pulumi-vault 6.6.0a1741329548__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -2555,6 +2555,8 @@ class SecretsMountCassandra(dict):
2555
2555
  suggest = "allowed_roles"
2556
2556
  elif key == "connectTimeout":
2557
2557
  suggest = "connect_timeout"
2558
+ elif key == "disableAutomatedRotation":
2559
+ suggest = "disable_automated_rotation"
2558
2560
  elif key == "insecureTls":
2559
2561
  suggest = "insecure_tls"
2560
2562
  elif key == "pemBundle":
@@ -2567,6 +2569,12 @@ class SecretsMountCassandra(dict):
2567
2569
  suggest = "protocol_version"
2568
2570
  elif key == "rootRotationStatements":
2569
2571
  suggest = "root_rotation_statements"
2572
+ elif key == "rotationPeriod":
2573
+ suggest = "rotation_period"
2574
+ elif key == "rotationSchedule":
2575
+ suggest = "rotation_schedule"
2576
+ elif key == "rotationWindow":
2577
+ suggest = "rotation_window"
2570
2578
  elif key == "skipVerification":
2571
2579
  suggest = "skip_verification"
2572
2580
  elif key == "verifyConnection":
@@ -2588,6 +2596,7 @@ class SecretsMountCassandra(dict):
2588
2596
  allowed_roles: Optional[Sequence[str]] = None,
2589
2597
  connect_timeout: Optional[int] = None,
2590
2598
  data: Optional[Mapping[str, str]] = None,
2599
+ disable_automated_rotation: Optional[bool] = None,
2591
2600
  hosts: Optional[Sequence[str]] = None,
2592
2601
  insecure_tls: Optional[bool] = None,
2593
2602
  password: Optional[str] = None,
@@ -2597,6 +2606,9 @@ class SecretsMountCassandra(dict):
2597
2606
  port: Optional[int] = None,
2598
2607
  protocol_version: Optional[int] = None,
2599
2608
  root_rotation_statements: Optional[Sequence[str]] = None,
2609
+ rotation_period: Optional[int] = None,
2610
+ rotation_schedule: Optional[str] = None,
2611
+ rotation_window: Optional[int] = None,
2600
2612
  skip_verification: Optional[bool] = None,
2601
2613
  tls: Optional[bool] = None,
2602
2614
  username: Optional[str] = None,
@@ -2607,6 +2619,7 @@ class SecretsMountCassandra(dict):
2607
2619
  connection.
2608
2620
  :param int connect_timeout: The number of seconds to use as a connection timeout.
2609
2621
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
2622
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2610
2623
 
2611
2624
  Supported list of database secrets engines that can be configured:
2612
2625
  :param Sequence[str] hosts: Cassandra hosts to connect to.
@@ -2618,6 +2631,13 @@ class SecretsMountCassandra(dict):
2618
2631
  :param int port: The transport port to use to connect to Cassandra.
2619
2632
  :param int protocol_version: The CQL protocol version to use.
2620
2633
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
2634
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
2635
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2636
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2637
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2638
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
2639
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2640
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2621
2641
  :param bool skip_verification: Skip permissions checks when a connection to Cassandra is first created. These checks ensure that Vault is able to create roles, but can be resource intensive in clusters with many roles.
2622
2642
  :param bool tls: Whether to use TLS when connecting to Cassandra.
2623
2643
  :param str username: The username to use when authenticating with Cassandra.
@@ -2631,6 +2651,8 @@ class SecretsMountCassandra(dict):
2631
2651
  pulumi.set(__self__, "connect_timeout", connect_timeout)
2632
2652
  if data is not None:
2633
2653
  pulumi.set(__self__, "data", data)
2654
+ if disable_automated_rotation is not None:
2655
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
2634
2656
  if hosts is not None:
2635
2657
  pulumi.set(__self__, "hosts", hosts)
2636
2658
  if insecure_tls is not None:
@@ -2649,6 +2671,12 @@ class SecretsMountCassandra(dict):
2649
2671
  pulumi.set(__self__, "protocol_version", protocol_version)
2650
2672
  if root_rotation_statements is not None:
2651
2673
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
2674
+ if rotation_period is not None:
2675
+ pulumi.set(__self__, "rotation_period", rotation_period)
2676
+ if rotation_schedule is not None:
2677
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
2678
+ if rotation_window is not None:
2679
+ pulumi.set(__self__, "rotation_window", rotation_window)
2652
2680
  if skip_verification is not None:
2653
2681
  pulumi.set(__self__, "skip_verification", skip_verification)
2654
2682
  if tls is not None:
@@ -2688,10 +2716,18 @@ class SecretsMountCassandra(dict):
2688
2716
  def data(self) -> Optional[Mapping[str, str]]:
2689
2717
  """
2690
2718
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
2719
+ """
2720
+ return pulumi.get(self, "data")
2721
+
2722
+ @property
2723
+ @pulumi.getter(name="disableAutomatedRotation")
2724
+ def disable_automated_rotation(self) -> Optional[bool]:
2725
+ """
2726
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2691
2727
 
2692
2728
  Supported list of database secrets engines that can be configured:
2693
2729
  """
2694
- return pulumi.get(self, "data")
2730
+ return pulumi.get(self, "disable_automated_rotation")
2695
2731
 
2696
2732
  @property
2697
2733
  @pulumi.getter
@@ -2765,6 +2801,34 @@ class SecretsMountCassandra(dict):
2765
2801
  """
2766
2802
  return pulumi.get(self, "root_rotation_statements")
2767
2803
 
2804
+ @property
2805
+ @pulumi.getter(name="rotationPeriod")
2806
+ def rotation_period(self) -> Optional[int]:
2807
+ """
2808
+ The amount of time in seconds Vault should wait before rotating the root credential.
2809
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2810
+ """
2811
+ return pulumi.get(self, "rotation_period")
2812
+
2813
+ @property
2814
+ @pulumi.getter(name="rotationSchedule")
2815
+ def rotation_schedule(self) -> Optional[str]:
2816
+ """
2817
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2818
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2819
+ """
2820
+ return pulumi.get(self, "rotation_schedule")
2821
+
2822
+ @property
2823
+ @pulumi.getter(name="rotationWindow")
2824
+ def rotation_window(self) -> Optional[int]:
2825
+ """
2826
+ The maximum amount of time in seconds allowed to complete
2827
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2828
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2829
+ """
2830
+ return pulumi.get(self, "rotation_window")
2831
+
2768
2832
  @property
2769
2833
  @pulumi.getter(name="skipVerification")
2770
2834
  def skip_verification(self) -> Optional[bool]:
@@ -2810,12 +2874,20 @@ class SecretsMountCouchbase(dict):
2810
2874
  suggest = "base64_pem"
2811
2875
  elif key == "bucketName":
2812
2876
  suggest = "bucket_name"
2877
+ elif key == "disableAutomatedRotation":
2878
+ suggest = "disable_automated_rotation"
2813
2879
  elif key == "insecureTls":
2814
2880
  suggest = "insecure_tls"
2815
2881
  elif key == "pluginName":
2816
2882
  suggest = "plugin_name"
2817
2883
  elif key == "rootRotationStatements":
2818
2884
  suggest = "root_rotation_statements"
2885
+ elif key == "rotationPeriod":
2886
+ suggest = "rotation_period"
2887
+ elif key == "rotationSchedule":
2888
+ suggest = "rotation_schedule"
2889
+ elif key == "rotationWindow":
2890
+ suggest = "rotation_window"
2819
2891
  elif key == "usernameTemplate":
2820
2892
  suggest = "username_template"
2821
2893
  elif key == "verifyConnection":
@@ -2841,9 +2913,13 @@ class SecretsMountCouchbase(dict):
2841
2913
  base64_pem: Optional[str] = None,
2842
2914
  bucket_name: Optional[str] = None,
2843
2915
  data: Optional[Mapping[str, str]] = None,
2916
+ disable_automated_rotation: Optional[bool] = None,
2844
2917
  insecure_tls: Optional[bool] = None,
2845
2918
  plugin_name: Optional[str] = None,
2846
2919
  root_rotation_statements: Optional[Sequence[str]] = None,
2920
+ rotation_period: Optional[int] = None,
2921
+ rotation_schedule: Optional[str] = None,
2922
+ rotation_window: Optional[int] = None,
2847
2923
  tls: Optional[bool] = None,
2848
2924
  username_template: Optional[str] = None,
2849
2925
  verify_connection: Optional[bool] = None):
@@ -2857,11 +2933,19 @@ class SecretsMountCouchbase(dict):
2857
2933
  :param str base64_pem: Required if `tls` is `true`. Specifies the certificate authority of the Couchbase server, as a PEM certificate that has been base64 encoded.
2858
2934
  :param str bucket_name: Required for Couchbase versions prior to 6.5.0. This is only used to verify vault's connection to the server.
2859
2935
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
2936
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2860
2937
 
2861
2938
  Supported list of database secrets engines that can be configured:
2862
2939
  :param bool insecure_tls: Specifies whether to skip verification of the server certificate when using TLS.
2863
2940
  :param str plugin_name: Specifies the name of the plugin to use.
2864
2941
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
2942
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
2943
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2944
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2945
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2946
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
2947
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2948
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2865
2949
  :param bool tls: Specifies whether to use TLS when connecting to Couchbase.
2866
2950
  :param str username_template: Template describing how dynamic usernames are generated.
2867
2951
  :param bool verify_connection: Whether the connection should be verified on
@@ -2879,12 +2963,20 @@ class SecretsMountCouchbase(dict):
2879
2963
  pulumi.set(__self__, "bucket_name", bucket_name)
2880
2964
  if data is not None:
2881
2965
  pulumi.set(__self__, "data", data)
2966
+ if disable_automated_rotation is not None:
2967
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
2882
2968
  if insecure_tls is not None:
2883
2969
  pulumi.set(__self__, "insecure_tls", insecure_tls)
2884
2970
  if plugin_name is not None:
2885
2971
  pulumi.set(__self__, "plugin_name", plugin_name)
2886
2972
  if root_rotation_statements is not None:
2887
2973
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
2974
+ if rotation_period is not None:
2975
+ pulumi.set(__self__, "rotation_period", rotation_period)
2976
+ if rotation_schedule is not None:
2977
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
2978
+ if rotation_window is not None:
2979
+ pulumi.set(__self__, "rotation_window", rotation_window)
2888
2980
  if tls is not None:
2889
2981
  pulumi.set(__self__, "tls", tls)
2890
2982
  if username_template is not None:
@@ -2954,10 +3046,18 @@ class SecretsMountCouchbase(dict):
2954
3046
  def data(self) -> Optional[Mapping[str, str]]:
2955
3047
  """
2956
3048
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3049
+ """
3050
+ return pulumi.get(self, "data")
3051
+
3052
+ @property
3053
+ @pulumi.getter(name="disableAutomatedRotation")
3054
+ def disable_automated_rotation(self) -> Optional[bool]:
3055
+ """
3056
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
2957
3057
 
2958
3058
  Supported list of database secrets engines that can be configured:
2959
3059
  """
2960
- return pulumi.get(self, "data")
3060
+ return pulumi.get(self, "disable_automated_rotation")
2961
3061
 
2962
3062
  @property
2963
3063
  @pulumi.getter(name="insecureTls")
@@ -2983,6 +3083,34 @@ class SecretsMountCouchbase(dict):
2983
3083
  """
2984
3084
  return pulumi.get(self, "root_rotation_statements")
2985
3085
 
