional[str] = None,
2922
+ rotation_window: Optional[int] = None,
2833
2923
  tls: Optional[bool] = None,
2834
2924
  username_template: Optional[str] = None,
2835
2925
  verify_connection: Optional[bool] = None):
@@ -2843,11 +2933,19 @@ class SecretsMountCouchbase(dict):
2843
2933
  :param str base64_pem: Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded.
2844
2934
  :param str bucket_name: Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
2845
2935
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
2936
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2846
2937
 
2847
2938
  Supported list of database secrets engines that can be configured:
2848
2939
  :param bool insecure_tls: Specifies whether to skip verification of the server certificate when using TLS.
2849
2940
  :param str plugin_name: Specifies the name of the plugin to use.
2850
2941
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
2942
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
2943
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2944
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2945
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2946
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
2947
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2948
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2851
2949
  :param bool tls: Specifies whether to use TLS when connecting to Couchbase.
2852
2950
  :param str username_template: Template describing how dynamic usernames are generated.
2853
2951
  :param bool verify_connection: Whether the connection should be verified on
@@ -2865,12 +2963,20 @@ class SecretsMountCouchbase(dict):
2865
2963
  pulumi.set(__self__, "bucket_name", bucket_name)
2866
2964
  if data is not None:
2867
2965
  pulumi.set(__self__, "data", data)
2966
+ if disable_automated_rotation is not None:
2967
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
2868
2968
  if insecure_tls is not None:
2869
2969
  pulumi.set(__self__, "insecure_tls", insecure_tls)
2870
2970
  if plugin_name is not None:
2871
2971
  pulumi.set(__self__, "plugin_name", plugin_name)
2872
2972
  if root_rotation_statements is not None:
2873
2973
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
2974
+ if rotation_period is not None:
2975
+ pulumi.set(__self__, "rotation_period", rotation_period)
2976
+ if rotation_schedule is not None:
2977
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
2978
+ if rotation_window is not None:
2979
+ pulumi.set(__self__, "rotation_window", rotation_window)
2874
2980
  if tls is not None:
2875
2981
  pulumi.set(__self__, "tls", tls)
2876
2982
  if username_template is not None:
@@ -2940,10 +3046,18 @@ class SecretsMountCouchbase(dict):
2940
3046
  def data(self) -> Optional[Mapping[str, str]]:
2941
3047
  """
2942
3048
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3049
+ """
3050
+ return pulumi.get(self, "data")
3051
+
3052
+ @property
3053
+ @pulumi.getter(name="disableAutomatedRotation")
3054
+ def disable_automated_rotation(self) -> Optional[bool]:
3055
+ """
3056
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2943
3057
 
2944
3058
  Supported list of database secrets engines that can be configured:
2945
3059
  """
2946
- return pulumi.get(self, "data")
3060
+ return pulumi.get(self, "disable_automated_rotation")
2947
3061
 
2948
3062
  @property
2949
3063
  @pulumi.getter(name="insecureTls")
@@ -2969,6 +3083,34 @@ class SecretsMountCouchbase(dict):
2969
3083
  """
2970
3084
  return pulumi.get(self, "root_rotation_statements")
2971
3085
 
3086
+ @property
3087
+ @pulumi.getter(name="rotationPeriod")
3088
+ def rotation_period(self) -> Optional[int]:
3089
+ """
3090
+ The amount of time in seconds Vault should wait before rotating the root credential.
3091
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3092
+ """
3093
+ return pulumi.get(self, "rotation_period")
3094
+
3095
+ @property
3096
+ @pulumi.getter(name="rotationSchedule")
3097
+ def rotation_schedule(self) -> Optional[str]:
3098
+ """
3099
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3100
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3101
+ """
3102
+ return pulumi.get(self, "rotation_schedule")
3103
+
3104
+ @property
3105
+ @pulumi.getter(name="rotationWindow")
3106
+ def rotation_window(self) -> Optional[int]:
3107
+ """
3108
+ The maximum amount of time in seconds allowed to complete
3109
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3110
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3111
+ """
3112
+ return pulumi.get(self, "rotation_window")
3113
+
2972
3114
  @property
2973
3115
  @pulumi.getter
2974
3116
  def tls(self) -> Optional[bool]:
@@ -3010,10 +3152,18 @@ class SecretsMountElasticsearch(dict):
3010
3152
  suggest = "client_cert"
3011
3153
  elif key == "clientKey":
3012
3154
  suggest = "client_key"
3155
+ elif key == "disableAutomatedRotation":
3156
+ suggest = "disable_automated_rotation"
3013
3157
  elif key == "pluginName":
3014
3158
  suggest = "plugin_name"
3015
3159
  elif key == "rootRotationStatements":
3016
3160
  suggest = "root_rotation_statements"
3161
+ elif key == "rotationPeriod":
3162
+ suggest = "rotation_period"
3163
+ elif key == "rotationSchedule":
3164
+ suggest = "rotation_schedule"
3165
+ elif key == "rotationWindow":
3166
+ suggest = "rotation_window"
3017
3167
  elif key == "tlsServerName":
3018
3168
  suggest = "tls_server_name"
3019
3169
  elif key == "usernameTemplate":
@@ -3043,9 +3193,13 @@ class SecretsMountElasticsearch(dict):
3043
3193
  client_cert: Optional[str] = None,
3044
3194
  client_key: Optional[str] = None,
3045
3195
  data: Optional[Mapping[str, str]] = None,
3196
+ disable_automated_rotation: Optional[bool] = None,
3046
3197
  insecure: Optional[bool] = None,
3047
3198
  plugin_name: Optional[str] = None,
3048
3199
  root_rotation_statements: Optional[Sequence[str]] = None,
3200
+ rotation_period: Optional[int] = None,
3201
+ rotation_schedule: Optional[str] = None,
3202
+ rotation_window: Optional[int] = None,
3049
3203
  tls_server_name: Optional[str] = None,
3050
3204
  username_template: Optional[str] = None,
3051
3205
  verify_connection: Optional[bool] = None):
@@ -3061,11 +3215,19 @@ class SecretsMountElasticsearch(dict):
3061
3215
  :param str client_cert: The path to the certificate for the Elasticsearch client to present for communication
3062
3216
  :param str client_key: The path to the key for the Elasticsearch client to use for communication
3063
3217
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3218
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3064
3219
 
3065
3220
  Supported list of database secrets engines that can be configured:
3066
3221
  :param bool insecure: Whether to disable certificate verification
3067
3222
  :param str plugin_name: Specifies the name of the plugin to use.
3068
3223
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
3224
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
3225
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3226
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3227
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3228
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
3229
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3230
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3069
3231
  :param str tls_server_name: This, if set, is used to set the SNI host when connecting via TLS
3070
3232
  :param str username_template: Template describing how dynamic usernames are generated.
3071
3233
  :param bool verify_connection: Whether the connection should be verified on
@@ -3087,12 +3249,20 @@ class SecretsMountElasticsearch(dict):
3087
3249
  pulumi.set(__self__, "client_key", client_key)
3088
3250
  if data is not None:
3089
3251
  pulumi.set(__self__, "data", data)
3252
+ if disable_automated_rotation is not None:
3253
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3090
3254
  if insecure is not None:
3091
3255
  pulumi.set(__self__, "insecure", insecure)
3092
3256
  if plugin_name is not None:
3093
3257
  pulumi.set(__self__, "plugin_name", plugin_name)
3094
3258
  if root_rotation_statements is not None:
3095
3259
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
3260
+ if rotation_period is not None:
3261
+ pulumi.set(__self__, "rotation_period", rotation_period)
3262
+ if rotation_schedule is not None:
3263
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
3264
+ if rotation_window is not None:
3265
+ pulumi.set(__self__, "rotation_window", rotation_window)
3096
3266
  if tls_server_name is not None:
3097
3267
  pulumi.set(__self__, "tls_server_name", tls_server_name)
3098
3268
  if username_template is not None:
@@ -3178,10 +3348,18 @@ class SecretsMountElasticsearch(dict):
3178
3348
  def data(self) -> Optional[Mapping[str, str]]:
3179
3349
  """
3180
3350
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3351
+ """
3352
+ return pulumi.get(self, "data")
3353
+
3354
+ @property
3355
+ @pulumi.getter(name="disableAutomatedRotation")
3356
+ def disable_automated_rotation(self) -> Optional[bool]:
3357
+ """
3358
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3181
3359
 
3182
3360
  Supported list of database secrets engines that can be configured:
3183
3361
  """
3184
- return pulumi.get(self, "data")
3362
+ return pulumi.get(self, "disable_automated_rotation")
3185
3363
 
3186
3364
  @property
3187
3365
  @pulumi.getter
@@ -3207,6 +3385,34 @@ class SecretsMountElasticsearch(dict):
3207
3385
  """
3208
3386
  return pulumi.get(self, "root_rotation_statements")
3209
3387
 
3388
+ @property
3389
+ @pulumi.getter(name="rotationPeriod")
3390
+ def rotation_period(self) -> Optional[int]:
3391
+ """
3392
+ The amount of time in seconds Vault should wait before rotating the root credential.
3393
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3394
+ """
3395
+ return pulumi.get(self, "rotation_period")
3396
+
3397
+ @property
3398
+ @pulumi.getter(name="rotationSchedule")
3399
+ def rotation_schedule(self) -> Optional[str]:
3400
+ """
3401
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3402
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3403
+ """
3404
+ return pulumi.get(self, "rotation_schedule")
3405
+
3406
+ @property
3407
+ @pulumi.getter(name="rotationWindow")
3408
+ def rotation_window(self) -> Optional[int]:
3409
+ """
3410
+ The maximum amount of time in seconds allowed to complete
3411
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3412
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3413
+ """
3414
+ return pulumi.get(self, "rotation_window")
3415
+
3210
3416
  @property
3211
3417
  @pulumi.getter(name="tlsServerName")
3212
3418
  def tls_server_name(self) -> Optional[str]:
@@ -3242,6 +3448,8 @@ class SecretsMountHana(dict):
3242
3448
  suggest = "allowed_roles"
3243
3449
  elif key == "connectionUrl":
3244
3450
  suggest = "connection_url"
3451
+ elif key == "disableAutomatedRotation":
3452
+ suggest = "disable_automated_rotation"
3245
3453
  elif key == "disableEscaping":
3246
3454
  suggest = "disable_escaping"
3247
3455
  elif key == "maxConnectionLifetime":
@@ -3254,6 +3462,12 @@ class SecretsMountHana(dict):
3254
3462
  suggest = "plugin_name"
3255
3463
  elif key == "rootRotationStatements":
3256
3464
  suggest = "root_rotation_statements"
3465
+ elif key == "rotationPeriod":
3466
+ suggest = "rotation_period"
3467
+ elif key == "rotationSchedule":
3468
+ suggest = "rotation_schedule"
3469
+ elif key == "rotationWindow":
3470
+ suggest = "rotation_window"
3257
3471
  elif key == "verifyConnection":
3258
3472
  suggest = "verify_connection"
3259
3473
 
@@ -3273,6 +3487,7 @@ class SecretsMountHana(dict):
3273
3487
  allowed_roles: Optional[Sequence[str]] = None,
3274
3488
  connection_url: Optional[str] = None,
3275
3489
  data: Optional[Mapping[str, str]] = None,
3490
+ disable_automated_rotation: Optional[bool] = None,
3276
3491
  disable_escaping: Optional[bool] = None,
3277
3492
  max_connection_lifetime: Optional[int] = None,
3278
3493
  max_idle_connections: Optional[int] = None,
@@ -3280,6 +3495,9 @@ class SecretsMountHana(dict):
3280
3495
  password: Optional[str] = None,
3281
3496
  plugin_name: Optional[str] = None,
3282
3497
  root_rotation_statements: Optional[Sequence[str]] = None,
3498
+ rotation_period: Optional[int] = None,
3499
+ rotation_schedule: Optional[str] = None,
3500
+ rotation_window: Optional[int] = None,
3283
3501
  username: Optional[str] = None,
3284
3502
  verify_connection: Optional[bool] = None):
3285
3503
  """
@@ -3288,6 +3506,7 @@ class SecretsMountHana(dict):
3288
3506
  connection.
3289
3507
  :param str connection_url: Connection string to use to connect to the database.
3290
3508
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3509
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3291
3510
 