3086
+ @property
3087
+ @pulumi.getter(name="rotationPeriod")
3088
+ def rotation_period(self) -> Optional[int]:
3089
+ """
3090
+ The amount of time in seconds Vault should wait before rotating the root credential.
3091
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3092
+ """
3093
+ return pulumi.get(self, "rotation_period")
3094
+
3095
+ @property
3096
+ @pulumi.getter(name="rotationSchedule")
3097
+ def rotation_schedule(self) -> Optional[str]:
3098
+ """
3099
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3100
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3101
+ """
3102
+ return pulumi.get(self, "rotation_schedule")
3103
+
3104
+ @property
3105
+ @pulumi.getter(name="rotationWindow")
3106
+ def rotation_window(self) -> Optional[int]:
3107
+ """
3108
+ The maximum amount of time in seconds allowed to complete
3109
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3110
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3111
+ """
3112
+ return pulumi.get(self, "rotation_window")
3113
+
2986
3114
  @property
2987
3115
  @pulumi.getter
2988
3116
  def tls(self) -> Optional[bool]:
@@ -3024,10 +3152,18 @@ class SecretsMountElasticsearch(dict):
3024
3152
  suggest = "client_cert"
3025
3153
  elif key == "clientKey":
3026
3154
  suggest = "client_key"
3155
+ elif key == "disableAutomatedRotation":
3156
+ suggest = "disable_automated_rotation"
3027
3157
  elif key == "pluginName":
3028
3158
  suggest = "plugin_name"
3029
3159
  elif key == "rootRotationStatements":
3030
3160
  suggest = "root_rotation_statements"
3161
+ elif key == "rotationPeriod":
3162
+ suggest = "rotation_period"
3163
+ elif key == "rotationSchedule":
3164
+ suggest = "rotation_schedule"
3165
+ elif key == "rotationWindow":
3166
+ suggest = "rotation_window"
3031
3167
  elif key == "tlsServerName":
3032
3168
  suggest = "tls_server_name"
3033
3169
  elif key == "usernameTemplate":
@@ -3057,9 +3193,13 @@ class SecretsMountElasticsearch(dict):
3057
3193
  client_cert: Optional[str] = None,
3058
3194
  client_key: Optional[str] = None,
3059
3195
  data: Optional[Mapping[str, str]] = None,
3196
+ disable_automated_rotation: Optional[bool] = None,
3060
3197
  insecure: Optional[bool] = None,
3061
3198
  plugin_name: Optional[str] = None,
3062
3199
  root_rotation_statements: Optional[Sequence[str]] = None,
3200
+ rotation_period: Optional[int] = None,
3201
+ rotation_schedule: Optional[str] = None,
3202
+ rotation_window: Optional[int] = None,
3063
3203
  tls_server_name: Optional[str] = None,
3064
3204
  username_template: Optional[str] = None,
3065
3205
  verify_connection: Optional[bool] = None):
@@ -3075,11 +3215,19 @@ class SecretsMountElasticsearch(dict):
3075
3215
  :param str client_cert: The path to the certificate for the Elasticsearch client to present for communication
3076
3216
  :param str client_key: The path to the key for the Elasticsearch client to use for communication
3077
3217
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3218
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3078
3219
 
3079
3220
  Supported list of database secrets engines that can be configured:
3080
3221
  :param bool insecure: Whether to disable certificate verification
3081
3222
  :param str plugin_name: Specifies the name of the plugin to use.
3082
3223
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
3224
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
3225
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3226
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3227
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3228
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
3229
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3230
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3083
3231
  :param str tls_server_name: This, if set, is used to set the SNI host when connecting via TLS
3084
3232
  :param str username_template: Template describing how dynamic usernames are generated.
3085
3233
  :param bool verify_connection: Whether the connection should be verified on
@@ -3101,12 +3249,20 @@ class SecretsMountElasticsearch(dict):
3101
3249
  pulumi.set(__self__, "client_key", client_key)
3102
3250
  if data is not None:
3103
3251
  pulumi.set(__self__, "data", data)
3252
+ if disable_automated_rotation is not None:
3253
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3104
3254
  if insecure is not None:
3105
3255
  pulumi.set(__self__, "insecure", insecure)
3106
3256
  if plugin_name is not None:
3107
3257
  pulumi.set(__self__, "plugin_name", plugin_name)
3108
3258
  if root_rotation_statements is not None:
3109
3259
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
3260
+ if rotation_period is not None:
3261
+ pulumi.set(__self__, "rotation_period", rotation_period)
3262
+ if rotation_schedule is not None:
3263
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
3264
+ if rotation_window is not None:
3265
+ pulumi.set(__self__, "rotation_window", rotation_window)
3110
3266
  if tls_server_name is not None:
3111
3267
  pulumi.set(__self__, "tls_server_name", tls_server_name)
3112
3268
  if username_template is not None:
@@ -3192,10 +3348,18 @@ class SecretsMountElasticsearch(dict):
3192
3348
  def data(self) -> Optional[Mapping[str, str]]:
3193
3349
  """
3194
3350
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3351
+ """
3352
+ return pulumi.get(self, "data")
3353
+
3354
+ @property
3355
+ @pulumi.getter(name="disableAutomatedRotation")
3356
+ def disable_automated_rotation(self) -> Optional[bool]:
3357
+ """
3358
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3195
3359
 
3196
3360
  Supported list of database secrets engines that can be configured:
3197
3361
  """
3198
- return pulumi.get(self, "data")
3362
+ return pulumi.get(self, "disable_automated_rotation")
3199
3363
 
3200
3364
  @property
3201
3365
  @pulumi.getter
@@ -3221,6 +3385,34 @@ class SecretsMountElasticsearch(dict):
3221
3385
  """
3222
3386
  return pulumi.get(self, "root_rotation_statements")
3223
3387
 
3388
+ @property
3389
+ @pulumi.getter(name="rotationPeriod")
3390
+ def rotation_period(self) -> Optional[int]:
3391
+ """
3392
+ The amount of time in seconds Vault should wait before rotating the root credential.
3393
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3394
+ """
3395
+ return pulumi.get(self, "rotation_period")
3396
+
3397
+ @property
3398
+ @pulumi.getter(name="rotationSchedule")
3399
+ def rotation_schedule(self) -> Optional[str]:
3400
+ """
3401
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3402
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3403
+ """
3404
+ return pulumi.get(self, "rotation_schedule")
3405
+
3406
+ @property
3407
+ @pulumi.getter(name="rotationWindow")
3408
+ def rotation_window(self) -> Optional[int]:
3409
+ """
3410
+ The maximum amount of time in seconds allowed to complete
3411
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3412
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3413
+ """
3414
+ return pulumi.get(self, "rotation_window")
3415
+
3224
3416
  @property
3225
3417
  @pulumi.getter(name="tlsServerName")
3226
3418
  def tls_server_name(self) -> Optional[str]:
@@ -3256,6 +3448,8 @@ class SecretsMountHana(dict):
3256
3448
  suggest = "allowed_roles"
3257
3449
  elif key == "connectionUrl":
3258
3450
  suggest = "connection_url"
3451
+ elif key == "disableAutomatedRotation":
3452
+ suggest = "disable_automated_rotation"
3259
3453
  elif key == "disableEscaping":
3260
3454
  suggest = "disable_escaping"
3261
3455
  elif key == "maxConnectionLifetime":
@@ -3268,6 +3462,12 @@ class SecretsMountHana(dict):
3268
3462
  suggest = "plugin_name"
3269
3463
  elif key == "rootRotationStatements":
3270
3464
  suggest = "root_rotation_statements"
3465
+ elif key == "rotationPeriod":
3466
+ suggest = "rotation_period"
3467
+ elif key == "rotationSchedule":
3468
+ suggest = "rotation_schedule"
3469
+ elif key == "rotationWindow":
3470
+ suggest = "rotation_window"
3271
3471
  elif key == "verifyConnection":
3272
3472
  suggest = "verify_connection"
3273
3473
 
@@ -3287,6 +3487,7 @@ class SecretsMountHana(dict):
3287
3487
  allowed_roles: Optional[Sequence[str]] = None,
3288
3488
  connection_url: Optional[str] = None,
3289
3489
  data: Optional[Mapping[str, str]] = None,
3490
+ disable_automated_rotation: Optional[bool] = None,
3290
3491
  disable_escaping: Optional[bool] = None,
3291
3492
  max_connection_lifetime: Optional[int] = None,
3292
3493
  max_idle_connections: Optional[int] = None,
@@ -3294,6 +3495,9 @@ class SecretsMountHana(dict):
3294
3495
  password: Optional[str] = None,
3295
3496
  plugin_name: Optional[str] = None,
3296
3497
  root_rotation_statements: Optional[Sequence[str]] = None,
3498
+ rotation_period: Optional[int] = None,
3499
+ rotation_schedule: Optional[str] = None,
3500
+ rotation_window: Optional[int] = None,
3297
3501
  username: Optional[str] = None,
3298
3502
  verify_connection: Optional[bool] = None):
3299
3503
  """
@@ -3302,6 +3506,7 @@ class SecretsMountHana(dict):
3302
3506
  connection.
3303
3507
  :param str connection_url: Connection string to use to connect to the database.
3304
3508
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3509
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3305
3510
 
3306
3511
  Supported list of database secrets engines that can be configured:
3307
3512
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -3311,6 +3516,13 @@ class SecretsMountHana(dict):
3311
3516
  :param str password: The root credential password used in the connection URL
3312
3517
  :param str plugin_name: Specifies the name of the plugin to use.
3313
3518
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
3519
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
3520
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3521
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3522
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3523
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
3524
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3525
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3314
3526
  :param str username: The root credential username used in the connection URL
3315
3527
  :param bool verify_connection: Whether the connection should be verified on
3316
3528
  initial configuration or not.
@@ -3322,6 +3534,8 @@ class SecretsMountHana(dict):
3322
3534
  pulumi.set(__self__, "connection_url", connection_url)
3323
3535
  if data is not None:
3324
3536
  pulumi.set(__self__, "data", data)
3537
+ if disable_automated_rotation is not None:
3538
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3325
3539
  if disable_escaping is not None:
3326
3540
  pulumi.set(__self__, "disable_escaping", disable_escaping)
3327
3541
  if max_connection_lifetime is not None:
@@ -3336,6 +3550,12 @@ class SecretsMountHana(dict):
3336
3550
  pulumi.set(__self__, "plugin_name", plugin_name)
3337
3551
  if root_rotation_statements is not None:
3338
3552
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
3553
+ if rotation_period is not None:
3554
+ pulumi.set(__self__, "rotation_period", rotation_period)
3555
+ if rotation_schedule is not None:
3556
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
3557
+ if rotation_window is not None:
3558
+ pulumi.set(__self__, "rotation_window", rotation_window)
3339
3559
  if username is not None:
3340
3560
  pulumi.set(__self__, "username", username)
3341
3561
  if verify_connection is not None:
@@ -3371,10 +3591,18 @@ class SecretsMountHana(dict):
3371
3591
  def data(self) -> Optional[Mapping[str, str]]:
3372
3592
  """
3373
3593
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3594
+ """
3595
+ return pulumi.get(self, "data")
3596
+
3597
+ @property
3598
+ @pulumi.getter(name="disableAutomatedRotation")
3599
+ def disable_automated_rotation(self) -> Optional[bool]:
3600
+ """
3601
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3374
3602
 
3375
3603
  Supported list of database secrets engines that can be configured:
3376
3604
  """
3377
- return pulumi.get(self, "data")
3605
+ return pulumi.get(self, "disable_automated_rotation")
3378
3606
 
3379
3607
  @property
3380
3608
  @pulumi.getter(name="disableEscaping")
@@ -3432,6 +3660,34 @@ class SecretsMountHana(dict):
3432
3660
  """
3433
3661
  return pulumi.get(self, "root_rotation_statements")
3434
3662
 
3663
+ @property
3664
+ @pulumi.getter(name="rotationPeriod")
3665
+ def rotation_period(self) -> Optional[int]:
3666
+ """
3667
+ The amount of time in seconds Vault should wait before rotating the root credential.
3668
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3669
+ """
3670
+ return pulumi.get(self, "rotation_period")
3671
+
3672
+ @property
3673
+ @pulumi.getter(name="rotationSchedule")
3674
+ def rotation_schedule(self) -> Optional[str]:
3675
+ """
3676
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3677
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3678
+ """
3679
+ return pulumi.get(self, "rotation_schedule")
3680
+
3681
+ @property
3682
+ @pulumi.getter(name="rotationWindow")
3683
+ def rotation_window(self) -> Optional[int]:
3684
+ """
3685
+ The maximum amount of time in seconds allowed to complete
3686
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3687
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3688
+ """
3689
+ return pulumi.get(self, "rotation_window")
3690
+
3435
3691
  @property
3436
3692
  @pulumi.getter
3437
3693
  def username(self) -> Optional[str]:
@@ -3459,6 +3715,8 @@ class SecretsMountInfluxdb(dict):
3459
3715
  suggest = "allowed_roles"
3460
3716
  elif key == "connectTimeout":
3461
3717
  suggest = "connect_timeout"
3718
+ elif key == "disableAutomatedRotation":
3719
+ suggest = "disable_automated_rotation"
3462
3720
  elif key == "insecureTls":
3463
3721
  suggest = "insecure_tls"
3464
3722
  elif key == "pemBundle":
@@ -3469,6 +3727,12 @@ class SecretsMountInfluxdb(dict):
3469
3727
  suggest = "plugin_name"
3470
3728
  elif key == "rootRotationStatements":
3471
3729
  suggest = "root_rotation_statements"
3730
+ elif key == "rotationPeriod":
3731
+ suggest = "rotation_period"
3732
+ elif key == "rotationSchedule":
3733
+ suggest = "rotation_schedule"
3734
+ elif key == "rotationWindow":
3735
+ suggest = "rotation_window"
3472
3736
  elif key == "usernameTemplate":
3473
3737
  suggest = "username_template"
3474
3738
  elif key == "verifyConnection":
@@ -3493,12 +3757,16 @@ class SecretsMountInfluxdb(dict):
3493
3757
  allowed_roles: Optional[Sequence[str]] = None,
3494
3758
  connect_timeout: Optional[int] = None,
3495
3759
  data: Optional[Mapping[str, str]] = None,
3760
+ disable_automated_rotation: Optional[bool] = None,
3496
3761
  insecure_tls: Optional[bool] = None,
3497
3762
  pem_bundle: Optional[str] = None,
3498
3763
  pem_json: Optional[str] = None,
3499
3764
  plugin_name: Optional[str] = None,
3500
3765
  port: Optional[int] = None,
3501
3766
  root_rotation_statements: Optional[Sequence[str]] = None,
3767
+ rotation_period: Optional[int] = None,
3768
+ rotation_schedule: Optional[str] = None,
3769
+ rotation_window: Optional[int] = None,
3502
3770
  tls: Optional[bool] = None,
3503
3771
  username_template: Optional[str] = None,
3504
3772
  verify_connection: Optional[bool] = None):
@@ -3511,6 +3779,7 @@ class SecretsMountInfluxdb(dict):
3511
3779
  connection.
3512
3780
  :param int connect_timeout: The number of seconds to use as a connection timeout.
3513
3781
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3782
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3514
3783
 
3515
3784
  Supported list of database secrets engines that can be configured:
3516
3785
  :param bool insecure_tls: Whether to skip verification of the server certificate when using TLS.
@@ -3519,6 +3788,13 @@ class SecretsMountInfluxdb(dict):
3519
3788
  :param str plugin_name: Specifies the name of the plugin to use.
3520
3789
  :param int port: The transport port to use to connect to Influxdb.
3521
3790
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
3791
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
3792
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3793
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3794
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3795
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
3796
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3797
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3522
3798
  :param bool tls: Whether to use TLS when connecting to Influxdb.
3523
3799
  :param str username_template: Template describing how dynamic usernames are generated.
3524
3800
  :param bool verify_connection: Whether the connection should be verified on
@@ -3534,6 +3810,8 @@ class SecretsMountInfluxdb(dict):
3534
3810
  pulumi.set(__self__, "connect_timeout", connect_timeout)
3535
3811
  if data is not None:
3536
3812
  pulumi.set(__self__, "data", data)
3813
+ if disable_automated_rotation is not None:
3814
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3537
3815
  if insecure_tls is not None:
3538
3816
  pulumi.set(__self__, "insecure_tls", insecure_tls)
3539
3817
  if pem_bundle is not None:
@@ -3546,6 +3824,12 @@ class SecretsMountInfluxdb(dict):
3546
3824
  pulumi.set(__self__, "port", port)
3547
3825
  if root_rotation_statements is not None:
3548
3826
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
3827
+ if rotation_period is not None:
3828
+ pulumi.set(__self__, "rotation_period", rotation_period)
3829
+ if rotation_schedule is not None:
3830
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
3831
+ if rotation_window is not None:
3832
+ pulumi.set(__self__, "rotation_window", rotation_window)
3549
3833
  if tls is not None:
3550
3834
  pulumi.set(__self__, "tls", tls)
3551
3835
  if username_template is not None:
@@ -3607,10 +3891,18 @@ class SecretsMountInfluxdb(dict):
3607
3891
  def data(self) -> Optional[Mapping[str, str]]:
3608
3892
  """
3609
3893
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
3894
+ """
3895
+ return pulumi.get(self, "data")
3896
+
3897
+ @property
3898
+ @pulumi.getter(name="disableAutomatedRotation")
3899
+ def disable_automated_rotation(self) -> Optional[bool]:
3900
+ """
3901
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3610
3902
 
3611
3903
  Supported list of database secrets engines that can be configured:
3612
3904
  """
3613
- return pulumi.get(self, "data")
3905
+ return pulumi.get(self, "disable_automated_rotation")
3614
3906
 
3615
3907
  @property
3616
3908
  @pulumi.getter(name="insecureTls")
@@ -3660,6 +3952,34 @@ class SecretsMountInfluxdb(dict):
3660
3952
  """
3661
3953
  return pulumi.get(self, "root_rotation_statements")
3662
3954
 
3955
+ @property
3956
+ @pulumi.getter(name="rotationPeriod")
3957
+ def rotation_period(self) -> Optional[int]:
3958
+ """
3959
+ The amount of time in seconds Vault should wait before rotating the root credential.
3960
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
3961
+ """
3962
+ return pulumi.get(self, "rotation_period")
3963
+
3964
+ @property
3965
+ @pulumi.getter(name="rotationSchedule")
3966
+ def rotation_schedule(self) -> Optional[str]:
3967
+ """
3968
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
3969
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
3970
+ """
3971
+ return pulumi.get(self, "rotation_schedule")
3972
+
3973
+ @property
3974
+ @pulumi.getter(name="rotationWindow")
3975
+ def rotation_window(self) -> Optional[int]:
3976
+ """
3977
+ The maximum amount of time in seconds allowed to complete
3978
+ a rotation when a scheduled token rotation occurs. The default rotation window is
3979
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3980
+ """
3981
+ return pulumi.get(self, "rotation_window")
3982
+
3663
3983
  @property
3664
3984
  @pulumi.getter
3665
3985
  def tls(self) -> Optional[bool]:
@@ -3695,6 +4015,8 @@ class SecretsMountMongodb(dict):
3695
4015
  suggest = "allowed_roles"
3696
4016
  elif key == "connectionUrl":
3697
4017
  suggest = "connection_url"
4018
+ elif key == "disableAutomatedRotation":
4019
+ suggest = "disable_automated_rotation"
3698
4020
  elif key == "maxConnectionLifetime":
3699
4021
  suggest = "max_connection_lifetime"
3700
4022
  elif key == "maxIdleConnections":
@@ -3705,6 +4027,12 @@ class SecretsMountMongodb(dict):
3705
4027
  suggest = "plugin_name"
3706
4028
  elif key == "rootRotationStatements":
3707
4029
  suggest = "root_rotation_statements"
4030
+ elif key == "rotationPeriod":
4031
+ suggest = "rotation_period"
4032
+ elif key == "rotationSchedule":
4033
+ suggest = "rotation_schedule"
4034
+ elif key == "rotationWindow":
4035
+ suggest = "rotation_window"
3708
4036
  elif key == "usernameTemplate":
3709
4037
  suggest = "username_template"
3710
4038
  elif key == "verifyConnection":
@@ -3726,12 +4054,16 @@ class SecretsMountMongodb(dict):
3726
4054
  allowed_roles: Optional[Sequence[str]] = None,
3727
4055
  connection_url: Optional[str] = None,
3728
4056
  data: Optional[Mapping[str, str]] = None,
4057
+ disable_automated_rotation: Optional[bool] = None,
3729
4058
  max_connection_lifetime: Optional[int] = None,
3730
4059
  max_idle_connections: Optional[int] = None,
3731
4060
  max_open_connections: Optional[int] = None,
3732
4061
  password: Optional[str] = None,
3733
4062
  plugin_name: Optional[str] = None,
3734
4063
  root_rotation_statements: Optional[Sequence[str]] = None,
4064
+ rotation_period: Optional[int] = None,
4065
+ rotation_schedule: Optional[str] = None,
4066
+ rotation_window: Optional[int] = None,
3735
4067
  username: Optional[str] = None,
3736
4068
  username_template: Optional[str] = None,
3737
4069
  verify_connection: Optional[bool] = None):
@@ -3741,6 +4073,7 @@ class SecretsMountMongodb(dict):
3741
4073
  connection.
3742
4074
  :param str connection_url: Connection string to use to connect to the database.
3743
4075
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4076
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3744
4077
 
3745
4078
  Supported list of database secrets engines that can be configured:
3746
4079
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -3749,6 +4082,13 @@ class SecretsMountMongodb(dict):
3749
4082
  :param str password: The root credential password used in the connection URL
3750
4083
  :param str plugin_name: Specifies the name of the plugin to use.
3751
4084
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4085
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4086
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4087
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4088
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4089
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4090
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4091
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3752
4092
  :param str username: The root credential username used in the connection URL
3753
4093
  :param str username_template: Username generation template.
3754
4094
  :param bool verify_connection: Whether the connection should be verified on
@@ -3761,6 +4101,8 @@ class SecretsMountMongodb(dict):
3761
4101
  pulumi.set(__self__, "connection_url", connection_url)
3762
4102
  if data is not None:
3763
4103
  pulumi.set(__self__, "data", data)
4104
+ if disable_automated_rotation is not None:
4105
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3764
4106
  if max_connection_lifetime is not None:
3765
4107
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
3766
4108
  if max_idle_connections is not None:
@@ -3773,6 +4115,12 @@ class SecretsMountMongodb(dict):
3773
4115
  pulumi.set(__self__, "plugin_name", plugin_name)
3774
4116
  if root_rotation_statements is not None:
3775
4117
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4118
+ if rotation_period is not None:
4119
+ pulumi.set(__self__, "rotation_period", rotation_period)
4120
+ if rotation_schedule is not None:
4121
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4122
+ if rotation_window is not None:
4123
+ pulumi.set(__self__, "rotation_window", rotation_window)
3776
4124
  if username is not None:
3777
4125
  pulumi.set(__self__, "username", username)
3778
4126
  if username_template is not None:
@@ -3810,10 +4158,18 @@ class SecretsMountMongodb(dict):
3810
4158
  def data(self) -> Optional[Mapping[str, str]]:
3811
4159
  """
3812
4160
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4161
+ """
4162
+ return pulumi.get(self, "data")
4163
+
4164
+ @property
4165
+ @pulumi.getter(name="disableAutomatedRotation")
4166
+ def disable_automated_rotation(self) -> Optional[bool]:
4167
+ """
4168
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3813
4169
 
3814
4170
  Supported list of database secrets engines that can be configured:
3815
4171
  """
3816
- return pulumi.get(self, "data")
4172
+ return pulumi.get(self, "disable_automated_rotation")
3817
4173
 
3818
4174
  @property
3819
4175
  @pulumi.getter(name="maxConnectionLifetime")
@@ -3863,6 +4219,34 @@ class SecretsMountMongodb(dict):
3863
4219
  """
3864
4220
  return pulumi.get(self, "root_rotation_statements")
3865
4221
 
4222
+ @property
4223
+ @pulumi.getter(name="rotationPeriod")
4224
+ def rotation_period(self) -> Optional[int]:
4225
+ """
4226
+ The amount of time in seconds Vault should wait before rotating the root credential.
4227
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4228
+ """
4229
+ return pulumi.get(self, "rotation_period")
4230
+
4231
+ @property
4232
+ @pulumi.getter(name="rotationSchedule")
4233
+ def rotation_schedule(self) -> Optional[str]:
4234
+ """
4235
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4236
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4237
+ """
4238
+ return pulumi.get(self, "rotation_schedule")
4239
+
4240
+ @property
4241
+ @pulumi.getter(name="rotationWindow")
4242
+ def rotation_window(self) -> Optional[int]:
4243
+ """
4244
+ The maximum amount of time in seconds allowed to complete
4245
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4246
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4247
+ """
4248
+ return pulumi.get(self, "rotation_window")
4249
+
3866
4250
  @property
3867
4251
  @pulumi.getter
3868
4252
  def username(self) -> Optional[str]:
@@ -3902,10 +4286,18 @@ class SecretsMountMongodbatla(dict):
3902
4286
  suggest = "public_key"
3903
4287
  elif key == "allowedRoles":
3904
4288
  suggest = "allowed_roles"
4289
+ elif key == "disableAutomatedRotation":
4290
+ suggest = "disable_automated_rotation"
3905
4291
  elif key == "pluginName":
3906
4292
  suggest = "plugin_name"
3907
4293
  elif key == "rootRotationStatements":
3908
4294
  suggest = "root_rotation_statements"
4295
+ elif key == "rotationPeriod":
4296
+ suggest = "rotation_period"
4297
+ elif key == "rotationSchedule":
4298
+ suggest = "rotation_schedule"
4299
+ elif key == "rotationWindow":
4300
+ suggest = "rotation_window"
3909
4301
  elif key == "verifyConnection":
3910
4302
  suggest = "verify_connection"
3911
4303
 