3292
3511
  Supported list of database secrets engines that can be configured:
3293
3512
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -3297,6 +3516,13 @@ class SecretsMountHana(dict):
3297
3516
  :param str password: The root credential password used in the connection URL
3298
3517
  :param str plugin_name: Specifies the name of the plugin to use.
3299
3518
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
3519
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
3520
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3521
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3522
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3523
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
3524
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3525
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3300
3526
  :param str username: The root credential username used in the connection URL
3301
3527
  :param bool verify_connection: Whether the connection should be verified on
3302
3528
  initial configuration or not.
@@ -3308,6 +3534,8 @@ class SecretsMountHana(dict):
3308
3534
  pulumi.set(__self__, "connection_url", connection_url)
3309
3535
  if data is not None:
3310
3536
  pulumi.set(__self__, "data", data)
3537
+ if disable_automated_rotation is not None:
3538
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3311
3539
  if disable_escaping is not None:
3312
3540
  pulumi.set(__self__, "disable_escaping", disable_escaping)
3313
3541
  if max_connection_lifetime is not None:
@@ -3322,6 +3550,12 @@ class SecretsMountHana(dict):
3322
3550
  pulumi.set(__self__, "plugin_name", plugin_name)
3323
3551
  if root_rotation_statements is not None:
3324
3552
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
3553
+ if rotation_period is not None:
3554
+ pulumi.set(__self__, "rotation_period", rotation_period)
3555
+ if rotation_schedule is not None:
3556
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
3557
+ if rotation_window is not None:
3558
+ pulumi.set(__self__, "rotation_window", rotation_window)
3325
3559
  if username is not None:
3326
3560
  pulumi.set(__self__, "username", username)
3327
3561
  if verify_connection is not None:
@@ -3357,10 +3591,18 @@ class SecretsMountHana(dict):
3357
3591
  def data(self) -> Optional[Mapping[str, str]]:
3358
3592
  """
3359
3593
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3594
+ """
3595
+ return pulumi.get(self, "data")
3596
+
3597
+ @property
3598
+ @pulumi.getter(name="disableAutomatedRotation")
3599
+ def disable_automated_rotation(self) -> Optional[bool]:
3600
+ """
3601
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3360
3602
 
3361
3603
  Supported list of database secrets engines that can be configured:
3362
3604
  """
3363
- return pulumi.get(self, "data")
3605
+ return pulumi.get(self, "disable_automated_rotation")
3364
3606
 
3365
3607
  @property
3366
3608
  @pulumi.getter(name="disableEscaping")
@@ -3418,6 +3660,34 @@ class SecretsMountHana(dict):
3418
3660
  """
3419
3661
  return pulumi.get(self, "root_rotation_statements")
3420
3662
 
3663
+ @property
3664
+ @pulumi.getter(name="rotationPeriod")
3665
+ def rotation_period(self) -> Optional[int]:
3666
+ """
3667
+ The amount of time in seconds Vault should wait before rotating the root credential.
3668
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3669
+ """
3670
+ return pulumi.get(self, "rotation_period")
3671
+
3672
+ @property
3673
+ @pulumi.getter(name="rotationSchedule")
3674
+ def rotation_schedule(self) -> Optional[str]:
3675
+ """
3676
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3677
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3678
+ """
3679
+ return pulumi.get(self, "rotation_schedule")
3680
+
3681
+ @property
3682
+ @pulumi.getter(name="rotationWindow")
3683
+ def rotation_window(self) -> Optional[int]:
3684
+ """
3685
+ The maximum amount of time in seconds allowed to complete
3686
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3687
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3688
+ """
3689
+ return pulumi.get(self, "rotation_window")
3690
+
3421
3691
  @property
3422
3692
  @pulumi.getter
3423
3693
  def username(self) -> Optional[str]:
@@ -3445,6 +3715,8 @@ class SecretsMountInfluxdb(dict):
3445
3715
  suggest = "allowed_roles"
3446
3716
  elif key == "connectTimeout":
3447
3717
  suggest = "connect_timeout"
3718
+ elif key == "disableAutomatedRotation":
3719
+ suggest = "disable_automated_rotation"
3448
3720
  elif key == "insecureTls":
3449
3721
  suggest = "insecure_tls"
3450
3722
  elif key == "pemBundle":
@@ -3455,6 +3727,12 @@ class SecretsMountInfluxdb(dict):
3455
3727
  suggest = "plugin_name"
3456
3728
  elif key == "rootRotationStatements":
3457
3729
  suggest = "root_rotation_statements"
3730
+ elif key == "rotationPeriod":
3731
+ suggest = "rotation_period"
3732
+ elif key == "rotationSchedule":
3733
+ suggest = "rotation_schedule"
3734
+ elif key == "rotationWindow":
3735
+ suggest = "rotation_window"
3458
3736
  elif key == "usernameTemplate":
3459
3737
  suggest = "username_template"
3460
3738
  elif key == "verifyConnection":
@@ -3479,12 +3757,16 @@ class SecretsMountInfluxdb(dict):
3479
3757
  allowed_roles: Optional[Sequence[str]] = None,
3480
3758
  connect_timeout: Optional[int] = None,
3481
3759
  data: Optional[Mapping[str, str]] = None,
3760
+ disable_automated_rotation: Optional[bool] = None,
3482
3761
  insecure_tls: Optional[bool] = None,
3483
3762
  pem_bundle: Optional[str] = None,
3484
3763
  pem_json: Optional[str] = None,
3485
3764
  plugin_name: Optional[str] = None,
3486
3765
  port: Optional[int] = None,
3487
3766
  root_rotation_statements: Optional[Sequence[str]] = None,
3767
+ rotation_period: Optional[int] = None,
3768
+ rotation_schedule: Optional[str] = None,
3769
+ rotation_window: Optional[int] = None,
3488
3770
  tls: Optional[bool] = None,
3489
3771
  username_template: Optional[str] = None,
3490
3772
  verify_connection: Optional[bool] = None):
@@ -3497,6 +3779,7 @@ class SecretsMountInfluxdb(dict):
3497
3779
  connection.
3498
3780
  :param int connect_timeout: The number of seconds to use as a connection timeout.
3499
3781
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3782
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3500
3783
 
3501
3784
  Supported list of database secrets engines that can be configured:
3502
3785
  :param bool insecure_tls: Whether to skip verification of the server certificate when using TLS.
@@ -3505,6 +3788,13 @@ class SecretsMountInfluxdb(dict):
3505
3788
  :param str plugin_name: Specifies the name of the plugin to use.
3506
3789
  :param int port: The transport port to use to connect to Influxdb.
3507
3790
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
3791
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
3792
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3793
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3794
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3795
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
3796
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3797
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3508
3798
  :param bool tls: Whether to use TLS when connecting to Influxdb.
3509
3799
  :param str username_template: Template describing how dynamic usernames are generated.
3510
3800
  :param bool verify_connection: Whether the connection should be verified on
@@ -3520,6 +3810,8 @@ class SecretsMountInfluxdb(dict):
3520
3810
  pulumi.set(__self__, "connect_timeout", connect_timeout)
3521
3811
  if data is not None:
3522
3812
  pulumi.set(__self__, "data", data)
3813
+ if disable_automated_rotation is not None:
3814
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3523
3815
  if insecure_tls is not None:
3524
3816
  pulumi.set(__self__, "insecure_tls", insecure_tls)
3525
3817
  if pem_bundle is not None:
@@ -3532,6 +3824,12 @@ class SecretsMountInfluxdb(dict):
3532
3824
  pulumi.set(__self__, "port", port)
3533
3825
  if root_rotation_statements is not None:
3534
3826
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
3827
+ if rotation_period is not None:
3828
+ pulumi.set(__self__, "rotation_period", rotation_period)
3829
+ if rotation_schedule is not None:
3830
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
3831
+ if rotation_window is not None:
3832
+ pulumi.set(__self__, "rotation_window", rotation_window)
3535
3833
  if tls is not None:
3536
3834
  pulumi.set(__self__, "tls", tls)
3537
3835
  if username_template is not None:
@@ -3593,10 +3891,18 @@ class SecretsMountInfluxdb(dict):
3593
3891
  def data(self) -> Optional[Mapping[str, str]]:
3594
3892
  """
3595
3893
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3894
+ """
3895
+ return pulumi.get(self, "data")
3896
+
3897
+ @property
3898
+ @pulumi.getter(name="disableAutomatedRotation")
3899
+ def disable_automated_rotation(self) -> Optional[bool]:
3900
+ """
3901
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3596
3902
 
3597
3903
  Supported list of database secrets engines that can be configured:
3598
3904
  """
3599
- return pulumi.get(self, "data")
3905
+ return pulumi.get(self, "disable_automated_rotation")
3600
3906
 
3601
3907
  @property
3602
3908
  @pulumi.getter(name="insecureTls")
@@ -3646,6 +3952,34 @@ class SecretsMountInfluxdb(dict):
3646
3952
  """
3647
3953
  return pulumi.get(self, "root_rotation_statements")
3648
3954
 
3955
+ @property
3956
+ @pulumi.getter(name="rotationPeriod")
3957
+ def rotation_period(self) -> Optional[int]:
3958
+ """
3959
+ The amount of time in seconds Vault should wait before rotating the root credential.
3960
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3961
+ """
3962
+ return pulumi.get(self, "rotation_period")
3963
+
3964
+ @property
3965
+ @pulumi.getter(name="rotationSchedule")
3966
+ def rotation_schedule(self) -> Optional[str]:
3967
+ """
3968
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3969
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3970
+ """
3971
+ return pulumi.get(self, "rotation_schedule")
3972
+
3973
+ @property
3974
+ @pulumi.getter(name="rotationWindow")
3975
+ def rotation_window(self) -> Optional[int]:
3976
+ """
3977
+ The maximum amount of time in seconds allowed to complete
3978
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3979
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3980
+ """
3981
+ return pulumi.get(self, "rotation_window")
3982
+
3649
3983
  @property
3650
3984
  @pulumi.getter
3651
3985
  def tls(self) -> Optional[bool]:
@@ -3681,6 +4015,8 @@ class SecretsMountMongodb(dict):
3681
4015
  suggest = "allowed_roles"
3682
4016
  elif key == "connectionUrl":
3683
4017
  suggest = "connection_url"
4018
+ elif key == "disableAutomatedRotation":
4019
+ suggest = "disable_automated_rotation"
3684
4020
  elif key == "maxConnectionLifetime":
3685
4021
  suggest = "max_connection_lifetime"
3686
4022
  elif key == "maxIdleConnections":
@@ -3691,6 +4027,12 @@ class SecretsMountMongodb(dict):
3691
4027
  suggest = "plugin_name"
3692
4028
  elif key == "rootRotationStatements":
3693
4029
  suggest = "root_rotation_statements"
4030
+ elif key == "rotationPeriod":
4031
+ suggest = "rotation_period"
4032
+ elif key == "rotationSchedule":
4033
+ suggest = "rotation_schedule"
4034
+ elif key == "rotationWindow":
4035
+ suggest = "rotation_window"
3694
4036
  elif key == "usernameTemplate":
3695
4037
  suggest = "username_template"
3696
4038
  elif key == "verifyConnection":
@@ -3712,12 +4054,16 @@ class SecretsMountMongodb(dict):
3712
4054
  allowed_roles: Optional[Sequence[str]] = None,
3713
4055
  connection_url: Optional[str] = None,
3714
4056
  data: Optional[Mapping[str, str]] = None,
4057
+ disable_automated_rotation: Optional[bool] = None,
3715
4058
  max_connection_lifetime: Optional[int] = None,
3716
4059
  max_idle_connections: Optional[int] = None,
3717
4060
  max_open_connections: Optional[int] = None,
3718
4061
  password: Optional[str] = None,
3719
4062
  plugin_name: Optional[str] = None,
3720
4063
  root_rotation_statements: Optional[Sequence[str]] = None,
4064
+ rotation_period: Optional[int] = None,
4065
+ rotation_schedule: Optional[str] = None,
4066
+ rotation_window: Optional[int] = None,
3721
4067
  username: Optional[str] = None,
3722
4068
  username_template: Optional[str] = None,
3723
4069
  verify_connection: Optional[bool] = None):
@@ -3727,6 +4073,7 @@ class SecretsMountMongodb(dict):
3727
4073
  connection.
3728
4074
  :param str connection_url: Connection string to use to connect to the database.
3729
4075
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4076
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3730
4077
 
3731
4078
  Supported list of database secrets engines that can be configured:
3732
4079
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -3735,6 +4082,13 @@ class SecretsMountMongodb(dict):
3735
4082
  :param str password: The root credential password used in the connection URL
3736
4083
  :param str plugin_name: Specifies the name of the plugin to use.
3737
4084
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4085
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4086
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4087
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4088
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4089
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4090
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4091
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3738
4092
  :param str username: The root credential username used in the connection URL
3739
4093
  :param str username_template: Username generation template.
3740
4094
  :param bool verify_connection: Whether the connection should be verified on
@@ -3747,6 +4101,8 @@ class SecretsMountMongodb(dict):
3747
4101
  pulumi.set(__self__, "connection_url", connection_url)
3748
4102
  if data is not None:
3749
4103
  pulumi.set(__self__, "data", data)
4104
+ if disable_automated_rotation is not None:
4105
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3750
4106
  if max_connection_lifetime is not None:
3751
4107
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
3752
4108
  if max_idle_connections is not None:
@@ -3759,6 +4115,12 @@ class SecretsMountMongodb(dict):
3759
4115
  pulumi.set(__self__, "plugin_name", plugin_name)
3760
4116
  if root_rotation_statements is not None:
3761
4117
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4118
+ if rotation_period is not None:
4119
+ pulumi.set(__self__, "rotation_period", rotation_period)
4120
+ if rotation_schedule is not None:
4121
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4122
+ if rotation_window is not None:
4123
+ pulumi.set(__self__, "rotation_window", rotation_window)
3762
4124
  if username is not None:
3763
4125
  pulumi.set(__self__, "username", username)
3764
4126
  if username_template is not None:
@@ -3796,10 +4158,18 @@ class SecretsMountMongodb(dict):
3796
4158
  def data(self) -> Optional[Mapping[str, str]]:
3797
4159
  """
3798
4160
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4161
+ """
4162
+ return pulumi.get(self, "data")
4163
+
4164
+ @property
4165
+ @pulumi.getter(name="disableAutomatedRotation")
4166
+ def disable_automated_rotation(self) -> Optional[bool]:
4167
+ """
4168
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3799
4169
 
3800
4170
  Supported list of database secrets engines that can be configured:
3801
4171
  """
3802
- return pulumi.get(self, "data")
4172
+ return pulumi.get(self, "disable_automated_rotation")
3803
4173
 
3804
4174
  @property
3805
4175
  @pulumi.getter(name="maxConnectionLifetime")
@@ -3849,6 +4219,34 @@ class SecretsMountMongodb(dict):
3849
4219
  """
3850
4220
  return pulumi.get(self, "root_rotation_statements")
3851
4221
 
4222
+ @property
4223
+ @pulumi.getter(name="rotationPeriod")
4224
+ def rotation_period(self) -> Optional[int]:
4225
+ """
4226
+ The amount of time in seconds Vault should wait before rotating the root credential.
4227
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4228
+ """
4229
+ return pulumi.get(self, "rotation_period")
4230
+
4231
+ @property
4232
+ @pulumi.getter(name="rotationSchedule")
4233
+ def rotation_schedule(self) -> Optional[str]:
4234
+ """
4235
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4236
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4237
+ """
4238
+ return pulumi.get(self, "rotation_schedule")
4239
+
4240
+ @property
4241
+ @pulumi.getter(name="rotationWindow")
4242
+ def rotation_window(self) -> Optional[int]:
4243
+ """
4244
+ The maximum amount of time in seconds allowed to complete
4245
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4246
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4247
+ """
4248
+ return pulumi.get(self, "rotation_window")
4249
+
3852
4250
  @property
3853
4251
  @pulumi.getter
3854
4252
  def username(self) -> Optional[str]:
@@ -3888,10 +4286,18 @@ class SecretsMountMongodbatla(dict):
3888
4286
  suggest = "public_key"
3889
4287
  elif key == "allowedRoles":
3890
4288
  suggest = "allowed_roles"
4289
+ elif key == "disableAutomatedRotation":
4290
+ suggest = "disable_automated_rotation"
3891
4291
  elif key == "pluginName":
3892
4292
  suggest = "plugin_name"
3893
4293
  elif key == "rootRotationStatements":
3894
4294
  suggest = "root_rotation_statements"
4295
+ elif key == "rotationPeriod":
4296
+ suggest = "rotation_period"
4297
+ elif key == "rotationSchedule":
4298
+ suggest = "rotation_schedule"
4299
+ elif key == "rotationWindow":
4300
+ suggest = "rotation_window"
3895
4301
  elif key == "verifyConnection":
3896
4302
  suggest = "verify_connection"
3897
4303
 
@@ -3913,8 +4319,12 @@ class SecretsMountMongodbatla(dict):
3913
4319
  public_key: str,
3914
4320
  allowed_roles: Optional[Sequence[str]] = None,
3915
4321
  data: Optional[Mapping[str, str]] = None,
4322
+ disable_automated_rotation: Optional[bool] = None,
3916
4323
  plugin_name: Optional[str] = None,
3917
4324
  root_rotation_statements: Optional[Sequence[str]] = None,
4325
+ rotation_period: Optional[int] = None,
4326
+ rotation_schedule: Optional[str] = None,
4327
+ rotation_window: Optional[int] = None,
3918
4328
  verify_connection: Optional[bool] = None):
3919
4329
  """
3920
4330
  :param str name: Name of the database connection.
@@ -3924,10 +4334,18 @@ class SecretsMountMongodbatla(dict):
3924
4334
  :param Sequence[str] allowed_roles: A list of roles that are allowed to use this
3925
4335
  connection.
3926
4336
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4337
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3927
4338
 
3928
4339
  Supported list of database secrets engines that can be configured:
3929
4340
  :param str plugin_name: Specifies the name of the plugin to use.
3930
4341
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4342
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4343
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4344
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4345
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4346
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4347
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4348
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3931
4349
  :param bool verify_connection: Whether the connection should be verified on
3932
4350
  initial configuration or not.
3933
4351
  """
@@ -3939,10 +4357,18 @@ class SecretsMountMongodbatla(dict):
3939
4357
  pulumi.set(__self__, "allowed_roles", allowed_roles)
3940
4358
  if data is not None:
3941
4359
  pulumi.set(__self__, "data", data)
4360
+ if disable_automated_rotation is not None:
4361
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3942
4362
  if plugin_name is not None:
3943
4363
  pulumi.set(__self__, "plugin_name", plugin_name)
3944
4364
  if root_rotation_statements is not None:
3945
4365
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4366
+ if rotation_period is not None:
4367
+ pulumi.set(__self__, "rotation_period", rotation_period)
4368
+ if rotation_schedule is not None:
4369
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4370
+ if rotation_window is not None:
4371
+ pulumi.set(__self__, "rotation_window", rotation_window)
3946
4372
  if verify_connection is not None:
3947
4373
  pulumi.set(__self__, "verify_connection", verify_connection)
3948
4374
 
@@ -3992,10 +4418,18 @@ class SecretsMountMongodbatla(dict):
3992
4418
  def data(self) -> Optional[Mapping[str, str]]:
3993
4419
  """
3994
4420
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4421
+ """
4422
+ return pulumi.get(self, "data")
4423
+
4424
+ @property
4425
+ @pulumi.getter(name="disableAutomatedRotation")
4426
+ def disable_automated_rotation(self) -> Optional[bool]:
4427
+ """
4428
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3995
4429
 
3996
4430
  Supported list of database secrets engines that can be configured:
3997
4431
  """
3998
- return pulumi.get(self, "data")
4432
+ return pulumi.get(self, "disable_automated_rotation")
3999
4433
 
4000
4434
  @property
4001
4435
  @pulumi.getter(name="pluginName")
@@ -4013,6 +4447,34 @@ class SecretsMountMongodbatla(dict):
4013
4447
  """
4014
4448
  return pulumi.get(self, "root_rotation_statements")
4015
4449
 
4450
+ @property
4451
+ @pulumi.getter(name="rotationPeriod")
4452
+ def rotation_period(self) -> Optional[int]:
4453
+ """
4454
+ The amount of time in seconds Vault should wait before rotating the root credential.
4455
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4456
+ """
4457
+ return pulumi.get(self, "rotation_period")
4458
+
4459
+ @property
4460
+ @pulumi.getter(name="rotationSchedule")
4461
+ def rotation_schedule(self) -> Optional[str]:
4462
+ """
4463
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4464
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4465
+ """
4466
+ return pulumi.get(self, "rotation_schedule")
4467
+
4468
+ @property
4469
+ @pulumi.getter(name="rotationWindow")
4470
+ def rotation_window(self) -> Optional[int]:
4471
+ """
4472
+ The maximum amount of time in seconds allowed to complete
4473
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4474
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4475
+ """
4476
+ return pulumi.get(self, "rotation_window")
4477
+
4016
4478
  @property
4017
4479
  @pulumi.getter(name="verifyConnection")
4018
4480
  def verify_connection(self) -> Optional[bool]:
@@ -4034,6 +4496,8 @@ class SecretsMountMssql(dict):
4034
4496
  suggest = "connection_url"
4035
4497
  elif key == "containedDb":
4036
4498
  suggest = "contained_db"
4499
+ elif key == "disableAutomatedRotation":
4500
+ suggest = "disable_automated_rotation"
4037
4501
  elif key == "disableEscaping":
4038
4502
  suggest = "disable_escaping"
4039
4503
  elif key == "maxConnectionLifetime":
@@ -4046,6 +4510,12 @@ class SecretsMountMssql(dict):
4046
4510
  suggest = "plugin_name"
4047
4511
  elif key == "rootRotationStatements":
4048
4512
  suggest = "root_rotation_statements"
4513
+ elif key == "rotationPeriod":
4514
+ suggest = "rotation_period"
4515
+ elif key == "rotationSchedule":
4516
+ suggest = "rotation_schedule"
4517
+ elif key == "rotationWindow":
4518
+ suggest = "rotation_window"
4049
4519
  elif key == "usernameTemplate":
4050
4520
  suggest = "username_template"
4051
4521
  elif key == "verifyConnection":
@@ -4068,6 +4538,7 @@ class SecretsMountMssql(dict):
4068
4538
  connection_url: Optional[str] = None,
4069
4539
  contained_db: Optional[bool] = None,
4070
4540
  data: Optional[Mapping[str, str]] = None,
4541
+ disable_automated_rotation: Optional[bool] = None,
4071
4542
  disable_escaping: Optional[bool] = None,
4072
4543
  max_connection_lifetime: Optional[int] = None,
4073
4544
  max_idle_connections: Optional[int] = None,
@@ -4075,6 +4546,9 @@ class SecretsMountMssql(dict):
4075
4546
  password: Optional[str] = None,
4076
4547
  plugin_name: Optional[str] = None,
4077
4548
  root_rotation_statements: Optional[Sequence[str]] = None,
4549
+ rotation_period: Optional[int] = None,
4550
+ rotation_schedule: Optional[str] = None,
4551
+ rotation_window: Optional[int] = None,
4078
4552
  username: Optional[str] = None,
4079
4553
  username_template: Optional[str] = None,
4080
4554
  verify_connection: Optional[bool] = None):
@@ -4085,6 +4559,7 @@ class SecretsMountMssql(dict):
4085
4559
  :param str connection_url: Connection string to use to connect to the database.
4086
4560
  :param bool contained_db: Set to true when the target is a Contained Database, e.g. AzureSQL.
4087
4561
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4562
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4088
4563
 
4089
4564
  Supported list of database secrets engines that can be configured:
4090
4565
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -4094,6 +4569,13 @@ class SecretsMountMssql(dict):
4094
4569
  :param str password: The root credential password used in the connection URL
4095
4570
  :param str plugin_name: Specifies the name of the plugin to use.
4096
4571
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4572
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4573
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4574
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4575
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4576
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4577
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4578
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4097
4579
  :param str username: The root credential username used in the connection URL
4098
4580
  :param str username_template: Username generation template.
4099
4581
  :param bool verify_connection: Whether the connection should be verified on
@@ -4108,6 +4590,8 @@ class SecretsMountMssql(dict):
4108
4590
  pulumi.set(__self__, "contained_db", contained_db)
4109
4591
  if data is not None:
4110
4592
  pulumi.set(__self__, "data", data)
4593
+ if disable_automated_rotation is not None:
4594
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4111
4595
  if disable_escaping is not None:
4112
4596
  pulumi.set(__self__, "disable_escaping", disable_escaping)
4113
4597
  if max_connection_lifetime is not None:
@@ -4122,6 +4606,12 @@ class SecretsMountMssql(dict):
4122
4606
  pulumi.set(__self__, "plugin_name", plugin_name)
4123
4607
  if root_rotation_statements is not None:
4124
4608
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4609
+ if rotation_period is not None:
4610
+ pulumi.set(__self__, "rotation_period", rotation_period)
4611
+ if rotation_schedule is not None:
4612
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4613
+ if rotation_window is not None:
4614
+ pulumi.set(__self__, "rotation_window", rotation_window)
4125
4615
  if username is not None:
4126
4616
  pulumi.set(__self__, "username", username)
4127
4617
  if username_template is not None:
@@ -4167,10 +4657,18 @@ class SecretsMountMssql(dict):
4167
4657
  def data(self) -> Optional[Mapping[str, str]]:
4168
4658
  """
4169
4659
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4660
+ """
4661
+ return pulumi.get(self, "data")
4662
+
4663
+ @property
4664
+ @pulumi.getter(name="disableAutomatedRotation")
4665
+ def disable_automated_rotation(self) -> Optional[bool]:
4666
+ """
4667
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4170
4668
 