@@ -3927,8 +4319,12 @@ class SecretsMountMongodbatla(dict):
3927
4319
  public_key: str,
3928
4320
  allowed_roles: Optional[Sequence[str]] = None,
3929
4321
  data: Optional[Mapping[str, str]] = None,
4322
+ disable_automated_rotation: Optional[bool] = None,
3930
4323
  plugin_name: Optional[str] = None,
3931
4324
  root_rotation_statements: Optional[Sequence[str]] = None,
4325
+ rotation_period: Optional[int] = None,
4326
+ rotation_schedule: Optional[str] = None,
4327
+ rotation_window: Optional[int] = None,
3932
4328
  verify_connection: Optional[bool] = None):
3933
4329
  """
3934
4330
  :param str name: Name of the database connection.
@@ -3938,10 +4334,18 @@ class SecretsMountMongodbatla(dict):
3938
4334
  :param Sequence[str] allowed_roles: A list of roles that are allowed to use this
3939
4335
  connection.
3940
4336
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4337
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
3941
4338
 
3942
4339
  Supported list of database secrets engines that can be configured:
3943
4340
  :param str plugin_name: Specifies the name of the plugin to use.
3944
4341
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4342
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4343
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4344
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4345
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4346
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4347
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4348
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
3945
4349
  :param bool verify_connection: Whether the connection should be verified on
3946
4350
  initial configuration or not.
3947
4351
  """
@@ -3953,10 +4357,18 @@ class SecretsMountMongodbatla(dict):
3953
4357
  pulumi.set(__self__, "allowed_roles", allowed_roles)
3954
4358
  if data is not None:
3955
4359
  pulumi.set(__self__, "data", data)
4360
+ if disable_automated_rotation is not None:
4361
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
3956
4362
  if plugin_name is not None:
3957
4363
  pulumi.set(__self__, "plugin_name", plugin_name)
3958
4364
  if root_rotation_statements is not None:
3959
4365
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4366
+ if rotation_period is not None:
4367
+ pulumi.set(__self__, "rotation_period", rotation_period)
4368
+ if rotation_schedule is not None:
4369
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4370
+ if rotation_window is not None:
4371
+ pulumi.set(__self__, "rotation_window", rotation_window)
3960
4372
  if verify_connection is not None:
3961
4373
  pulumi.set(__self__, "verify_connection", verify_connection)
3962
4374
 
@@ -4006,10 +4418,18 @@ class SecretsMountMongodbatla(dict):
4006
4418
  def data(self) -> Optional[Mapping[str, str]]:
4007
4419
  """
4008
4420
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4421
+ """
4422
+ return pulumi.get(self, "data")
4423
+
4424
+ @property
4425
+ @pulumi.getter(name="disableAutomatedRotation")
4426
+ def disable_automated_rotation(self) -> Optional[bool]:
4427
+ """
4428
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4009
4429
 
4010
4430
  Supported list of database secrets engines that can be configured:
4011
4431
  """
4012
- return pulumi.get(self, "data")
4432
+ return pulumi.get(self, "disable_automated_rotation")
4013
4433
 
4014
4434
  @property
4015
4435
  @pulumi.getter(name="pluginName")
@@ -4027,6 +4447,34 @@ class SecretsMountMongodbatla(dict):
4027
4447
  """
4028
4448
  return pulumi.get(self, "root_rotation_statements")
4029
4449
 
4450
+ @property
4451
+ @pulumi.getter(name="rotationPeriod")
4452
+ def rotation_period(self) -> Optional[int]:
4453
+ """
4454
+ The amount of time in seconds Vault should wait before rotating the root credential.
4455
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4456
+ """
4457
+ return pulumi.get(self, "rotation_period")
4458
+
4459
+ @property
4460
+ @pulumi.getter(name="rotationSchedule")
4461
+ def rotation_schedule(self) -> Optional[str]:
4462
+ """
4463
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4464
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4465
+ """
4466
+ return pulumi.get(self, "rotation_schedule")
4467
+
4468
+ @property
4469
+ @pulumi.getter(name="rotationWindow")
4470
+ def rotation_window(self) -> Optional[int]:
4471
+ """
4472
+ The maximum amount of time in seconds allowed to complete
4473
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4474
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4475
+ """
4476
+ return pulumi.get(self, "rotation_window")
4477
+
4030
4478
  @property
4031
4479
  @pulumi.getter(name="verifyConnection")
4032
4480
  def verify_connection(self) -> Optional[bool]:
@@ -4048,6 +4496,8 @@ class SecretsMountMssql(dict):
4048
4496
  suggest = "connection_url"
4049
4497
  elif key == "containedDb":
4050
4498
  suggest = "contained_db"
4499
+ elif key == "disableAutomatedRotation":
4500
+ suggest = "disable_automated_rotation"
4051
4501
  elif key == "disableEscaping":
4052
4502
  suggest = "disable_escaping"
4053
4503
  elif key == "maxConnectionLifetime":
@@ -4060,6 +4510,12 @@ class SecretsMountMssql(dict):
4060
4510
  suggest = "plugin_name"
4061
4511
  elif key == "rootRotationStatements":
4062
4512
  suggest = "root_rotation_statements"
4513
+ elif key == "rotationPeriod":
4514
+ suggest = "rotation_period"
4515
+ elif key == "rotationSchedule":
4516
+ suggest = "rotation_schedule"
4517
+ elif key == "rotationWindow":
4518
+ suggest = "rotation_window"
4063
4519
  elif key == "usernameTemplate":
4064
4520
  suggest = "username_template"
4065
4521
  elif key == "verifyConnection":
@@ -4082,6 +4538,7 @@ class SecretsMountMssql(dict):
4082
4538
  connection_url: Optional[str] = None,
4083
4539
  contained_db: Optional[bool] = None,
4084
4540
  data: Optional[Mapping[str, str]] = None,
4541
+ disable_automated_rotation: Optional[bool] = None,
4085
4542
  disable_escaping: Optional[bool] = None,
4086
4543
  max_connection_lifetime: Optional[int] = None,
4087
4544
  max_idle_connections: Optional[int] = None,
@@ -4089,6 +4546,9 @@ class SecretsMountMssql(dict):
4089
4546
  password: Optional[str] = None,
4090
4547
  plugin_name: Optional[str] = None,
4091
4548
  root_rotation_statements: Optional[Sequence[str]] = None,
4549
+ rotation_period: Optional[int] = None,
4550
+ rotation_schedule: Optional[str] = None,
4551
+ rotation_window: Optional[int] = None,
4092
4552
  username: Optional[str] = None,
4093
4553
  username_template: Optional[str] = None,
4094
4554
  verify_connection: Optional[bool] = None):
@@ -4099,6 +4559,7 @@ class SecretsMountMssql(dict):
4099
4559
  :param str connection_url: Connection string to use to connect to the database.
4100
4560
  :param bool contained_db: Set to true when the target is a Contained Database, e.g. AzureSQL.
4101
4561
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4562
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4102
4563
 
4103
4564
  Supported list of database secrets engines that can be configured:
4104
4565
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -4108,6 +4569,13 @@ class SecretsMountMssql(dict):
4108
4569
  :param str password: The root credential password used in the connection URL
4109
4570
  :param str plugin_name: Specifies the name of the plugin to use.
4110
4571
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4572
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4573
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4574
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4575
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4576
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4577
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4578
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4111
4579
  :param str username: The root credential username used in the connection URL
4112
4580
  :param str username_template: Username generation template.
4113
4581
  :param bool verify_connection: Whether the connection should be verified on
@@ -4122,6 +4590,8 @@ class SecretsMountMssql(dict):
4122
4590
  pulumi.set(__self__, "contained_db", contained_db)
4123
4591
  if data is not None:
4124
4592
  pulumi.set(__self__, "data", data)
4593
+ if disable_automated_rotation is not None:
4594
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4125
4595
  if disable_escaping is not None:
4126
4596
  pulumi.set(__self__, "disable_escaping", disable_escaping)
4127
4597
  if max_connection_lifetime is not None:
@@ -4136,6 +4606,12 @@ class SecretsMountMssql(dict):
4136
4606
  pulumi.set(__self__, "plugin_name", plugin_name)
4137
4607
  if root_rotation_statements is not None:
4138
4608
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4609
+ if rotation_period is not None:
4610
+ pulumi.set(__self__, "rotation_period", rotation_period)
4611
+ if rotation_schedule is not None:
4612
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4613
+ if rotation_window is not None:
4614
+ pulumi.set(__self__, "rotation_window", rotation_window)
4139
4615
  if username is not None:
4140
4616
  pulumi.set(__self__, "username", username)
4141
4617
  if username_template is not None:
@@ -4181,10 +4657,18 @@ class SecretsMountMssql(dict):
4181
4657
  def data(self) -> Optional[Mapping[str, str]]:
4182
4658
  """
4183
4659
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4660
+ """
4661
+ return pulumi.get(self, "data")
4662
+
4663
+ @property
4664
+ @pulumi.getter(name="disableAutomatedRotation")
4665
+ def disable_automated_rotation(self) -> Optional[bool]:
4666
+ """
4667
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4184
4668
 
4185
4669
  Supported list of database secrets engines that can be configured:
4186
4670
  """
4187
- return pulumi.get(self, "data")
4671
+ return pulumi.get(self, "disable_automated_rotation")
4188
4672
 
4189
4673
  @property
4190
4674
  @pulumi.getter(name="disableEscaping")
@@ -4242,6 +4726,34 @@ class SecretsMountMssql(dict):
4242
4726
  """
4243
4727
  return pulumi.get(self, "root_rotation_statements")
4244
4728
 
4729
+ @property
4730
+ @pulumi.getter(name="rotationPeriod")
4731
+ def rotation_period(self) -> Optional[int]:
4732
+ """
4733
+ The amount of time in seconds Vault should wait before rotating the root credential.
4734
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4735
+ """
4736
+ return pulumi.get(self, "rotation_period")
4737
+
4738
+ @property
4739
+ @pulumi.getter(name="rotationSchedule")
4740
+ def rotation_schedule(self) -> Optional[str]:
4741
+ """
4742
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4743
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4744
+ """
4745
+ return pulumi.get(self, "rotation_schedule")
4746
+
4747
+ @property
4748
+ @pulumi.getter(name="rotationWindow")
4749
+ def rotation_window(self) -> Optional[int]:
4750
+ """
4751
+ The maximum amount of time in seconds allowed to complete
4752
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4753
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4754
+ """
4755
+ return pulumi.get(self, "rotation_window")
4756
+
4245
4757
  @property
4246
4758
  @pulumi.getter
4247
4759
  def username(self) -> Optional[str]:
@@ -4279,6 +4791,8 @@ class SecretsMountMysql(dict):
4279
4791
  suggest = "auth_type"
4280
4792
  elif key == "connectionUrl":
4281
4793
  suggest = "connection_url"
4794
+ elif key == "disableAutomatedRotation":
4795
+ suggest = "disable_automated_rotation"
4282
4796
  elif key == "maxConnectionLifetime":
4283
4797
  suggest = "max_connection_lifetime"
4284
4798
  elif key == "maxIdleConnections":
@@ -4289,6 +4803,12 @@ class SecretsMountMysql(dict):
4289
4803
  suggest = "plugin_name"
4290
4804
  elif key == "rootRotationStatements":
4291
4805
  suggest = "root_rotation_statements"
4806
+ elif key == "rotationPeriod":
4807
+ suggest = "rotation_period"
4808
+ elif key == "rotationSchedule":
4809
+ suggest = "rotation_schedule"
4810
+ elif key == "rotationWindow":
4811
+ suggest = "rotation_window"
4292
4812
  elif key == "serviceAccountJson":
4293
4813
  suggest = "service_account_json"
4294
4814
  elif key == "tlsCa":
@@ -4317,12 +4837,16 @@ class SecretsMountMysql(dict):
4317
4837
  auth_type: Optional[str] = None,
4318
4838
  connection_url: Optional[str] = None,
4319
4839
  data: Optional[Mapping[str, str]] = None,
4840
+ disable_automated_rotation: Optional[bool] = None,
4320
4841
  max_connection_lifetime: Optional[int] = None,
4321
4842
  max_idle_connections: Optional[int] = None,
4322
4843
  max_open_connections: Optional[int] = None,
4323
4844
  password: Optional[str] = None,
4324
4845
  plugin_name: Optional[str] = None,
4325
4846
  root_rotation_statements: Optional[Sequence[str]] = None,
4847
+ rotation_period: Optional[int] = None,
4848
+ rotation_schedule: Optional[str] = None,
4849
+ rotation_window: Optional[int] = None,
4326
4850
  service_account_json: Optional[str] = None,
4327
4851
  tls_ca: Optional[str] = None,
4328
4852
  tls_certificate_key: Optional[str] = None,
@@ -4336,6 +4860,7 @@ class SecretsMountMysql(dict):
4336
4860
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
4337
4861
  :param str connection_url: Connection string to use to connect to the database.
4338
4862
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4863
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4339
4864
 