4171
4669
  Supported list of database secrets engines that can be configured:
4172
4670
  """
4173
- return pulumi.get(self, "data")
4671
+ return pulumi.get(self, "disable_automated_rotation")
4174
4672
 
4175
4673
  @property
4176
4674
  @pulumi.getter(name="disableEscaping")
@@ -4228,6 +4726,34 @@ class SecretsMountMssql(dict):
4228
4726
  """
4229
4727
  return pulumi.get(self, "root_rotation_statements")
4230
4728
 
4729
+ @property
4730
+ @pulumi.getter(name="rotationPeriod")
4731
+ def rotation_period(self) -> Optional[int]:
4732
+ """
4733
+ The amount of time in seconds Vault should wait before rotating the root credential.
4734
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4735
+ """
4736
+ return pulumi.get(self, "rotation_period")
4737
+
4738
+ @property
4739
+ @pulumi.getter(name="rotationSchedule")
4740
+ def rotation_schedule(self) -> Optional[str]:
4741
+ """
4742
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4743
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4744
+ """
4745
+ return pulumi.get(self, "rotation_schedule")
4746
+
4747
+ @property
4748
+ @pulumi.getter(name="rotationWindow")
4749
+ def rotation_window(self) -> Optional[int]:
4750
+ """
4751
+ The maximum amount of time in seconds allowed to complete
4752
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4753
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4754
+ """
4755
+ return pulumi.get(self, "rotation_window")
4756
+
4231
4757
  @property
4232
4758
  @pulumi.getter
4233
4759
  def username(self) -> Optional[str]:
@@ -4265,6 +4791,8 @@ class SecretsMountMysql(dict):
4265
4791
  suggest = "auth_type"
4266
4792
  elif key == "connectionUrl":
4267
4793
  suggest = "connection_url"
4794
+ elif key == "disableAutomatedRotation":
4795
+ suggest = "disable_automated_rotation"
4268
4796
  elif key == "maxConnectionLifetime":
4269
4797
  suggest = "max_connection_lifetime"
4270
4798
  elif key == "maxIdleConnections":
@@ -4275,6 +4803,12 @@ class SecretsMountMysql(dict):
4275
4803
  suggest = "plugin_name"
4276
4804
  elif key == "rootRotationStatements":
4277
4805
  suggest = "root_rotation_statements"
4806
+ elif key == "rotationPeriod":
4807
+ suggest = "rotation_period"
4808
+ elif key == "rotationSchedule":
4809
+ suggest = "rotation_schedule"
4810
+ elif key == "rotationWindow":
4811
+ suggest = "rotation_window"
4278
4812
  elif key == "serviceAccountJson":
4279
4813
  suggest = "service_account_json"
4280
4814
  elif key == "tlsCa":
@@ -4303,12 +4837,16 @@ class SecretsMountMysql(dict):
4303
4837
  auth_type: Optional[str] = None,
4304
4838
  connection_url: Optional[str] = None,
4305
4839
  data: Optional[Mapping[str, str]] = None,
4840
+ disable_automated_rotation: Optional[bool] = None,
4306
4841
  max_connection_lifetime: Optional[int] = None,
4307
4842
  max_idle_connections: Optional[int] = None,
4308
4843
  max_open_connections: Optional[int] = None,
4309
4844
  password: Optional[str] = None,
4310
4845
  plugin_name: Optional[str] = None,
4311
4846
  root_rotation_statements: Optional[Sequence[str]] = None,
4847
+ rotation_period: Optional[int] = None,
4848
+ rotation_schedule: Optional[str] = None,
4849
+ rotation_window: Optional[int] = None,
4312
4850
  service_account_json: Optional[str] = None,
4313
4851
  tls_ca: Optional[str] = None,
4314
4852
  tls_certificate_key: Optional[str] = None,
@@ -4322,6 +4860,7 @@ class SecretsMountMysql(dict):
4322
4860
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
4323
4861
  :param str connection_url: Connection string to use to connect to the database.
4324
4862
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4863
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4325
4864
 
4326
4865
  Supported list of database secrets engines that can be configured:
4327
4866
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -4330,6 +4869,13 @@ class SecretsMountMysql(dict):
4330
4869
  :param str password: The root credential password used in the connection URL
4331
4870
  :param str plugin_name: Specifies the name of the plugin to use.
4332
4871
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4872
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4873
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4874
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4875
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4876
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4877
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4878
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4333
4879
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
4334
4880
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
4335
4881
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -4347,6 +4893,8 @@ class SecretsMountMysql(dict):
4347
4893
  pulumi.set(__self__, "connection_url", connection_url)
4348
4894
  if data is not None:
4349
4895
  pulumi.set(__self__, "data", data)
4896
+ if disable_automated_rotation is not None:
4897
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4350
4898
  if max_connection_lifetime is not None:
4351
4899
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
4352
4900
  if max_idle_connections is not None:
@@ -4359,6 +4907,12 @@ class SecretsMountMysql(dict):
4359
4907
  pulumi.set(__self__, "plugin_name", plugin_name)
4360
4908
  if root_rotation_statements is not None:
4361
4909
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4910
+ if rotation_period is not None:
4911
+ pulumi.set(__self__, "rotation_period", rotation_period)
4912
+ if rotation_schedule is not None:
4913
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4914
+ if rotation_window is not None:
4915
+ pulumi.set(__self__, "rotation_window", rotation_window)
4362
4916
  if service_account_json is not None:
4363
4917
  pulumi.set(__self__, "service_account_json", service_account_json)
4364
4918
  if tls_ca is not None:
@@ -4410,10 +4964,18 @@ class SecretsMountMysql(dict):
4410
4964
  def data(self) -> Optional[Mapping[str, str]]:
4411
4965
  """
4412
4966
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4967
+ """
4968
+ return pulumi.get(self, "data")
4969
+
4970
+ @property
4971
+ @pulumi.getter(name="disableAutomatedRotation")
4972
+ def disable_automated_rotation(self) -> Optional[bool]:
4973
+ """
4974
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4413
4975
 
4414
4976
  Supported list of database secrets engines that can be configured:
4415
4977
  """
4416
- return pulumi.get(self, "data")
4978
+ return pulumi.get(self, "disable_automated_rotation")
4417
4979
 
4418
4980
  @property
4419
4981
  @pulumi.getter(name="maxConnectionLifetime")
@@ -4463,6 +5025,34 @@ class SecretsMountMysql(dict):
4463
5025
  """
4464
5026
  return pulumi.get(self, "root_rotation_statements")
4465
5027
 
5028
+ @property
5029
+ @pulumi.getter(name="rotationPeriod")
5030
+ def rotation_period(self) -> Optional[int]:
5031
+ """
5032
+ The amount of time in seconds Vault should wait before rotating the root credential.
5033
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5034
+ """
5035
+ return pulumi.get(self, "rotation_period")
5036
+
5037
+ @property
5038
+ @pulumi.getter(name="rotationSchedule")
5039
+ def rotation_schedule(self) -> Optional[str]:
5040
+ """
5041
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5042
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5043
+ """
5044
+ return pulumi.get(self, "rotation_schedule")
5045
+
5046
+ @property
5047
+ @pulumi.getter(name="rotationWindow")
5048
+ def rotation_window(self) -> Optional[int]:
5049
+ """
5050
+ The maximum amount of time in seconds allowed to complete
5051
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5052
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5053
+ """
5054
+ return pulumi.get(self, "rotation_window")
5055
+
4466
5056
  @property
4467
5057
  @pulumi.getter(name="serviceAccountJson")
4468
5058
  def service_account_json(self) -> Optional[str]:
@@ -4524,6 +5114,8 @@ class SecretsMountMysqlAurora(dict):
4524
5114
  suggest = "auth_type"
4525
5115
  elif key == "connectionUrl":
4526
5116
  suggest = "connection_url"
5117
+ elif key == "disableAutomatedRotation":
5118
+ suggest = "disable_automated_rotation"
4527
5119
  elif key == "maxConnectionLifetime":
4528
5120
  suggest = "max_connection_lifetime"
4529
5121
  elif key == "maxIdleConnections":
@@ -4534,6 +5126,12 @@ class SecretsMountMysqlAurora(dict):
4534
5126
  suggest = "plugin_name"
4535
5127
  elif key == "rootRotationStatements":
4536
5128
  suggest = "root_rotation_statements"
5129
+ elif key == "rotationPeriod":
5130
+ suggest = "rotation_period"
5131
+ elif key == "rotationSchedule":
5132
+ suggest = "rotation_schedule"
5133
+ elif key == "rotationWindow":
5134
+ suggest = "rotation_window"
4537
5135
  elif key == "serviceAccountJson":
4538
5136
  suggest = "service_account_json"
4539
5137
  elif key == "tlsCa":
@@ -4562,12 +5160,16 @@ class SecretsMountMysqlAurora(dict):
4562
5160
  auth_type: Optional[str] = None,
4563
5161
  connection_url: Optional[str] = None,
4564
5162
  data: Optional[Mapping[str, str]] = None,
5163
+ disable_automated_rotation: Optional[bool] = None,
4565
5164
  max_connection_lifetime: Optional[int] = None,
4566
5165
  max_idle_connections: Optional[int] = None,
4567
5166
  max_open_connections: Optional[int] = None,
4568
5167
  password: Optional[str] = None,
4569
5168
  plugin_name: Optional[str] = None,
4570
5169
  root_rotation_statements: Optional[Sequence[str]] = None,
5170
+ rotation_period: Optional[int] = None,
5171
+ rotation_schedule: Optional[str] = None,
5172
+ rotation_window: Optional[int] = None,
4571
5173
  service_account_json: Optional[str] = None,
4572
5174
  tls_ca: Optional[str] = None,
4573
5175
  tls_certificate_key: Optional[str] = None,
@@ -4581,6 +5183,7 @@ class SecretsMountMysqlAurora(dict):
4581
5183
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
4582
5184
  :param str connection_url: Connection string to use to connect to the database.
4583
5185
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5186
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4584
5187
 
4585
5188
  Supported list of database secrets engines that can be configured:
4586
5189
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -4589,6 +5192,13 @@ class SecretsMountMysqlAurora(dict):
4589
5192
  :param str password: The root credential password used in the connection URL
4590
5193
  :param str plugin_name: Specifies the name of the plugin to use.
4591
5194
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
5195
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
5196
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5197
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5198
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5199
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
5200
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5201
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4592
5202
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
4593
5203
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
4594
5204
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -4606,6 +5216,8 @@ class SecretsMountMysqlAurora(dict):
4606
5216
  pulumi.set(__self__, "connection_url", connection_url)
4607
5217
  if data is not None:
4608
5218
  pulumi.set(__self__, "data", data)
5219
+ if disable_automated_rotation is not None:
5220
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4609
5221
  if max_connection_lifetime is not None:
4610
5222
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
4611
5223
  if max_idle_connections is not None:
@@ -4618,6 +5230,12 @@ class SecretsMountMysqlAurora(dict):
4618
5230
  pulumi.set(__self__, "plugin_name", plugin_name)
4619
5231
  if root_rotation_statements is not None:
4620
5232
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
5233
+ if rotation_period is not None:
5234
+ pulumi.set(__self__, "rotation_period", rotation_period)
5235
+ if rotation_schedule is not None:
5236
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
5237
+ if rotation_window is not None:
5238
+ pulumi.set(__self__, "rotation_window", rotation_window)
4621
5239
  if service_account_json is not None:
4622
5240
  pulumi.set(__self__, "service_account_json", service_account_json)
4623
5241
  if tls_ca is not None:
@@ -4669,10 +5287,18 @@ class SecretsMountMysqlAurora(dict):
4669
5287
  def data(self) -> Optional[Mapping[str, str]]:
4670
5288
  """
4671
5289
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5290
+ """
5291
+ return pulumi.get(self, "data")
5292
+
5293
+ @property
5294
+ @pulumi.getter(name="disableAutomatedRotation")
5295
+ def disable_automated_rotation(self) -> Optional[bool]:
5296
+ """
5297
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4672
5298
 
4673
5299
  Supported list of database secrets engines that can be configured:
4674
5300
  """
4675
- return pulumi.get(self, "data")
5301
+ return pulumi.get(self, "disable_automated_rotation")
4676
5302
 
4677
5303
  @property
4678
5304
  @pulumi.getter(name="maxConnectionLifetime")
@@ -4722,6 +5348,34 @@ class SecretsMountMysqlAurora(dict):
4722
5348
  """
4723
5349
  return pulumi.get(self, "root_rotation_statements")
4724
5350
 