4340
4865
  Supported list of database secrets engines that can be configured:
4341
4866
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -4344,6 +4869,13 @@ class SecretsMountMysql(dict):
4344
4869
  :param str password: The root credential password used in the connection URL
4345
4870
  :param str plugin_name: Specifies the name of the plugin to use.
4346
4871
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
4872
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
4873
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
4874
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
4875
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
4876
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
4877
+ a rotation when a scheduled token rotation occurs. The default rotation window is
4878
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4347
4879
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
4348
4880
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
4349
4881
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -4361,6 +4893,8 @@ class SecretsMountMysql(dict):
4361
4893
  pulumi.set(__self__, "connection_url", connection_url)
4362
4894
  if data is not None:
4363
4895
  pulumi.set(__self__, "data", data)
4896
+ if disable_automated_rotation is not None:
4897
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4364
4898
  if max_connection_lifetime is not None:
4365
4899
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
4366
4900
  if max_idle_connections is not None:
@@ -4373,6 +4907,12 @@ class SecretsMountMysql(dict):
4373
4907
  pulumi.set(__self__, "plugin_name", plugin_name)
4374
4908
  if root_rotation_statements is not None:
4375
4909
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
4910
+ if rotation_period is not None:
4911
+ pulumi.set(__self__, "rotation_period", rotation_period)
4912
+ if rotation_schedule is not None:
4913
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
4914
+ if rotation_window is not None:
4915
+ pulumi.set(__self__, "rotation_window", rotation_window)
4376
4916
  if service_account_json is not None:
4377
4917
  pulumi.set(__self__, "service_account_json", service_account_json)
4378
4918
  if tls_ca is not None:
@@ -4424,10 +4964,18 @@ class SecretsMountMysql(dict):
4424
4964
  def data(self) -> Optional[Mapping[str, str]]:
4425
4965
  """
4426
4966
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
4967
+ """
4968
+ return pulumi.get(self, "data")
4969
+
4970
+ @property
4971
+ @pulumi.getter(name="disableAutomatedRotation")
4972
+ def disable_automated_rotation(self) -> Optional[bool]:
4973
+ """
4974
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4427
4975
 
4428
4976
  Supported list of database secrets engines that can be configured:
4429
4977
  """
4430
- return pulumi.get(self, "data")
4978
+ return pulumi.get(self, "disable_automated_rotation")
4431
4979
 
4432
4980
  @property
4433
4981
  @pulumi.getter(name="maxConnectionLifetime")
@@ -4477,6 +5025,34 @@ class SecretsMountMysql(dict):
4477
5025
  """
4478
5026
  return pulumi.get(self, "root_rotation_statements")
4479
5027
 
5028
+ @property
5029
+ @pulumi.getter(name="rotationPeriod")
5030
+ def rotation_period(self) -> Optional[int]:
5031
+ """
5032
+ The amount of time in seconds Vault should wait before rotating the root credential.
5033
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5034
+ """
5035
+ return pulumi.get(self, "rotation_period")
5036
+
5037
+ @property
5038
+ @pulumi.getter(name="rotationSchedule")
5039
+ def rotation_schedule(self) -> Optional[str]:
5040
+ """
5041
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5042
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5043
+ """
5044
+ return pulumi.get(self, "rotation_schedule")
5045
+
5046
+ @property
5047
+ @pulumi.getter(name="rotationWindow")
5048
+ def rotation_window(self) -> Optional[int]:
5049
+ """
5050
+ The maximum amount of time in seconds allowed to complete
5051
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5052
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5053
+ """
5054
+ return pulumi.get(self, "rotation_window")
5055
+
4480
5056
  @property
4481
5057
  @pulumi.getter(name="serviceAccountJson")
4482
5058
  def service_account_json(self) -> Optional[str]:
@@ -4538,6 +5114,8 @@ class SecretsMountMysqlAurora(dict):
4538
5114
  suggest = "auth_type"
4539
5115
  elif key == "connectionUrl":
4540
5116
  suggest = "connection_url"
5117
+ elif key == "disableAutomatedRotation":
5118
+ suggest = "disable_automated_rotation"
4541
5119
  elif key == "maxConnectionLifetime":
4542
5120
  suggest = "max_connection_lifetime"
4543
5121
  elif key == "maxIdleConnections":
@@ -4548,6 +5126,12 @@ class SecretsMountMysqlAurora(dict):
4548
5126
  suggest = "plugin_name"
4549
5127
  elif key == "rootRotationStatements":
4550
5128
  suggest = "root_rotation_statements"
5129
+ elif key == "rotationPeriod":
5130
+ suggest = "rotation_period"
5131
+ elif key == "rotationSchedule":
5132
+ suggest = "rotation_schedule"
5133
+ elif key == "rotationWindow":
5134
+ suggest = "rotation_window"
4551
5135
  elif key == "serviceAccountJson":
4552
5136
  suggest = "service_account_json"
4553
5137
  elif key == "tlsCa":
@@ -4576,12 +5160,16 @@ class SecretsMountMysqlAurora(dict):
4576
5160
  auth_type: Optional[str] = None,
4577
5161
  connection_url: Optional[str] = None,
4578
5162
  data: Optional[Mapping[str, str]] = None,
5163
+ disable_automated_rotation: Optional[bool] = None,
4579
5164
  max_connection_lifetime: Optional[int] = None,
4580
5165
  max_idle_connections: Optional[int] = None,
4581
5166
  max_open_connections: Optional[int] = None,
4582
5167
  password: Optional[str] = None,
4583
5168
  plugin_name: Optional[str] = None,
4584
5169
  root_rotation_statements: Optional[Sequence[str]] = None,
5170
+ rotation_period: Optional[int] = None,
5171
+ rotation_schedule: Optional[str] = None,
5172
+ rotation_window: Optional[int] = None,
4585
5173
  service_account_json: Optional[str] = None,
4586
5174
  tls_ca: Optional[str] = None,
4587
5175
  tls_certificate_key: Optional[str] = None,
@@ -4595,6 +5183,7 @@ class SecretsMountMysqlAurora(dict):
4595
5183
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
4596
5184
  :param str connection_url: Connection string to use to connect to the database.
4597
5185
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5186
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4598
5187
 
4599
5188
  Supported list of database secrets engines that can be configured:
4600
5189
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -4603,6 +5192,13 @@ class SecretsMountMysqlAurora(dict):
4603
5192
  :param str password: The root credential password used in the connection URL
4604
5193
  :param str plugin_name: Specifies the name of the plugin to use.
4605
5194
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
5195
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
5196
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5197
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5198
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5199
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
5200
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5201
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4606
5202
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
4607
5203
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
4608
5204
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -4620,6 +5216,8 @@ class SecretsMountMysqlAurora(dict):
4620
5216
  pulumi.set(__self__, "connection_url", connection_url)
4621
5217
  if data is not None:
4622
5218
  pulumi.set(__self__, "data", data)
5219
+ if disable_automated_rotation is not None:
5220
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4623
5221
  if max_connection_lifetime is not None:
4624
5222
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
4625
5223
  if max_idle_connections is not None:
@@ -4632,6 +5230,12 @@ class SecretsMountMysqlAurora(dict):
4632
5230
  pulumi.set(__self__, "plugin_name", plugin_name)
4633
5231
  if root_rotation_statements is not None:
4634
5232
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
5233
+ if rotation_period is not None:
5234
+ pulumi.set(__self__, "rotation_period", rotation_period)
5235
+ if rotation_schedule is not None:
5236
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
5237
+ if rotation_window is not None:
5238
+ pulumi.set(__self__, "rotation_window", rotation_window)
4635
5239
  if service_account_json is not None:
4636
5240
  pulumi.set(__self__, "service_account_json", service_account_json)
4637
5241
  if tls_ca is not None:
@@ -4683,10 +5287,18 @@ class SecretsMountMysqlAurora(dict):
4683
5287
  def data(self) -> Optional[Mapping[str, str]]:
4684
5288
  """
4685
5289
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5290
+ """
5291
+ return pulumi.get(self, "data")
5292
+
5293
+ @property
5294
+ @pulumi.getter(name="disableAutomatedRotation")
5295
+ def disable_automated_rotation(self) -> Optional[bool]:
5296
+ """
5297
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4686
5298
 
4687
5299
  Supported list of database secrets engines that can be configured:
4688
5300
  """
4689
- return pulumi.get(self, "data")
5301
+ return pulumi.get(self, "disable_automated_rotation")
4690
5302
 
4691
5303
  @property
4692
5304
  @pulumi.getter(name="maxConnectionLifetime")
@@ -4736,6 +5348,34 @@ class SecretsMountMysqlAurora(dict):
4736
5348
  """
4737
5349
  return pulumi.get(self, "root_rotation_statements")
4738
5350
 
5351
+ @property
5352
+ @pulumi.getter(name="rotationPeriod")
5353
+ def rotation_period(self) -> Optional[int]:
5354
+ """
5355
+ The amount of time in seconds Vault should wait before rotating the root credential.
5356
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5357
+ """
5358
+ return pulumi.get(self, "rotation_period")
5359
+
5360
+ @property
5361
+ @pulumi.getter(name="rotationSchedule")
5362
+ def rotation_schedule(self) -> Optional[str]:
5363
+ """
5364
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5365
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5366
+ """
5367
+ return pulumi.get(self, "rotation_schedule")
5368
+
5369
+ @property
5370
+ @pulumi.getter(name="rotationWindow")
5371
+ def rotation_window(self) -> Optional[int]:
5372
+ """
5373
+ The maximum amount of time in seconds allowed to complete
5374
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5375
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5376
+ """
5377
+ return pulumi.get(self, "rotation_window")
5378
+
4739
5379
  @property
4740
5380
  @pulumi.getter(name="serviceAccountJson")
4741
5381
  def service_account_json(self) -> Optional[str]:
@@ -4797,6 +5437,8 @@ class SecretsMountMysqlLegacy(dict):
4797
5437
  suggest = "auth_type"
4798
5438
  elif key == "connectionUrl":
4799
5439
  suggest = "connection_url"
5440
+ elif key == "disableAutomatedRotation":
5441
+ suggest = "disable_automated_rotation"
4800
5442
  elif key == "maxConnectionLifetime":
4801
5443
  suggest = "max_connection_lifetime"
4802
5444
  elif key == "maxIdleConnections":
@@ -4807,6 +5449,12 @@ class SecretsMountMysqlLegacy(dict):
4807
5449
  suggest = "plugin_name"
4808
5450
  elif key == "rootRotationStatements":
4809
5451
  suggest = "root_rotation_statements"
5452
+ elif key == "rotationPeriod":
5453
+ suggest = "rotation_period"
5454
+ elif key == "rotationSchedule":
5455
+ suggest = "rotation_schedule"
5456
+ elif key == "rotationWindow":
5457
+ suggest = "rotation_window"
4810
5458
  elif key == "serviceAccountJson":
4811
5459
  suggest = "service_account_json"
4812
5460
  elif key == "tlsCa":
@@ -4835,12 +5483,16 @@ class SecretsMountMysqlLegacy(dict):
4835
5483
  auth_type: Optional[str] = None,
4836
5484
  connection_url: Optional[str] = None,
4837
5485
  data: Optional[Mapping[str, str]] = None,
5486
+ disable_automated_rotation: Optional[bool] = None,
4838
5487
  max_connection_lifetime: Optional[int] = None,
4839
5488
  max_idle_connections: Optional[int] = None,
4840
5489
  max_open_connections: Optional[int] = None,
4841
5490
  password: Optional[str] = None,
4842
5491
  plugin_name: Optional[str] = None,
4843
5492
  root_rotation_statements: Optional[Sequence[str]] = None,
5493
+ rotation_period: Optional[int] = None,
5494
+ rotation_schedule: Optional[str] = None,
5495
+ rotation_window: Optional[int] = None,
4844
5496
  service_account_json: Optional[str] = None,
4845
5497
  tls_ca: Optional[str] = None,
4846
5498
  tls_certificate_key: Optional[str] = None,
@@ -4854,6 +5506,7 @@ class SecretsMountMysqlLegacy(dict):
4854
5506
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
4855
5507
  :param str connection_url: Connection string to use to connect to the database.
4856
5508
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5509
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4857
5510
 
4858
5511
  Supported list of database secrets engines that can be configured:
4859
5512
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -4862,6 +5515,13 @@ class SecretsMountMysqlLegacy(dict):
4862
5515
  :param str password: The root credential password used in the connection URL
4863
5516
  :param str plugin_name: Specifies the name of the plugin to use.
4864
5517
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
5518
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
5519
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5520
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5521
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5522
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
5523
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5524
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
4865
5525
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
4866
5526
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
4867
5527
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -4879,6 +5539,8 @@ class SecretsMountMysqlLegacy(dict):
4879
5539
  pulumi.set(__self__, "connection_url", connection_url)
4880
5540
  if data is not None:
4881
5541
  pulumi.set(__self__, "data", data)
5542
+ if disable_automated_rotation is not None:
5543
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
4882
5544
  if max_connection_lifetime is not None:
4883
5545
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
4884
5546
  if max_idle_connections is not None:
@@ -4891,6 +5553,12 @@ class SecretsMountMysqlLegacy(dict):
4891
5553
  pulumi.set(__self__, "plugin_name", plugin_name)
4892
5554
  if root_rotation_statements is not None:
4893
5555
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
5556
+ if rotation_period is not None:
5557
+ pulumi.set(__self__, "rotation_period", rotation_period)
5558
+ if rotation_schedule is not None:
5559
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
5560
+ if rotation_window is not None:
5561
+ pulumi.set(__self__, "rotation_window", rotation_window)
4894
5562
  if service_account_json is not None:
4895
5563
  pulumi.set(__self__, "service_account_json", service_account_json)
4896
5564
  if tls_ca is not None:
@@ -4942,10 +5610,18 @@ class SecretsMountMysqlLegacy(dict):
4942
5610
  def data(self) -> Optional[Mapping[str, str]]:
4943
5611
  """
4944
5612
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5613
+ """
5614
+ return pulumi.get(self, "data")
5615
+
5616
+ @property
5617
+ @pulumi.getter(name="disableAutomatedRotation")
5618
+ def disable_automated_rotation(self) -> Optional[bool]:
5619
+ """
5620
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
4945
5621
 
4946
5622
  Supported list of database secrets engines that can be configured:
4947
5623
  """
4948
- return pulumi.get(self, "data")
5624
+ return pulumi.get(self, "disable_automated_rotation")
4949
5625
 
4950
5626
  @property
4951
5627
  @pulumi.getter(name="maxConnectionLifetime")
@@ -4995,6 +5671,34 @@ class SecretsMountMysqlLegacy(dict):
4995
5671
  """
4996
5672
  return pulumi.get(self, "root_rotation_statements")
4997
5673
 
5674
+ @property
5675
+ @pulumi.getter(name="rotationPeriod")
5676
+ def rotation_period(self) -> Optional[int]:
5677
+ """
5678
+ The amount of time in seconds Vault should wait before rotating the root credential.
5679
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5680
+ """
5681
+ return pulumi.get(self, "rotation_period")
5682
+
5683
+ @property
5684
+ @pulumi.getter(name="rotationSchedule")
5685
+ def rotation_schedule(self) -> Optional[str]:
5686
+ """
5687
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5688
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5689
+ """
5690
+ return pulumi.get(self, "rotation_schedule")
5691
+
5692
+ @property
5693
+ @pulumi.getter(name="rotationWindow")
5694
+ def rotation_window(self) -> Optional[int]:
5695
+ """
5696
+ The maximum amount of time in seconds allowed to complete
5697
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5698
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5699
+ """
5700
+ return pulumi.get(self, "rotation_window")
5701
+
4998
5702
  @property
4999
5703
  @pulumi.getter(name="serviceAccountJson")
5000
5704
  def service_account_json(self) -> Optional[str]:
@@ -5056,6 +5760,8 @@ class SecretsMountMysqlRd(dict):
5056
5760
  suggest = "auth_type"
5057
5761
  elif key == "connectionUrl":
5058
5762
  suggest = "connection_url"
5763
+ elif key == "disableAutomatedRotation":
5764
+ suggest = "disable_automated_rotation"
5059
5765
  elif key == "maxConnectionLifetime":
5060
5766
  suggest = "max_connection_lifetime"
5061
5767
  elif key == "maxIdleConnections":
@@ -5066,6 +5772,12 @@ class SecretsMountMysqlRd(dict):
5066
5772
  suggest = "plugin_name"
5067
5773
  elif key == "rootRotationStatements":
5068
5774
  suggest = "root_rotation_statements"
5775
+ elif key == "rotationPeriod":
5776
+ suggest = "rotation_period"
5777
+ elif key == "rotationSchedule":
5778
+ suggest = "rotation_schedule"
5779
+ elif key == "rotationWindow":
5780
+ suggest = "rotation_window"
5069
5781
  elif key == "serviceAccountJson":
5070
5782
  suggest = "service_account_json"
5071
5783
  elif key == "tlsCa":
@@ -5094,12 +5806,16 @@ class SecretsMountMysqlRd(dict):
5094
5806
  auth_type: Optional[str] = None,
5095
5807
  connection_url: Optional[str] = None,
5096
5808
  data: Optional[Mapping[str, str]] = None,
5809
+ disable_automated_rotation: Optional[bool] = None,
5097
5810
  max_connection_lifetime: Optional[int] = None,
5098
5811
  max_idle_connections: Optional[int] = None,
5099
5812
  max_open_connections: Optional[int] = None,
5100
5813
  password: Optional[str] = None,
5101
5814
  plugin_name: Optional[str] = None,
5102
5815
  root_rotation_statements: Optional[Sequence[str]] = None,
5816
+ rotation_period: Optional[int] = None,
5817
+ rotation_schedule: Optional[str] = None,
5818
+ rotation_window: Optional[int] = None,
5103
5819
  service_account_json: Optional[str] = None,
5104
5820
  tls_ca: Optional[str] = None,
5105
5821
  tls_certificate_key: Optional[str] = None,
@@ -5113,6 +5829,7 @@ class SecretsMountMysqlRd(dict):
5113
5829
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
5114
5830
  :param str connection_url: Connection string to use to connect to the database.
5115
5831
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5832
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5116
5833
 
5117
5834
  Supported list of database secrets engines that can be configured:
5118
5835
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -5121,6 +5838,13 @@ class SecretsMountMysqlRd(dict):
5121
5838
  :param str password: The root credential password used in the connection URL
5122
5839
  :param str plugin_name: Specifies the name of the plugin to use.
5123
5840
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
5841
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
5842
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
5843
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
5844
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
5845
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
5846
+ a rotation when a scheduled token rotation occurs. The default rotation window is
5847
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5124
5848
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
5125
5849
  :param str tls_ca: x509 CA file for validating the certificate presented by the MySQL server. Must be PEM encoded.
5126
5850
  :param str tls_certificate_key: x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.
@@ -5138,6 +5862,8 @@ class SecretsMountMysqlRd(dict):
5138
5862
  pulumi.set(__self__, "connection_url", connection_url)
5139
5863
  if data is not None:
5140
5864
  pulumi.set(__self__, "data", data)
5865
+ if disable_automated_rotation is not None:
5866
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5141
5867
  if max_connection_lifetime is not None:
5142
5868
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
5143
5869
  if max_idle_connections is not None:
@@ -5150,6 +5876,12 @@ class SecretsMountMysqlRd(dict):
5150
5876
  pulumi.set(__self__, "plugin_name", plugin_name)
5151
5877
  if root_rotation_statements is not None:
5152
5878
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
5879
+ if rotation_period is not None:
5880
+ pulumi.set(__self__, "rotation_period", rotation_period)
5881
+ if rotation_schedule is not None:
5882
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
5883
+ if rotation_window is not None:
5884
+ pulumi.set(__self__, "rotation_window", rotation_window)
5153
5885
  if service_account_json is not None:
5154
5886
  pulumi.set(__self__, "service_account_json", service_account_json)
5155
5887
  if tls_ca is not None:
@@ -5201,10 +5933,18 @@ class SecretsMountMysqlRd(dict):
5201
5933
  def data(self) -> Optional[Mapping[str, str]]:
5202
5934
  """
5203
5935
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
5936
+ """
5937
+ return pulumi.get(self, "data")
5938
+
5939
+ @property
5940
+ @pulumi.getter(name="disableAutomatedRotation")
5941
+ def disable_automated_rotation(self) -> Optional[bool]:
5942
+ """
5943
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5204
5944
 
5205
5945
  Supported list of database secrets engines that can be configured:
5206
5946
  """
5207
- return pulumi.get(self, "data")
5947
+ return pulumi.get(self, "disable_automated_rotation")
5208
5948
 
5209
5949
  @property
5210
5950
  @pulumi.getter(name="maxConnectionLifetime")
@@ -5254,6 +5994,34 @@ class SecretsMountMysqlRd(dict):
5254
5994
  """
5255
5995
  return pulumi.get(self, "root_rotation_statements")
5256
5996
 
5997
+ @property
5998
+ @pulumi.getter(name="rotationPeriod")
5999
+ def rotation_period(self) -> Optional[int]:
6000
+ """
6001
+ The amount of time in seconds Vault should wait before rotating the root credential.
6002
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6003
+ """
6004
+ return pulumi.get(self, "rotation_period")
6005
+
6006
+ @property
6007
+ @pulumi.getter(name="rotationSchedule")
6008
+ def rotation_schedule(self) -> Optional[str]:
6009
+ """
6010
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6011
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6012
+ """
6013
+ return pulumi.get(self, "rotation_schedule")
6014
+
6015
+ @property
6016
+ @pulumi.getter(name="rotationWindow")
6017
+ def rotation_window(self) -> Optional[int]:
6018
+ """
6019
+ The maximum amount of time in seconds allowed to complete
6020
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6021
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6022
+ """
6023
+ return pulumi.get(self, "rotation_window")
6024
+
5257
6025
  @property
5258
6026
  @pulumi.getter(name="serviceAccountJson")
5259
6027
  def service_account_json(self) -> Optional[str]:
@@ -5313,6 +6081,8 @@ class SecretsMountOracle(dict):
5313
6081
  suggest = "allowed_roles"
5314
6082
  elif key == "connectionUrl":
5315
6083
  suggest = "connection_url"
6084
+ elif key == "disableAutomatedRotation":
6085
+ suggest = "disable_automated_rotation"
5316
6086
  elif key == "disconnectSessions":
5317
6087
  suggest = "disconnect_sessions"
5318
6088
  elif key == "maxConnectionLifetime":
@@ -5325,6 +6095,12 @@ class SecretsMountOracle(dict):
5325
6095
  suggest = "plugin_name"
5326
6096
  elif key == "rootRotationStatements":
5327
6097
  suggest = "root_rotation_statements"
6098
+ elif key == "rotationPeriod":
6099
+ suggest = "rotation_period"
6100
+ elif key == "rotationSchedule":
6101
+ suggest = "rotation_schedule"
6102
+ elif key == "rotationWindow":
6103
+ suggest = "rotation_window"
5328
6104
  elif key == "splitStatements":
5329
6105
  suggest = "split_statements"
5330
6106
  elif key == "usernameTemplate":
@@ -5348,6 +6124,7 @@ class SecretsMountOracle(dict):
5348
6124
  allowed_roles: Optional[Sequence[str]] = None,
5349
6125
  connection_url: Optional[str] = None,
5350
6126
  data: Optional[Mapping[str, str]] = None,
6127
+ disable_automated_rotation: Optional[bool] = None,
5351
6128
  disconnect_sessions: Optional[bool] = None,
5352
6129
  max_connection_lifetime: Optional[int] = None,
5353
6130
  max_idle_connections: Optional[int] = None,
@@ -5355,6 +6132,9 @@ class SecretsMountOracle(dict):
5355
6132
  password: Optional[str] = None,
5356
6133
  plugin_name: Optional[str] = None,
5357
6134
  root_rotation_statements: Optional[Sequence[str]] = None,
6135
+ rotation_period: Optional[int] = None,
6136
+ rotation_schedule: Optional[str] = None,
6137
+ rotation_window: Optional[int] = None,
5358
6138
  split_statements: Optional[bool] = None,
5359
6139
  username: Optional[str] = None,
5360
6140
  username_template: Optional[str] = None,
@@ -5365,6 +6145,7 @@ class SecretsMountOracle(dict):
5365
6145
  connection.
5366
6146
  :param str connection_url: Connection string to use to connect to the database.
5367
6147
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6148
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5368
6149
 