5351
+ @property
5352
+ @pulumi.getter(name="rotationPeriod")
5353
+ def rotation_period(self) -> Optional[int]:
5354
+ """
5355
+ The amount of time in seconds Vault should wait before rotating the root credential.
5356
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5357
+ """
5358
+ return pulumi.get(self, "rotation_period")
5359
+
5360
+ @property
5361
+ @pulumi.getter(name="rotationSchedule")
5362
+ def rotation_schedule(self) -> Optional[str]:
5363
+ """
5364
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5365
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5366
+ """
5367
+ return pulumi.get(self, "rotation_schedule")
5368
+
5369
+ @property
5370
+ @pulumi.getter(name="rotationWindow")
5371
+ def rotation_window(self) -> Optional[int]:
5372
+ """
5373
+ The maximum amount of time in seconds allowed to complete
5374
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5375
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5376
+ """
5377
+ return pulumi.get(self, "rotation_window")
5378
+
4725
5379
  @property
4726
5380
  @pulumi.getter(name="serviceAccountJson")
4727
5381
  def service_account_json(self) -> Optional[str]:
@@ -4783,6 +5437,8 @@ class SecretsMountMysqlLegacy(dict):
4783
5437
  suggest = "auth_type"
4784
5438
  elif key == "connectionUrl":
4785
5439
  suggest = "connection_url"
5440
+ elif key == "disableAutomatedRotation":
5441
+ suggest = "disable_automated_rotation"
4786
5442
  elif key == "maxConnectionLifetime":
4787
5443
  suggest = "max_connection_lifetime"
4788
5444
  elif key == "maxIdleConnections":
@@ -4793,6 +5449,12 @@ class SecretsMountMysqlLegacy(dict):
4793
5449
  suggest = "plugin_name"
4794
5450
  elif key == "rootRotationStatements":
4795
5451
  suggest = "root_rotation_statements"
5452
+ elif key == "rotationPeriod":
5453
+ suggest = "rotation_period"
5454
+ elif key == "rotationSchedule":
5455
+ suggest = "rotation_schedule"
5456
+ elif key == "rotationWindow":
5457
+ suggest = "rotation_window"
4796
5458
  elif key == "serviceAccountJson":
4797
5459
  suggest = "service_account_json"
4798
5460
  elif key == "tlsCa":
@@ -4821,12 +5483,16 @@ class SecretsMountMysqlLegacy(dict):
4821
5483
  auth_type: Optional[str] = None,
4822
5484
  connection_url: Optional[str] = None,
4823
5485
  data: Optional[Mapping[str, str]] = None,
5486
+ disable_automated_rotation: Optional[bool] = None,
4824
5487
  max_connection_lifetime: Optional[int] = None,
4825
5488
  max_idle_connections: Optional[int] = None,
4826
5489
  max_open_connections: Optional[int] = None,
4827
5490
  password: Optional[str] = None,
4828
5491
  plugin_name: Optional[str] = None,
4829
5492
  root_rotation_statements: Optional[Sequence[str]] = None,
5493
+ rotation_period: Optional[int] = None,
5494
+ rotation_schedule: Optional[str] = None,
5495
+ rotation_window: Optional[int] = None,
4830
5496
  service_account_json: Optional[str] = None,
4831
5497
  tls_ca: Optional[str] = None,
4832
5498
  tls_certificate_key: Optional[str] = None,
@@ -4840,6 +5506,7 @@ class SecretsMountMysqlLegacy(dict):
4840
5506
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
4841
5507
  :param str connection_url: Connection string to use to connect to the database.
4842
5508
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5509
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4843
5510
 
4844
5511
  Supported list of database secrets engines that can be configured:
4845
5512
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -4848,6 +5515,13 @@ class SecretsMountMysqlLegacy(dict):
4848
5515
  :param str password: The root credential password used in the connection URL
4849
5516
  :param str plugin_name: Specifies the name of the plugin to use.
4850
5517
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
5518
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
5519
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5520
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5521
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5522
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
5523
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5524
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4851
5525
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
4852
5526
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
4853
5527
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -4865,6 +5539,8 @@ class SecretsMountMysqlLegacy(dict):
4865
5539
  pulumi.set(__self__, "connection_url", connection_url)
4866
5540
  if data is not None:
4867
5541
  pulumi.set(__self__, "data", data)
5542
+ if disable_automated_rotation is not None:
5543
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4868
5544
  if max_connection_lifetime is not None:
4869
5545
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
4870
5546
  if max_idle_connections is not None:
@@ -4877,6 +5553,12 @@ class SecretsMountMysqlLegacy(dict):
4877
5553
  pulumi.set(__self__, "plugin_name", plugin_name)
4878
5554
  if root_rotation_statements is not None:
4879
5555
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
5556
+ if rotation_period is not None:
5557
+ pulumi.set(__self__, "rotation_period", rotation_period)
5558
+ if rotation_schedule is not None:
5559
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
5560
+ if rotation_window is not None:
5561
+ pulumi.set(__self__, "rotation_window", rotation_window)
4880
5562
  if service_account_json is not None:
4881
5563
  pulumi.set(__self__, "service_account_json", service_account_json)
4882
5564
  if tls_ca is not None:
@@ -4928,10 +5610,18 @@ class SecretsMountMysqlLegacy(dict):
4928
5610
  def data(self) -> Optional[Mapping[str, str]]:
4929
5611
  """
4930
5612
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5613
+ """
5614
+ return pulumi.get(self, "data")
5615
+
5616
+ @property
5617
+ @pulumi.getter(name="disableAutomatedRotation")
5618
+ def disable_automated_rotation(self) -> Optional[bool]:
5619
+ """
5620
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4931
5621
 
4932
5622
  Supported list of database secrets engines that can be configured:
4933
5623
  """
4934
- return pulumi.get(self, "data")
5624
+ return pulumi.get(self, "disable_automated_rotation")
4935
5625
 
4936
5626
  @property
4937
5627
  @pulumi.getter(name="maxConnectionLifetime")
@@ -4981,6 +5671,34 @@ class SecretsMountMysqlLegacy(dict):
4981
5671
  """
4982
5672
  return pulumi.get(self, "root_rotation_statements")
4983
5673
 
5674
+ @property
5675
+ @pulumi.getter(name="rotationPeriod")
5676
+ def rotation_period(self) -> Optional[int]:
5677
+ """
5678
+ The amount of time in seconds Vault should wait before rotating the root credential.
5679
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5680
+ """
5681
+ return pulumi.get(self, "rotation_period")
5682
+
5683
+ @property
5684
+ @pulumi.getter(name="rotationSchedule")
5685
+ def rotation_schedule(self) -> Optional[str]:
5686
+ """
5687
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5688
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5689
+ """
5690
+ return pulumi.get(self, "rotation_schedule")
5691
+
5692
+ @property
5693
+ @pulumi.getter(name="rotationWindow")
5694
+ def rotation_window(self) -> Optional[int]:
5695
+ """
5696
+ The maximum amount of time in seconds allowed to complete
5697
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5698
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5699
+ """
5700
+ return pulumi.get(self, "rotation_window")
5701
+
4984
5702
  @property
4985
5703
  @pulumi.getter(name="serviceAccountJson")
4986
5704
  def service_account_json(self) -> Optional[str]:
@@ -5042,6 +5760,8 @@ class SecretsMountMysqlRd(dict):
5042
5760
  suggest = "auth_type"
5043
5761
  elif key == "connectionUrl":
5044
5762
  suggest = "connection_url"
5763
+ elif key == "disableAutomatedRotation":
5764
+ suggest = "disable_automated_rotation"
5045
5765
  elif key == "maxConnectionLifetime":
5046
5766
  suggest = "max_connection_lifetime"
5047
5767
  elif key == "maxIdleConnections":
@@ -5052,6 +5772,12 @@ class SecretsMountMysqlRd(dict):
5052
5772
  suggest = "plugin_name"
5053
5773
  elif key == "rootRotationStatements":
5054
5774
  suggest = "root_rotation_statements"
5775
+ elif key == "rotationPeriod":
5776
+ suggest = "rotation_period"
5777
+ elif key == "rotationSchedule":
5778
+ suggest = "rotation_schedule"
5779
+ elif key == "rotationWindow":
5780
+ suggest = "rotation_window"
5055
5781
  elif key == "serviceAccountJson":
5056
5782
  suggest = "service_account_json"
5057
5783
  elif key == "tlsCa":
@@ -5080,12 +5806,16 @@ class SecretsMountMysqlRd(dict):
5080
5806
  auth_type: Optional[str] = None,
5081
5807
  connection_url: Optional[str] = None,
5082
5808
  data: Optional[Mapping[str, str]] = None,
5809
+ disable_automated_rotation: Optional[bool] = None,
5083
5810
  max_connection_lifetime: Optional[int] = None,
5084
5811
  max_idle_connections: Optional[int] = None,
5085
5812
  max_open_connections: Optional[int] = None,
5086
5813
  password: Optional[str] = None,
5087
5814
  plugin_name: Optional[str] = None,
5088
5815
  root_rotation_statements: Optional[Sequence[str]] = None,
5816
+ rotation_period: Optional[int] = None,
5817
+ rotation_schedule: Optional[str] = None,
5818
+ rotation_window: Optional[int] = None,
5089
5819
  service_account_json: Optional[str] = None,
5090
5820
  tls_ca: Optional[str] = None,
5091
5821
  tls_certificate_key: Optional[str] = None,
@@ -5099,6 +5829,7 @@ class SecretsMountMysqlRd(dict):
5099
5829
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
5100
5830
  :param str connection_url: Connection string to use to connect to the database.
5101
5831
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5832
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5102
5833
 
5103
5834
  Supported list of database secrets engines that can be configured:
5104
5835
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -5107,6 +5838,13 @@ class SecretsMountMysqlRd(dict):
5107
5838
  :param str password: The root credential password used in the connection URL
5108
5839
  :param str plugin_name: Specifies the name of the plugin to use.
5109
5840
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
5841
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
5842
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5843
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5844
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5845
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
5846
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5847
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5110
5848
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
5111
5849
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
5112
5850
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -5124,6 +5862,8 @@ class SecretsMountMysqlRd(dict):
5124
5862
  pulumi.set(__self__, "connection_url", connection_url)
5125
5863
  if data is not None:
5126
5864
  pulumi.set(__self__, "data", data)
5865
+ if disable_automated_rotation is not None:
5866
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5127
5867
  if max_connection_lifetime is not None:
5128
5868
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
5129
5869
  if max_idle_connections is not None:
@@ -5136,6 +5876,12 @@ class SecretsMountMysqlRd(dict):
5136
5876
  pulumi.set(__self__, "plugin_name", plugin_name)
5137
5877
  if root_rotation_statements is not None:
5138
5878
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
5879
+ if rotation_period is not None:
5880
+ pulumi.set(__self__, "rotation_period", rotation_period)
5881
+ if rotation_schedule is not None:
5882
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
5883
+ if rotation_window is not None:
5884
+ pulumi.set(__self__, "rotation_window", rotation_window)
5139
5885
  if service_account_json is not None:
5140
5886
  pulumi.set(__self__, "service_account_json", service_account_json)
5141
5887
  if tls_ca is not None:
@@ -5187,10 +5933,18 @@ class SecretsMountMysqlRd(dict):
5187
5933
  def data(self) -> Optional[Mapping[str, str]]:
5188
5934
  """
5189
5935
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5936
+ """
5937
+ return pulumi.get(self, "data")
5938
+
5939
+ @property
5940
+ @pulumi.getter(name="disableAutomatedRotation")
5941
+ def disable_automated_rotation(self) -> Optional[bool]:
5942
+ """
5943
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5190
5944
 
5191
5945
  Supported list of database secrets engines that can be configured:
5192
5946
  """
5193
- return pulumi.get(self, "data")
5947
+ return pulumi.get(self, "disable_automated_rotation")
5194
5948
 
5195
5949
  @property
5196
5950
  @pulumi.getter(name="maxConnectionLifetime")
@@ -5240,6 +5994,34 @@ class SecretsMountMysqlRd(dict):
5240
5994
  """
5241
5995
  return pulumi.get(self, "root_rotation_statements")
5242
5996
 
5997
+ @property
5998
+ @pulumi.getter(name="rotationPeriod")
5999
+ def rotation_period(self) -> Optional[int]:
6000
+ """
6001
+ The amount of time in seconds Vault should wait before rotating the root credential.
6002
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6003
+ """
6004
+ return pulumi.get(self, "rotation_period")
6005
+
6006
+ @property
6007
+ @pulumi.getter(name="rotationSchedule")
6008
+ def rotation_schedule(self) -> Optional[str]:
6009
+ """
6010
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6011
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6012
+ """
6013
+ return pulumi.get(self, "rotation_schedule")
6014
+
6015
+ @property
6016
+ @pulumi.getter(name="rotationWindow")
6017
+ def rotation_window(self) -> Optional[int]:
6018
+ """
6019
+ The maximum amount of time in seconds allowed to complete
6020
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6021
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6022
+ """
6023
+ return pulumi.get(self, "rotation_window")
6024
+
5243
6025
  @property
5244
6026
  @pulumi.getter(name="serviceAccountJson")
5245
6027
  def service_account_json(self) -> Optional[str]:
@@ -5299,6 +6081,8 @@ class SecretsMountOracle(dict):
5299
6081
  suggest = "allowed_roles"
5300
6082
  elif key == "connectionUrl":
5301
6083
  suggest = "connection_url"
6084
+ elif key == "disableAutomatedRotation":
6085
+ suggest = "disable_automated_rotation"
5302
6086
  elif key == "disconnectSessions":
5303
6087
  suggest = "disconnect_sessions"
5304
6088
  elif key == "maxConnectionLifetime":
@@ -5311,6 +6095,12 @@ class SecretsMountOracle(dict):
5311
6095
  suggest = "plugin_name"
5312
6096
  elif key == "rootRotationStatements":
5313
6097
  suggest = "root_rotation_statements"
6098
+ elif key == "rotationPeriod":
6099
+ suggest = "rotation_period"
6100
+ elif key == "rotationSchedule":
6101
+ suggest = "rotation_schedule"
6102
+ elif key == "rotationWindow":
6103
+ suggest = "rotation_window"
5314
6104
  elif key == "splitStatements":
5315
6105
  suggest = "split_statements"
5316
6106
  elif key == "usernameTemplate":
@@ -5334,6 +6124,7 @@ class SecretsMountOracle(dict):
5334
6124
  allowed_roles: Optional[Sequence[str]] = None,
5335
6125
  connection_url: Optional[str] = None,
5336
6126
  data: Optional[Mapping[str, str]] = None,
6127
+ disable_automated_rotation: Optional[bool] = None,
5337
6128
  disconnect_sessions: Optional[bool] = None,
5338
6129
  max_connection_lifetime: Optional[int] = None,
5339
6130
  max_idle_connections: Optional[int] = None,
@@ -5341,6 +6132,9 @@ class SecretsMountOracle(dict):
5341
6132
  password: Optional[str] = None,
5342
6133
  plugin_name: Optional[str] = None,
5343
6134
  root_rotation_statements: Optional[Sequence[str]] = None,
6135
+ rotation_period: Optional[int] = None,
6136
+ rotation_schedule: Optional[str] = None,
6137
+ rotation_window: Optional[int] = None,
5344
6138
  split_statements: Optional[bool] = None,
5345
6139
  username: Optional[str] = None,
5346
6140
  username_template: Optional[str] = None,
@@ -5351,6 +6145,7 @@ class SecretsMountOracle(dict):
5351
6145
  connection.
5352
6146
  :param str connection_url: Connection string to use to connect to the database.
5353
6147
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6148
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5354
6149
 
5355
6150
  Supported list of database secrets engines that can be configured:
5356
6151
  :param bool disconnect_sessions: Set to true to disconnect any open sessions prior to running the revocation statements.
@@ -5360,6 +6155,13 @@ class SecretsMountOracle(dict):
5360
6155
  :param str password: The root credential password used in the connection URL
5361
6156
  :param str plugin_name: Specifies the name of the plugin to use.
5362
6157
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
6158
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
6159
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6160
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6161
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6162
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
6163
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6164
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5363
6165
  :param bool split_statements: Set to true in order to split statements after semi-colons.
5364
6166
  :param str username: The root credential username used in the connection URL
5365
6167
  :param str username_template: Username generation template.
@@ -5373,6 +6175,8 @@ class SecretsMountOracle(dict):
5373
6175
  pulumi.set(__self__, "connection_url", connection_url)
5374
6176
  if data is not None:
5375
6177
  pulumi.set(__self__, "data", data)
6178
+ if disable_automated_rotation is not None:
6179
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5376
6180
  if disconnect_sessions is not None:
5377
6181
  pulumi.set(__self__, "disconnect_sessions", disconnect_sessions)
5378
6182
  if max_connection_lifetime is not None:
@@ -5387,6 +6191,12 @@ class SecretsMountOracle(dict):
5387
6191
  pulumi.set(__self__, "plugin_name", plugin_name)
5388
6192
  if root_rotation_statements is not None:
5389
6193
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
6194
+ if rotation_period is not None:
6195
+ pulumi.set(__self__, "rotation_period", rotation_period)
6196
+ if rotation_schedule is not None:
6197
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
6198
+ if rotation_window is not None:
6199
+ pulumi.set(__self__, "rotation_window", rotation_window)
5390
6200
  if split_statements is not None:
5391
6201
  pulumi.set(__self__, "split_statements", split_statements)
5392
6202
  if username is not None:
@@ -5426,10 +6236,18 @@ class SecretsMountOracle(dict):
5426
6236
  def data(self) -> Optional[Mapping[str, str]]:
5427
6237
  """
5428
6238
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6239
+ """
6240
+ return pulumi.get(self, "data")
6241
+
6242
+ @property
6243
+ @pulumi.getter(name="disableAutomatedRotation")
6244
+ def disable_automated_rotation(self) -> Optional[bool]:
6245
+ """
6246
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5429
6247
 
5430
6248
  Supported list of database secrets engines that can be configured:
5431
6249
  """
5432
- return pulumi.get(self, "data")
6250
+ return pulumi.get(self, "disable_automated_rotation")
5433
6251
 
5434
6252
  @property
5435
6253
  @pulumi.getter(name="disconnectSessions")
@@ -5487,6 +6305,34 @@ class SecretsMountOracle(dict):
5487
6305
  """
5488
6306
  return pulumi.get(self, "root_rotation_statements")
5489
6307
 
6308
+ @property
6309
+ @pulumi.getter(name="rotationPeriod")
6310
+ def rotation_period(self) -> Optional[int]:
6311
+ """
6312
+ The amount of time in seconds Vault should wait before rotating the root credential.
6313
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6314
+ """
6315
+ return pulumi.get(self, "rotation_period")
6316
+
6317
+ @property
6318
+ @pulumi.getter(name="rotationSchedule")
6319
+ def rotation_schedule(self) -> Optional[str]:
6320
+ """
6321
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6322
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6323
+ """
6324
+ return pulumi.get(self, "rotation_schedule")
6325
+
6326
+ @property
6327
+ @pulumi.getter(name="rotationWindow")
6328
+ def rotation_window(self) -> Optional[int]:
6329
+ """
6330
+ The maximum amount of time in seconds allowed to complete
6331
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6332
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6333
+ """
6334
+ return pulumi.get(self, "rotation_window")
6335
+
5490
6336
  @property
5491
6337
  @pulumi.getter(name="splitStatements")
5492
6338
  def split_statements(self) -> Optional[bool]:
@@ -5532,6 +6378,8 @@ class SecretsMountPostgresql(dict):
5532
6378
  suggest = "auth_type"
5533
6379
  elif key == "connectionUrl":
5534
6380
  suggest = "connection_url"
6381
+ elif key == "disableAutomatedRotation":
6382
+ suggest = "disable_automated_rotation"
5535
6383
  elif key == "disableEscaping":
5536
6384
  suggest = "disable_escaping"
5537
6385
  elif key == "maxConnectionLifetime":
@@ -5540,12 +6388,20 @@ class SecretsMountPostgresql(dict):
5540
6388
  suggest = "max_idle_connections"
5541
6389
  elif key == "maxOpenConnections":
5542
6390
  suggest = "max_open_connections"
6391
+ elif key == "passwordAuthentication":
6392
+ suggest = "password_authentication"
5543
6393
  elif key == "pluginName":
5544
6394
  suggest = "plugin_name"
5545
6395
  elif key == "privateKey":
5546
6396
  suggest = "private_key"
5547
6397
  elif key == "rootRotationStatements":
5548
6398
  suggest = "root_rotation_statements"
6399
+ elif key == "rotationPeriod":
6400
+ suggest = "rotation_period"
6401
+ elif key == "rotationSchedule":
6402
+ suggest = "rotation_schedule"
6403
+ elif key == "rotationWindow":
6404
+ suggest = "rotation_window"
5549
6405
  elif key == "selfManaged":
5550
6406
  suggest = "self_managed"
5551
6407
  elif key == "serviceAccountJson":
@@ -5576,14 +6432,19 @@ class SecretsMountPostgresql(dict):
5576
6432
  auth_type: Optional[str] = None,
5577
6433
  connection_url: Optional[str] = None,
5578
6434
  data: Optional[Mapping[str, str]] = None,
6435
+ disable_automated_rotation: Optional[bool] = None,
5579
6436
  disable_escaping: Optional[bool] = None,
5580
6437
  max_connection_lifetime: Optional[int] = None,
5581
6438
  max_idle_connections: Optional[int] = None,
5582
6439
  max_open_connections: Optional[int] = None,
5583
6440
  password: Optional[str] = None,
6441
+ password_authentication: Optional[str] = None,
5584
6442
  plugin_name: Optional[str] = None,
5585
6443
  private_key: Optional[str] = None,
5586
6444
  root_rotation_statements: Optional[Sequence[str]] = None,
6445
+ rotation_period: Optional[int] = None,
6446
+ rotation_schedule: Optional[str] = None,
6447
+ rotation_window: Optional[int] = None,
5587
6448
  self_managed: Optional[bool] = None,
5588
6449
  service_account_json: Optional[str] = None,
5589
6450
  tls_ca: Optional[str] = None,
@@ -5598,6 +6459,7 @@ class SecretsMountPostgresql(dict):
5598
6459
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
5599
6460
  :param str connection_url: Connection string to use to connect to the database.
5600
6461
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6462
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5601
6463
 
5602
6464
  Supported list of database secrets engines that can be configured:
5603
6465
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -5605,9 +6467,17 @@ class SecretsMountPostgresql(dict):
5605
6467
  :param int max_idle_connections: Maximum number of idle connections to the database.
5606
6468
  :param int max_open_connections: Maximum number of open connections to the database.
5607
6469
  :param str password: The root credential password used in the connection URL
6470
+ :param str password_authentication: When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
5608
6471
  :param str plugin_name: Specifies the name of the plugin to use.
5609
6472
  :param str private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
5610
6473
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
6474
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
6475
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6476
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6477
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6478
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
6479
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6480
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5611
6481
  :param bool self_managed: If set, allows onboarding static roles with a rootless connection configuration.
5612
6482
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
5613
6483
  :param str tls_ca: The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
@@ -5626,6 +6496,8 @@ class SecretsMountPostgresql(dict):
5626
6496
  pulumi.set(__self__, "connection_url", connection_url)
5627
6497
  if data is not None:
5628
6498
  pulumi.set(__self__, "data", data)
6499
+ if disable_automated_rotation is not None:
6500
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5629
6501
  if disable_escaping is not None:
5630
6502
  pulumi.set(__self__, "disable_escaping", disable_escaping)
5631
6503
  if max_connection_lifetime is not None:
@@ -5636,12 +6508,20 @@ class SecretsMountPostgresql(dict):
5636
6508
  pulumi.set(__self__, "max_open_connections", max_open_connections)
5637
6509
  if password is not None:
5638
6510
  pulumi.set(__self__, "password", password)
6511
+ if password_authentication is not None:
6512
+ pulumi.set(__self__, "password_authentication", password_authentication)
5639
6513
  if plugin_name is not None:
5640
6514
  pulumi.set(__self__, "plugin_name", plugin_name)
5641
6515
  if private_key is not None:
5642
6516
  pulumi.set(__self__, "private_key", private_key)
5643
6517
  if root_rotation_statements is not None:
5644
6518
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
6519
+ if rotation_period is not None:
6520
+ pulumi.set(__self__, "rotation_period", rotation_period)
6521
+ if rotation_schedule is not None:
6522
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
6523
+ if rotation_window is not None:
6524
+ pulumi.set(__self__, "rotation_window", rotation_window)
5645
6525
  if self_managed is not None:
5646
6526
  pulumi.set(__self__, "self_managed", self_managed)
5647
6527
  if service_account_json is not None:
@@ -5695,10 +6575,18 @@ class SecretsMountPostgresql(dict):
5695
6575
  def data(self) -> Optional[Mapping[str, str]]:
5696
6576
  """
5697
6577
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6578
+ """
6579
+ return pulumi.get(self, "data")
6580
+
6581
+ @property
6582
+ @pulumi.getter(name="disableAutomatedRotation")
6583
+ def disable_automated_rotation(self) -> Optional[bool]:
6584
+ """
6585
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5698
6586
 
5699
6587
  Supported list of database secrets engines that can be configured:
5700
6588
  """
5701
- return pulumi.get(self, "data")
6589
+ return pulumi.get(self, "disable_automated_rotation")
5702
6590
 
5703
6591
  @property
5704
6592
  @pulumi.getter(name="disableEscaping")
@@ -5740,6 +6628,14 @@ class SecretsMountPostgresql(dict):
5740
6628
  """
5741
6629
  return pulumi.get(self, "password")
5742
6630
 