5369
6150
  Supported list of database secrets engines that can be configured:
5370
6151
  :param bool disconnect_sessions: Set to true to disconnect any open sessions prior to running the revocation statements.
@@ -5374,6 +6155,13 @@ class SecretsMountOracle(dict):
5374
6155
  :param str password: The root credential password used in the connection URL
5375
6156
  :param str plugin_name: Specifies the name of the plugin to use.
5376
6157
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
6158
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
6159
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6160
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6161
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6162
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
6163
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6164
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5377
6165
  :param bool split_statements: Set to true in order to split statements after semi-colons.
5378
6166
  :param str username: The root credential username used in the connection URL
5379
6167
  :param str username_template: Username generation template.
@@ -5387,6 +6175,8 @@ class SecretsMountOracle(dict):
5387
6175
  pulumi.set(__self__, "connection_url", connection_url)
5388
6176
  if data is not None:
5389
6177
  pulumi.set(__self__, "data", data)
6178
+ if disable_automated_rotation is not None:
6179
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5390
6180
  if disconnect_sessions is not None:
5391
6181
  pulumi.set(__self__, "disconnect_sessions", disconnect_sessions)
5392
6182
  if max_connection_lifetime is not None:
@@ -5401,6 +6191,12 @@ class SecretsMountOracle(dict):
5401
6191
  pulumi.set(__self__, "plugin_name", plugin_name)
5402
6192
  if root_rotation_statements is not None:
5403
6193
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
6194
+ if rotation_period is not None:
6195
+ pulumi.set(__self__, "rotation_period", rotation_period)
6196
+ if rotation_schedule is not None:
6197
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
6198
+ if rotation_window is not None:
6199
+ pulumi.set(__self__, "rotation_window", rotation_window)
5404
6200
  if split_statements is not None:
5405
6201
  pulumi.set(__self__, "split_statements", split_statements)
5406
6202
  if username is not None:
@@ -5440,10 +6236,18 @@ class SecretsMountOracle(dict):
5440
6236
  def data(self) -> Optional[Mapping[str, str]]:
5441
6237
  """
5442
6238
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6239
+ """
6240
+ return pulumi.get(self, "data")
6241
+
6242
+ @property
6243
+ @pulumi.getter(name="disableAutomatedRotation")
6244
+ def disable_automated_rotation(self) -> Optional[bool]:
6245
+ """
6246
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5443
6247
 
5444
6248
  Supported list of database secrets engines that can be configured:
5445
6249
  """
5446
- return pulumi.get(self, "data")
6250
+ return pulumi.get(self, "disable_automated_rotation")
5447
6251
 
5448
6252
  @property
5449
6253
  @pulumi.getter(name="disconnectSessions")
@@ -5501,6 +6305,34 @@ class SecretsMountOracle(dict):
5501
6305
  """
5502
6306
  return pulumi.get(self, "root_rotation_statements")
5503
6307
 
6308
+ @property
6309
+ @pulumi.getter(name="rotationPeriod")
6310
+ def rotation_period(self) -> Optional[int]:
6311
+ """
6312
+ The amount of time in seconds Vault should wait before rotating the root credential.
6313
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6314
+ """
6315
+ return pulumi.get(self, "rotation_period")
6316
+
6317
+ @property
6318
+ @pulumi.getter(name="rotationSchedule")
6319
+ def rotation_schedule(self) -> Optional[str]:
6320
+ """
6321
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6322
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6323
+ """
6324
+ return pulumi.get(self, "rotation_schedule")
6325
+
6326
+ @property
6327
+ @pulumi.getter(name="rotationWindow")
6328
+ def rotation_window(self) -> Optional[int]:
6329
+ """
6330
+ The maximum amount of time in seconds allowed to complete
6331
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6332
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6333
+ """
6334
+ return pulumi.get(self, "rotation_window")
6335
+
5504
6336
  @property
5505
6337
  @pulumi.getter(name="splitStatements")
5506
6338
  def split_statements(self) -> Optional[bool]:
@@ -5546,6 +6378,8 @@ class SecretsMountPostgresql(dict):
5546
6378
  suggest = "auth_type"
5547
6379
  elif key == "connectionUrl":
5548
6380
  suggest = "connection_url"
6381
+ elif key == "disableAutomatedRotation":
6382
+ suggest = "disable_automated_rotation"
5549
6383
  elif key == "disableEscaping":
5550
6384
  suggest = "disable_escaping"
5551
6385
  elif key == "maxConnectionLifetime":
@@ -5562,6 +6396,12 @@ class SecretsMountPostgresql(dict):
5562
6396
  suggest = "private_key"
5563
6397
  elif key == "rootRotationStatements":
5564
6398
  suggest = "root_rotation_statements"
6399
+ elif key == "rotationPeriod":
6400
+ suggest = "rotation_period"
6401
+ elif key == "rotationSchedule":
6402
+ suggest = "rotation_schedule"
6403
+ elif key == "rotationWindow":
6404
+ suggest = "rotation_window"
5565
6405
  elif key == "selfManaged":
5566
6406
  suggest = "self_managed"
5567
6407
  elif key == "serviceAccountJson":
@@ -5592,6 +6432,7 @@ class SecretsMountPostgresql(dict):
5592
6432
  auth_type: Optional[str] = None,
5593
6433
  connection_url: Optional[str] = None,
5594
6434
  data: Optional[Mapping[str, str]] = None,
6435
+ disable_automated_rotation: Optional[bool] = None,
5595
6436
  disable_escaping: Optional[bool] = None,
5596
6437
  max_connection_lifetime: Optional[int] = None,
5597
6438
  max_idle_connections: Optional[int] = None,
@@ -5601,6 +6442,9 @@ class SecretsMountPostgresql(dict):
5601
6442
  plugin_name: Optional[str] = None,
5602
6443
  private_key: Optional[str] = None,
5603
6444
  root_rotation_statements: Optional[Sequence[str]] = None,
6445
+ rotation_period: Optional[int] = None,
6446
+ rotation_schedule: Optional[str] = None,
6447
+ rotation_window: Optional[int] = None,
5604
6448
  self_managed: Optional[bool] = None,
5605
6449
  service_account_json: Optional[str] = None,
5606
6450
  tls_ca: Optional[str] = None,
@@ -5615,6 +6459,7 @@ class SecretsMountPostgresql(dict):
5615
6459
  :param str auth_type: Specify alternative authorization type. (Only 'gcp_iam' is valid currently)
5616
6460
  :param str connection_url: Connection string to use to connect to the database.
5617
6461
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6462
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5618
6463
 
5619
6464
  Supported list of database secrets engines that can be configured:
5620
6465
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -5626,6 +6471,13 @@ class SecretsMountPostgresql(dict):
5626
6471
  :param str plugin_name: Specifies the name of the plugin to use.
5627
6472
  :param str private_key: The secret key used for the x509 client certificate. Must be PEM encoded.
5628
6473
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
6474
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
6475
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6476
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6477
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6478
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
6479
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6480
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5629
6481
  :param bool self_managed: If set, allows onboarding static roles with a rootless connection configuration.
5630
6482
  :param str service_account_json: A JSON encoded credential for use with IAM authorization
5631
6483
  :param str tls_ca: The x509 CA file for validating the certificate presented by the PostgreSQL server. Must be PEM encoded.
@@ -5644,6 +6496,8 @@ class SecretsMountPostgresql(dict):
5644
6496
  pulumi.set(__self__, "connection_url", connection_url)
5645
6497
  if data is not None:
5646
6498
  pulumi.set(__self__, "data", data)
6499
+ if disable_automated_rotation is not None:
6500
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5647
6501
  if disable_escaping is not None:
5648
6502
  pulumi.set(__self__, "disable_escaping", disable_escaping)
5649
6503
  if max_connection_lifetime is not None:
@@ -5662,6 +6516,12 @@ class SecretsMountPostgresql(dict):
5662
6516
  pulumi.set(__self__, "private_key", private_key)
5663
6517
  if root_rotation_statements is not None:
5664
6518
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
6519
+ if rotation_period is not None:
6520
+ pulumi.set(__self__, "rotation_period", rotation_period)
6521
+ if rotation_schedule is not None:
6522
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
6523
+ if rotation_window is not None:
6524
+ pulumi.set(__self__, "rotation_window", rotation_window)
5665
6525
  if self_managed is not None:
5666
6526
  pulumi.set(__self__, "self_managed", self_managed)
5667
6527
  if service_account_json is not None:
@@ -5715,10 +6575,18 @@ class SecretsMountPostgresql(dict):
5715
6575
  def data(self) -> Optional[Mapping[str, str]]:
5716
6576
  """
5717
6577
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6578
+ """
6579
+ return pulumi.get(self, "data")
6580
+
6581
+ @property
6582
+ @pulumi.getter(name="disableAutomatedRotation")
6583
+ def disable_automated_rotation(self) -> Optional[bool]:
6584
+ """
6585
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5718
6586
 
5719
6587
  Supported list of database secrets engines that can be configured:
5720
6588
  """
5721
- return pulumi.get(self, "data")
6589
+ return pulumi.get(self, "disable_automated_rotation")
5722
6590
 
5723
6591
  @property
5724
6592
  @pulumi.getter(name="disableEscaping")
@@ -5792,6 +6660,34 @@ class SecretsMountPostgresql(dict):
5792
6660
  """
5793
6661
  return pulumi.get(self, "root_rotation_statements")
5794
6662
 
6663
+ @property
6664
+ @pulumi.getter(name="rotationPeriod")
6665
+ def rotation_period(self) -> Optional[int]:
6666
+ """
6667
+ The amount of time in seconds Vault should wait before rotating the root credential.
6668
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6669
+ """
6670
+ return pulumi.get(self, "rotation_period")
6671
+
6672
+ @property
6673
+ @pulumi.getter(name="rotationSchedule")
6674
+ def rotation_schedule(self) -> Optional[str]:
6675
+ """
6676
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6677
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6678
+ """
6679
+ return pulumi.get(self, "rotation_schedule")
6680
+
6681
+ @property
6682
+ @pulumi.getter(name="rotationWindow")
6683
+ def rotation_window(self) -> Optional[int]:
6684
+ """
6685
+ The maximum amount of time in seconds allowed to complete
6686
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6687
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6688
+ """
6689
+ return pulumi.get(self, "rotation_window")
6690
+
5795
6691
  @property
5796
6692
  @pulumi.getter(name="selfManaged")
5797
6693
  def self_managed(self) -> Optional[bool]:
@@ -5859,12 +6755,20 @@ class SecretsMountRedi(dict):
5859
6755
  suggest = "allowed_roles"
5860
6756
  elif key == "caCert":
5861
6757
  suggest = "ca_cert"
6758
+ elif key == "disableAutomatedRotation":
6759
+ suggest = "disable_automated_rotation"
5862
6760
  elif key == "insecureTls":
5863
6761
  suggest = "insecure_tls"
5864
6762
  elif key == "pluginName":
5865
6763
  suggest = "plugin_name"
5866
6764
  elif key == "rootRotationStatements":
5867
6765
  suggest = "root_rotation_statements"
6766
+ elif key == "rotationPeriod":
6767
+ suggest = "rotation_period"
6768
+ elif key == "rotationSchedule":
6769
+ suggest = "rotation_schedule"
6770
+ elif key == "rotationWindow":
6771
+ suggest = "rotation_window"
5868
6772
  elif key == "verifyConnection":
5869
6773
  suggest = "verify_connection"
5870
6774
 