6631
+ @property
6632
+ @pulumi.getter(name="passwordAuthentication")
6633
+ def password_authentication(self) -> Optional[str]:
6634
+ """
6635
+ When set to `scram-sha-256`, passwords will be hashed by Vault before being sent to PostgreSQL.
6636
+ """
6637
+ return pulumi.get(self, "password_authentication")
6638
+
5743
6639
  @property
5744
6640
  @pulumi.getter(name="pluginName")
5745
6641
  def plugin_name(self) -> Optional[str]:
@@ -5764,6 +6660,34 @@ class SecretsMountPostgresql(dict):
5764
6660
  """
5765
6661
  return pulumi.get(self, "root_rotation_statements")
5766
6662
 
6663
+ @property
6664
+ @pulumi.getter(name="rotationPeriod")
6665
+ def rotation_period(self) -> Optional[int]:
6666
+ """
6667
+ The amount of time in seconds Vault should wait before rotating the root credential.
6668
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6669
+ """
6670
+ return pulumi.get(self, "rotation_period")
6671
+
6672
+ @property
6673
+ @pulumi.getter(name="rotationSchedule")
6674
+ def rotation_schedule(self) -> Optional[str]:
6675
+ """
6676
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6677
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6678
+ """
6679
+ return pulumi.get(self, "rotation_schedule")
6680
+
6681
+ @property
6682
+ @pulumi.getter(name="rotationWindow")
6683
+ def rotation_window(self) -> Optional[int]:
6684
+ """
6685
+ The maximum amount of time in seconds allowed to complete
6686
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6687
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6688
+ """
6689
+ return pulumi.get(self, "rotation_window")
6690
+
5767
6691
  @property
5768
6692
  @pulumi.getter(name="selfManaged")
5769
6693
  def self_managed(self) -> Optional[bool]:
@@ -5831,12 +6755,20 @@ class SecretsMountRedi(dict):
5831
6755
  suggest = "allowed_roles"
5832
6756
  elif key == "caCert":
5833
6757
  suggest = "ca_cert"
6758
+ elif key == "disableAutomatedRotation":
6759
+ suggest = "disable_automated_rotation"
5834
6760
  elif key == "insecureTls":
5835
6761
  suggest = "insecure_tls"
5836
6762
  elif key == "pluginName":
5837
6763
  suggest = "plugin_name"
5838
6764
  elif key == "rootRotationStatements":
5839
6765
  suggest = "root_rotation_statements"
6766
+ elif key == "rotationPeriod":
6767
+ suggest = "rotation_period"
6768
+ elif key == "rotationSchedule":
6769
+ suggest = "rotation_schedule"
6770
+ elif key == "rotationWindow":
6771
+ suggest = "rotation_window"
5840
6772
  elif key == "verifyConnection":
5841
6773
  suggest = "verify_connection"
5842
6774
 
@@ -5859,10 +6791,14 @@ class SecretsMountRedi(dict):
5859
6791
  allowed_roles: Optional[Sequence[str]] = None,
5860
6792
  ca_cert: Optional[str] = None,
5861
6793
  data: Optional[Mapping[str, str]] = None,
6794
+ disable_automated_rotation: Optional[bool] = None,
5862
6795
  insecure_tls: Optional[bool] = None,
5863
6796
  plugin_name: Optional[str] = None,
5864
6797
  port: Optional[int] = None,
5865
6798
  root_rotation_statements: Optional[Sequence[str]] = None,
6799
+ rotation_period: Optional[int] = None,
6800
+ rotation_schedule: Optional[str] = None,
6801
+ rotation_window: Optional[int] = None,
5866
6802
  tls: Optional[bool] = None,
5867
6803
  verify_connection: Optional[bool] = None):
5868
6804
  """
@@ -5874,12 +6810,20 @@ class SecretsMountRedi(dict):
5874
6810
  connection.
5875
6811
  :param str ca_cert: The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
5876
6812
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6813
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5877
6814
 
5878
6815
  Supported list of database secrets engines that can be configured:
5879
6816
  :param bool insecure_tls: Specifies whether to skip verification of the server certificate when using TLS.
5880
6817
  :param str plugin_name: Specifies the name of the plugin to use.
5881
6818
  :param int port: The transport port to use to connect to Redis.
5882
6819
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
6820
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
6821
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6822
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6823
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6824
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
6825
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6826
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5883
6827
  :param bool tls: Specifies whether to use TLS when connecting to Redis.
5884
6828
  :param bool verify_connection: Whether the connection should be verified on
5885
6829
  initial configuration or not.
@@ -5894,6 +6838,8 @@ class SecretsMountRedi(dict):
5894
6838
  pulumi.set(__self__, "ca_cert", ca_cert)
5895
6839
  if data is not None:
5896
6840
  pulumi.set(__self__, "data", data)
6841
+ if disable_automated_rotation is not None:
6842
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5897
6843
  if insecure_tls is not None:
5898
6844
  pulumi.set(__self__, "insecure_tls", insecure_tls)
5899
6845
  if plugin_name is not None:
@@ -5902,6 +6848,12 @@ class SecretsMountRedi(dict):
5902
6848
  pulumi.set(__self__, "port", port)
5903
6849
  if root_rotation_statements is not None:
5904
6850
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
6851
+ if rotation_period is not None:
6852
+ pulumi.set(__self__, "rotation_period", rotation_period)
6853
+ if rotation_schedule is not None:
6854
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
6855
+ if rotation_window is not None:
6856
+ pulumi.set(__self__, "rotation_window", rotation_window)
5905
6857
  if tls is not None:
5906
6858
  pulumi.set(__self__, "tls", tls)
5907
6859
  if verify_connection is not None:
@@ -5961,10 +6913,18 @@ class SecretsMountRedi(dict):
5961
6913
  def data(self) -> Optional[Mapping[str, str]]:
5962
6914
  """
5963
6915
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6916
+ """
6917
+ return pulumi.get(self, "data")
6918
+
6919
+ @property
6920
+ @pulumi.getter(name="disableAutomatedRotation")
6921
+ def disable_automated_rotation(self) -> Optional[bool]:
6922
+ """
6923
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5964
6924
 
5965
6925
  Supported list of database secrets engines that can be configured:
5966
6926
  """
5967
- return pulumi.get(self, "data")
6927
+ return pulumi.get(self, "disable_automated_rotation")
5968
6928
 
5969
6929
  @property
5970
6930
  @pulumi.getter(name="insecureTls")
@@ -5998,6 +6958,34 @@ class SecretsMountRedi(dict):
5998
6958
  """
5999
6959
  return pulumi.get(self, "root_rotation_statements")
6000
6960
 
6961
+ @property
6962
+ @pulumi.getter(name="rotationPeriod")
6963
+ def rotation_period(self) -> Optional[int]:
6964
+ """
6965
+ The amount of time in seconds Vault should wait before rotating the root credential.
6966
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6967
+ """
6968
+ return pulumi.get(self, "rotation_period")
6969
+
6970
+ @property
6971
+ @pulumi.getter(name="rotationSchedule")
6972
+ def rotation_schedule(self) -> Optional[str]:
6973
+ """
6974
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6975
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6976
+ """
6977
+ return pulumi.get(self, "rotation_schedule")
6978
+
6979
+ @property
6980
+ @pulumi.getter(name="rotationWindow")
6981
+ def rotation_window(self) -> Optional[int]:
6982
+ """
6983
+ The maximum amount of time in seconds allowed to complete
6984
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6985
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6986
+ """
6987
+ return pulumi.get(self, "rotation_window")
6988
+
6001
6989
  @property
6002
6990
  @pulumi.getter
6003
6991
  def tls(self) -> Optional[bool]:
@@ -6023,10 +7011,18 @@ class SecretsMountRedisElasticach(dict):
6023
7011
  suggest = None
6024
7012
  if key == "allowedRoles":
6025
7013
  suggest = "allowed_roles"
7014
+ elif key == "disableAutomatedRotation":
7015
+ suggest = "disable_automated_rotation"
6026
7016
  elif key == "pluginName":
6027
7017
  suggest = "plugin_name"
6028
7018
  elif key == "rootRotationStatements":
6029
7019
  suggest = "root_rotation_statements"
7020
+ elif key == "rotationPeriod":
7021
+ suggest = "rotation_period"
7022
+ elif key == "rotationSchedule":
7023
+ suggest = "rotation_schedule"
7024
+ elif key == "rotationWindow":
7025
+ suggest = "rotation_window"
6030
7026
  elif key == "verifyConnection":
6031
7027
  suggest = "verify_connection"
6032
7028
 
@@ -6046,10 +7042,14 @@ class SecretsMountRedisElasticach(dict):
6046
7042
  url: str,
6047
7043
  allowed_roles: Optional[Sequence[str]] = None,
6048
7044
  data: Optional[Mapping[str, str]] = None,
7045
+ disable_automated_rotation: Optional[bool] = None,
6049
7046
  password: Optional[str] = None,
6050
7047
  plugin_name: Optional[str] = None,
6051
7048
  region: Optional[str] = None,
6052
7049
  root_rotation_statements: Optional[Sequence[str]] = None,
7050
+ rotation_period: Optional[int] = None,
7051
+ rotation_schedule: Optional[str] = None,
7052
+ rotation_window: Optional[int] = None,
6053
7053
  username: Optional[str] = None,
6054
7054
  verify_connection: Optional[bool] = None):
6055
7055
  """
@@ -6058,12 +7058,20 @@ class SecretsMountRedisElasticach(dict):
6058
7058
  :param Sequence[str] allowed_roles: A list of roles that are allowed to use this
6059
7059
  connection.
6060
7060
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7061
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6061
7062
 
6062
7063
  Supported list of database secrets engines that can be configured:
6063
7064
  :param str password: The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
6064
7065
  :param str plugin_name: Specifies the name of the plugin to use.
6065
7066
  :param str region: The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
6066
7067
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
7068
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
7069
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7070
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7071
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7072
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
7073
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7074
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6067
7075
  :param str username: The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
6068
7076
  :param bool verify_connection: Whether the connection should be verified on
6069
7077
  initial configuration or not.
@@ -6074,6 +7082,8 @@ class SecretsMountRedisElasticach(dict):
6074
7082
  pulumi.set(__self__, "allowed_roles", allowed_roles)
6075
7083
  if data is not None:
6076
7084
  pulumi.set(__self__, "data", data)
7085
+ if disable_automated_rotation is not None:
7086
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
6077
7087
  if password is not None:
6078
7088
  pulumi.set(__self__, "password", password)
6079
7089
  if plugin_name is not None:
@@ -6082,6 +7092,12 @@ class SecretsMountRedisElasticach(dict):
6082
7092
  pulumi.set(__self__, "region", region)
6083
7093
  if root_rotation_statements is not None:
6084
7094
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
7095
+ if rotation_period is not None:
7096
+ pulumi.set(__self__, "rotation_period", rotation_period)
7097
+ if rotation_schedule is not None:
7098
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
7099
+ if rotation_window is not None:
7100
+ pulumi.set(__self__, "rotation_window", rotation_window)
6085
7101
  if username is not None:
6086
7102
  pulumi.set(__self__, "username", username)
6087
7103
  if verify_connection is not None:
@@ -6117,10 +7133,18 @@ class SecretsMountRedisElasticach(dict):
6117
7133
  def data(self) -> Optional[Mapping[str, str]]:
6118
7134
  """
6119
7135
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7136
+ """
7137
+ return pulumi.get(self, "data")
7138
+
7139
+ @property
7140
+ @pulumi.getter(name="disableAutomatedRotation")
7141
+ def disable_automated_rotation(self) -> Optional[bool]:
7142
+ """
7143
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6120
7144
 
6121
7145
  Supported list of database secrets engines that can be configured:
6122
7146
  """
6123
- return pulumi.get(self, "data")
7147
+ return pulumi.get(self, "disable_automated_rotation")
6124
7148
 
6125
7149
  @property
6126
7150
  @pulumi.getter
@@ -6154,6 +7178,34 @@ class SecretsMountRedisElasticach(dict):
6154
7178
  """
6155
7179
  return pulumi.get(self, "root_rotation_statements")
6156
7180
 