@@ -5887,10 +6791,14 @@ class SecretsMountRedi(dict):
5887
6791
  allowed_roles: Optional[Sequence[str]] = None,
5888
6792
  ca_cert: Optional[str] = None,
5889
6793
  data: Optional[Mapping[str, str]] = None,
6794
+ disable_automated_rotation: Optional[bool] = None,
5890
6795
  insecure_tls: Optional[bool] = None,
5891
6796
  plugin_name: Optional[str] = None,
5892
6797
  port: Optional[int] = None,
5893
6798
  root_rotation_statements: Optional[Sequence[str]] = None,
6799
+ rotation_period: Optional[int] = None,
6800
+ rotation_schedule: Optional[str] = None,
6801
+ rotation_window: Optional[int] = None,
5894
6802
  tls: Optional[bool] = None,
5895
6803
  verify_connection: Optional[bool] = None):
5896
6804
  """
@@ -5902,12 +6810,20 @@ class SecretsMountRedi(dict):
5902
6810
  connection.
5903
6811
  :param str ca_cert: The contents of a PEM-encoded CA cert file to use to verify the Redis server's identity.
5904
6812
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6813
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5905
6814
 
5906
6815
  Supported list of database secrets engines that can be configured:
5907
6816
  :param bool insecure_tls: Specifies whether to skip verification of the server certificate when using TLS.
5908
6817
  :param str plugin_name: Specifies the name of the plugin to use.
5909
6818
  :param int port: The transport port to use to connect to Redis.
5910
6819
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
6820
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
6821
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6822
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6823
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6824
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
6825
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6826
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
5911
6827
  :param bool tls: Specifies whether to use TLS when connecting to Redis.
5912
6828
  :param bool verify_connection: Whether the connection should be verified on
5913
6829
  initial configuration or not.
@@ -5922,6 +6838,8 @@ class SecretsMountRedi(dict):
5922
6838
  pulumi.set(__self__, "ca_cert", ca_cert)
5923
6839
  if data is not None:
5924
6840
  pulumi.set(__self__, "data", data)
6841
+ if disable_automated_rotation is not None:
6842
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
5925
6843
  if insecure_tls is not None:
5926
6844
  pulumi.set(__self__, "insecure_tls", insecure_tls)
5927
6845
  if plugin_name is not None:
@@ -5930,6 +6848,12 @@ class SecretsMountRedi(dict):
5930
6848
  pulumi.set(__self__, "port", port)
5931
6849
  if root_rotation_statements is not None:
5932
6850
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
6851
+ if rotation_period is not None:
6852
+ pulumi.set(__self__, "rotation_period", rotation_period)
6853
+ if rotation_schedule is not None:
6854
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
6855
+ if rotation_window is not None:
6856
+ pulumi.set(__self__, "rotation_window", rotation_window)
5933
6857
  if tls is not None:
5934
6858
  pulumi.set(__self__, "tls", tls)
5935
6859
  if verify_connection is not None:
@@ -5989,10 +6913,18 @@ class SecretsMountRedi(dict):
5989
6913
  def data(self) -> Optional[Mapping[str, str]]:
5990
6914
  """
5991
6915
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
6916
+ """
6917
+ return pulumi.get(self, "data")
6918
+
6919
+ @property
6920
+ @pulumi.getter(name="disableAutomatedRotation")
6921
+ def disable_automated_rotation(self) -> Optional[bool]:
6922
+ """
6923
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
5992
6924
 
5993
6925
  Supported list of database secrets engines that can be configured:
5994
6926
  """
5995
- return pulumi.get(self, "data")
6927
+ return pulumi.get(self, "disable_automated_rotation")
5996
6928
 
5997
6929
  @property
5998
6930
  @pulumi.getter(name="insecureTls")
@@ -6026,6 +6958,34 @@ class SecretsMountRedi(dict):
6026
6958
  """
6027
6959
  return pulumi.get(self, "root_rotation_statements")
6028
6960
 
6961
+ @property
6962
+ @pulumi.getter(name="rotationPeriod")
6963
+ def rotation_period(self) -> Optional[int]:
6964
+ """
6965
+ The amount of time in seconds Vault should wait before rotating the root credential.
6966
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
6967
+ """
6968
+ return pulumi.get(self, "rotation_period")
6969
+
6970
+ @property
6971
+ @pulumi.getter(name="rotationSchedule")
6972
+ def rotation_schedule(self) -> Optional[str]:
6973
+ """
6974
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
6975
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
6976
+ """
6977
+ return pulumi.get(self, "rotation_schedule")
6978
+
6979
+ @property
6980
+ @pulumi.getter(name="rotationWindow")
6981
+ def rotation_window(self) -> Optional[int]:
6982
+ """
6983
+ The maximum amount of time in seconds allowed to complete
6984
+ a rotation when a scheduled token rotation occurs. The default rotation window is
6985
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6986
+ """
6987
+ return pulumi.get(self, "rotation_window")
6988
+
6029
6989
  @property
6030
6990
  @pulumi.getter
6031
6991
  def tls(self) -> Optional[bool]:
@@ -6051,10 +7011,18 @@ class SecretsMountRedisElasticach(dict):
6051
7011
  suggest = None
6052
7012
  if key == "allowedRoles":
6053
7013
  suggest = "allowed_roles"
7014
+ elif key == "disableAutomatedRotation":
7015
+ suggest = "disable_automated_rotation"
6054
7016
  elif key == "pluginName":
6055
7017
  suggest = "plugin_name"
6056
7018
  elif key == "rootRotationStatements":
6057
7019
  suggest = "root_rotation_statements"
7020
+ elif key == "rotationPeriod":
7021
+ suggest = "rotation_period"
7022
+ elif key == "rotationSchedule":
7023
+ suggest = "rotation_schedule"
7024
+ elif key == "rotationWindow":
7025
+ suggest = "rotation_window"
6058
7026
  elif key == "verifyConnection":
6059
7027
  suggest = "verify_connection"
6060
7028
 
@@ -6074,10 +7042,14 @@ class SecretsMountRedisElasticach(dict):
6074
7042
  url: str,
6075
7043
  allowed_roles: Optional[Sequence[str]] = None,
6076
7044
  data: Optional[Mapping[str, str]] = None,
7045
+ disable_automated_rotation: Optional[bool] = None,
6077
7046
  password: Optional[str] = None,
6078
7047
  plugin_name: Optional[str] = None,
6079
7048
  region: Optional[str] = None,
6080
7049
  root_rotation_statements: Optional[Sequence[str]] = None,
7050
+ rotation_period: Optional[int] = None,
7051
+ rotation_schedule: Optional[str] = None,
7052
+ rotation_window: Optional[int] = None,
6081
7053
  username: Optional[str] = None,
6082
7054
  verify_connection: Optional[bool] = None):
6083
7055
  """
@@ -6086,12 +7058,20 @@ class SecretsMountRedisElasticach(dict):
6086
7058
  :param Sequence[str] allowed_roles: A list of roles that are allowed to use this
6087
7059
  connection.
6088
7060
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7061
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6089
7062
 
6090
7063
  Supported list of database secrets engines that can be configured:
6091
7064
  :param str password: The AWS secret key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
6092
7065
  :param str plugin_name: Specifies the name of the plugin to use.
6093
7066
  :param str region: The AWS region where the ElastiCache cluster is hosted. If omitted the plugin tries to infer the region from the environment.
6094
7067
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
7068
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
7069
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7070
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7071
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7072
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
7073
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7074
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6095
7075
  :param str username: The AWS access key id to use to talk to ElastiCache. If omitted the credentials chain provider is used instead.
6096
7076
  :param bool verify_connection: Whether the connection should be verified on
6097
7077
  initial configuration or not.
@@ -6102,6 +7082,8 @@ class SecretsMountRedisElasticach(dict):
6102
7082
  pulumi.set(__self__, "allowed_roles", allowed_roles)
6103
7083
  if data is not None:
6104
7084
  pulumi.set(__self__, "data", data)
7085
+ if disable_automated_rotation is not None:
7086
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
6105
7087
  if password is not None:
6106
7088
  pulumi.set(__self__, "password", password)
6107
7089
  if plugin_name is not None:
@@ -6110,6 +7092,12 @@ class SecretsMountRedisElasticach(dict):
6110
7092
  pulumi.set(__self__, "region", region)
6111
7093
  if root_rotation_statements is not None:
6112
7094
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
7095
+ if rotation_period is not None:
7096
+ pulumi.set(__self__, "rotation_period", rotation_period)
7097
+ if rotation_schedule is not None:
7098
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
7099
+ if rotation_window is not None:
7100
+ pulumi.set(__self__, "rotation_window", rotation_window)
6113
7101
  if username is not None:
6114
7102
  pulumi.set(__self__, "username", username)
6115
7103
  if verify_connection is not None:
@@ -6145,10 +7133,18 @@ class SecretsMountRedisElasticach(dict):
6145
7133
  def data(self) -> Optional[Mapping[str, str]]:
6146
7134
  """
6147
7135
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7136
+ """
7137
+ return pulumi.get(self, "data")
7138
+
7139
+ @property
7140
+ @pulumi.getter(name="disableAutomatedRotation")
7141
+ def disable_automated_rotation(self) -> Optional[bool]:
7142
+ """
7143
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6148
7144
 
6149
7145
  Supported list of database secrets engines that can be configured:
6150
7146
  """
6151
- return pulumi.get(self, "data")
7147
+ return pulumi.get(self, "disable_automated_rotation")
6152
7148
 
6153
7149
  @property
6154
7150
  @pulumi.getter
@@ -6182,6 +7178,34 @@ class SecretsMountRedisElasticach(dict):
6182
7178
  """
6183
7179
  return pulumi.get(self, "root_rotation_statements")
6184
7180
 
7181
+ @property
7182
+ @pulumi.getter(name="rotationPeriod")
7183
+ def rotation_period(self) -> Optional[int]:
7184
+ """
7185
+ The amount of time in seconds Vault should wait before rotating the root credential.
7186
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7187
+ """
7188
+ return pulumi.get(self, "rotation_period")
7189
+
7190
+ @property
7191
+ @pulumi.getter(name="rotationSchedule")
7192
+ def rotation_schedule(self) -> Optional[str]:
7193
+ """
7194
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7195
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7196
+ """
7197
+ return pulumi.get(self, "rotation_schedule")
7198
+
7199
+ @property
7200
+ @pulumi.getter(name="rotationWindow")
7201
+ def rotation_window(self) -> Optional[int]:
7202
+ """
7203
+ The maximum amount of time in seconds allowed to complete
7204
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7205
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
7206
+ """
7207
+ return pulumi.get(self, "rotation_window")
7208
+
6185
7209
  @property
6186
7210
  @pulumi.getter
6187
7211
  def username(self) -> Optional[str]:
@@ -6209,6 +7233,8 @@ class SecretsMountRedshift(dict):
6209
7233
  suggest = "allowed_roles"
6210
7234
  elif key == "connectionUrl":
6211
7235
  suggest = "connection_url"
7236
+ elif key == "disableAutomatedRotation":
7237
+ suggest = "disable_automated_rotation"
6212
7238
  elif key == "disableEscaping":
6213
7239
  suggest = "disable_escaping"
6214
7240
  elif key == "maxConnectionLifetime":
@@ -6221,6 +7247,12 @@ class SecretsMountRedshift(dict):
6221
7