7181
+ @property
7182
+ @pulumi.getter(name="rotationPeriod")
7183
+ def rotation_period(self) -> Optional[int]:
7184
+ """
7185
+ The amount of time in seconds Vault should wait before rotating the root credential.
7186
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7187
+ """
7188
+ return pulumi.get(self, "rotation_period")
7189
+
7190
+ @property
7191
+ @pulumi.getter(name="rotationSchedule")
7192
+ def rotation_schedule(self) -> Optional[str]:
7193
+ """
7194
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7195
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7196
+ """
7197
+ return pulumi.get(self, "rotation_schedule")
7198
+
7199
+ @property
7200
+ @pulumi.getter(name="rotationWindow")
7201
+ def rotation_window(self) -> Optional[int]:
7202
+ """
7203
+ The maximum amount of time in seconds allowed to complete
7204
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7205
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
7206
+ """
7207
+ return pulumi.get(self, "rotation_window")
7208
+
6157
7209
  @property
6158
7210
  @pulumi.getter
6159
7211
  def username(self) -> Optional[str]:
@@ -6181,6 +7233,8 @@ class SecretsMountRedshift(dict):
6181
7233
  suggest = "allowed_roles"
6182
7234
  elif key == "connectionUrl":
6183
7235
  suggest = "connection_url"
7236
+ elif key == "disableAutomatedRotation":
7237
+ suggest = "disable_automated_rotation"
6184
7238
  elif key == "disableEscaping":
6185
7239
  suggest = "disable_escaping"
6186
7240
  elif key == "maxConnectionLifetime":
@@ -6193,6 +7247,12 @@ class SecretsMountRedshift(dict):
6193
7247
  suggest = "plugin_name"
6194
7248
  elif key == "rootRotationStatements":
6195
7249
  suggest = "root_rotation_statements"
7250
+ elif key == "rotationPeriod":
7251
+ suggest = "rotation_period"
7252
+ elif key == "rotationSchedule":
7253
+ suggest = "rotation_schedule"
7254
+ elif key == "rotationWindow":
7255
+ suggest = "rotation_window"
6196
7256
  elif key == "usernameTemplate":
6197
7257
  suggest = "username_template"
6198
7258
  elif key == "verifyConnection":
@@ -6214,6 +7274,7 @@ class SecretsMountRedshift(dict):
6214
7274
  allowed_roles: Optional[Sequence[str]] = None,
6215
7275
  connection_url: Optional[str] = None,
6216
7276
  data: Optional[Mapping[str, str]] = None,
7277
+ disable_automated_rotation: Optional[bool] = None,
6217
7278
  disable_escaping: Optional[bool] = None,
6218
7279
  max_connection_lifetime: Optional[int] = None,
6219
7280
  max_idle_connections: Optional[int] = None,
@@ -6221,6 +7282,9 @@ class SecretsMountRedshift(dict):
6221
7282
  password: Optional[str] = None,
6222
7283
  plugin_name: Optional[str] = None,
6223
7284
  root_rotation_statements: Optional[Sequence[str]] = None,
7285
+ rotation_period: Optional[int] = None,
7286
+ rotation_schedule: Optional[str] = None,
7287
+ rotation_window: Optional[int] = None,
6224
7288
  username: Optional[str] = None,
6225
7289
  username_template: Optional[str] = None,
6226
7290
  verify_connection: Optional[bool] = None):
@@ -6230,6 +7294,7 @@ class SecretsMountRedshift(dict):
6230
7294
  connection.
6231
7295
  :param str connection_url: Connection string to use to connect to the database.
6232
7296
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7297
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6233
7298
 
6234
7299
  Supported list of database secrets engines that can be configured:
6235
7300
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -6239,6 +7304,13 @@ class SecretsMountRedshift(dict):
6239
7304
  :param str password: The root credential password used in the connection URL
6240
7305
  :param str plugin_name: Specifies the name of the plugin to use.
6241
7306
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
7307
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
7308
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7309
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7310
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7311
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
7312
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7313
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6242
7314
  :param str username: The root credential username used in the connection URL
6243
7315
  :param str username_template: Username generation template.
6244
7316
  :param bool verify_connection: Whether the connection should be verified on
@@ -6251,6 +7323,8 @@ class SecretsMountRedshift(dict):
6251
7323
  pulumi.set(__self__, "connection_url", connection_url)
6252
7324
  if data is not None:
6253
7325
  pulumi.set(__self__, "data", data)
7326
+ if disable_automated_rotation is not None:
7327
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
6254
7328
  if disable_escaping is not None:
6255
7329
  pulumi.set(__self__, "disable_escaping", disable_escaping)
6256
7330
  if max_connection_lifetime is not None:
@@ -6265,6 +7339,12 @@ class SecretsMountRedshift(dict):
6265
7339
  pulumi.set(__self__, "plugin_name", plugin_name)
6266
7340
  if root_rotation_statements is not None:
6267
7341
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
7342
+ if rotation_period is not None:
7343
+ pulumi.set(__self__, "rotation_period", rotation_period)
7344
+ if rotation_schedule is not None:
7345
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
7346
+ if rotation_window is not None:
7347
+ pulumi.set(__self__, "rotation_window", rotation_window)
6268
7348
  if username is not None:
6269
7349
  pulumi.set(__self__, "username", username)
6270
7350
  if username_template is not None:
@@ -6302,10 +7382,18 @@ class SecretsMountRedshift(dict):
6302
7382
  def data(self) -> Optional[Mapping[str, str]]:
6303
7383
  """
6304
7384
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7385
+ """
7386
+ return pulumi.get(self, "data")
7387
+
7388
+ @property
7389
+ @pulumi.getter(name="disableAutomatedRotation")
7390
+ def disable_automated_rotation(self) -> Optional[bool]:
7391
+ """
7392
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6305
7393
 
6306
7394
  Supported list of database secrets engines that can be configured:
6307
7395
  """
6308
- return pulumi.get(self, "data")
7396
+ return pulumi.get(self, "disable_automated_rotation")
6309
7397
 
6310
7398
  @property
6311
7399
  @pulumi.getter(name="disableEscaping")
@@ -6363,6 +7451,34 @@ class SecretsMountRedshift(dict):
6363
7451
  """
6364
7452
  return pulumi.get(self, "root_rotation_statements")
6365
7453
 
7454
+ @property
7455
+ @pulumi.getter(name="rotationPeriod")
7456
+ def rotation_period(self) -> Optional[int]:
7457
+ """
7458
+ The amount of time in seconds Vault should wait before rotating the root credential.
7459
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7460
+ """
7461
+ return pulumi.get(self, "rotation_period")
7462
+
7463
+ @property
7464
+ @pulumi.getter(name="rotationSchedule")
7465
+ def rotation_schedule(self) -> Optional[str]:
7466
+ """
7467
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7468
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7469
+ """
7470
+ return pulumi.get(self, "rotation_schedule")
7471
+
7472
+ @property
7473
+ @pulumi.getter(name="rotationWindow")
7474
+ def rotation_window(self) -> Optional[int]:
7475
+ """
7476
+ The maximum amount of time in seconds allowed to complete
7477
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7478
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
7479
+ """
7480
+ return pulumi.get(self, "rotation_window")
7481
+
6366
7482
  @property
6367
7483
  @pulumi.getter
6368
7484
  def username(self) -> Optional[str]:
@@ -6398,6 +7514,8 @@ class SecretsMountSnowflake(dict):
6398
7514
  suggest = "allowed_roles"
6399
7515
  elif key == "connectionUrl":
6400
7516
  suggest = "connection_url"
7517
+ elif key == "disableAutomatedRotation":
7518
+ suggest = "disable_automated_rotation"
6401
7519
  elif key == "maxConnectionLifetime":
6402
7520
  suggest = "max_connection_lifetime"
6403
7521
  elif key == "maxIdleConnections":
@@ -6408,6 +7526,12 @@ class SecretsMountSnowflake(dict):
6408
7526
  suggest = "plugin_name"
6409
7527
  elif key == "rootRotationStatements":
6410
7528
  suggest = "root_rotation_statements"
7529
+ elif key == "rotationPeriod":
7530
+ suggest = "rotation_period"
7531
+ elif key == "rotationSchedule":
7532
+ suggest = "rotation_schedule"
7533
+ elif key == "rotationWindow":
7534
+ suggest = "rotation_window"
6411
7535
  elif key == "usernameTemplate":
6412
7536
  suggest = "username_template"
6413
7537
  elif key == "verifyConnection":
@@ -6429,12 +7553,16 @@ class SecretsMountSnowflake(dict):
6429
7553
  allowed_roles: Optional[Sequence[str]] = None,
6430
7554
  connection_url: Optional[str] = None,
6431
7555
  data: Optional[Mapping[str, str]] = None,
7556
+ disable_automated_rotation: Optional[bool] = None,
6432
7557
  max_connection_lifetime: Optional[int] = None,
6433
7558
  max_idle_connections: Optional[int] = None,
6434
7559
  max_open_connections: Optional[int] = None,
6435
7560
  password: Optional[str] = None,
6436
7561
  plugin_name: Optional[str] = None,
6437
7562
  root_rotation_statements: Optional[Sequence[str]] = None,
7563
+ rotation_period: Optional[int] = None,
7564
+ rotation_schedule: Optional[str] = None,
7565
+ rotation_window: Optional[int] = None,
6438
7566
  username: Optional[str] = None,
6439
7567
  username_template: Optional[str] = None,
6440
7568
  verify_connection: Optional[bool] = None):
@@ -6444,6 +7572,7 @@ class SecretsMountSnowflake(dict):
6444
7572
  connection.
6445
7573
  :param str connection_url: Connection string to use to connect to the database.
6446
7574
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7575
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6447
7576
 
6448
7577
  Supported list of database secrets engines that can be configured:
6449
7578
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -6452,6 +7581,13 @@ class SecretsMountSnowflake(dict):
6452
7581
  :param str password: The root credential password used in the connection URL
6453
7582
  :param str plugin_name: Specifies the name of the plugin to use.
6454
7583
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
7584
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
7585
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7586
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7587
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7588
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
7589
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7590
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6455
7591
  :param str username: The root credential username used in the connection URL
6456
7592
  :param str username_template: Username generation template.
6457
7593
  :param bool verify_connection: Whether the connection should be verified on
@@ -6464,6 +7600,8 @@ class SecretsMountSnowflake(dict):
6464
7600
  pulumi.set(__self__, "connection_url", connection_url)
6465
7601
  if data is not None:
6466
7602
  pulumi.set(__self__, "data", data)
7603
+ if disable_automated_rotation is not None:
7604
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
6467
7605
  if max_connection_lifetime is not None:
6468
7606
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
6469
7607
  if max_idle_connections is not None:
@@ -6476,6 +7614,12 @@ class SecretsMountSnowflake(dict):
6476
7614
  pulumi.set(__self__, "plugin_name", plugin_name)
6477
7615
  if root_rotation_statements is not None:
6478
7616
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
7617
+ if rotation_period is not None:
7618
+ pulumi.set(__self__, "rotation_period", rotation_period)
7619
+ if rotation_schedule is not None:
7620
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
7621
+ if rotation_window is not None:
7622
+ pulumi.set(__self__, "rotation_window", rotation_window)
6479
7623
  if username is not None:
6480
7624
  pulumi.set(__self__, "username", username)
6481
7625
  if username_template is not None:
@@ -6513,10 +7657,18 @@ class SecretsMountSnowflake(dict):
6513
7657
  def data(self) -> Optional[Mapping[str, str]]:
6514
7658
  """
6515
7659
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7660
+ """
7661
+ return pulumi.get(self, "data")
7662
+
7663
+ @property
7664
+ @pulumi.getter(name="disableAutomatedRotation")
7665
+ def disable_automated_rotation(self) -> Optional[bool]:
7666
+ """
7667
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6516
7668
 
6517
7669
  Supported list of database secrets engines that can be configured:
6518
7670
  """
6519
- return pulumi.get(self, "data")
7671
+ return pulumi.get(self, "disable_automated_rotation")
6520
7672
 
6521
7673
  @property
6522
7674
  @pulumi.getter(name="maxConnectionLifetime")
@@ -6566,6 +7718,34 @@ class SecretsMountSnowflake(dict):
6566
7718
  """
6567
7719
  return pulumi.get(self, "root_rotation_statements")
6568
7720
 
7721
+ @property
7722
+ @pulumi.getter(name="rotationPeriod")
7723
+ def rotation_period(self) -> Optional[int]:
7724
+ """
7725
+ The amount of time in seconds Vault should wait before rotating the root credential.
7726
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7727
+ """
7728
+ return pulumi.get(self, "rotation_period")
7729
+
7730
+ @property
7731
+ @pulumi.getter(name="rotationSchedule")
7732
+ def rotation_schedule(self) -> Optional[str]:
7733
+ """
7734
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7735
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7736
+ """
7737
+ return pulumi.get(self, "rotation_schedule")
7738
+
7739
+ @property
7740
+ @pulumi.getter(name="rotationWindow")
7741
+ def rotation_window(self) -> Optional[int]:
7742
+ """
7743
+ The maximum amount of time in seconds allowed to complete
7744
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7745
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
7746
+ """
7747
+ return pulumi.get(self, "rotation_window")
7748
+
6569
7749
  @property
6570
7750
  @pulumi.getter
6571
7751
  def username(self) -> Optional[str]: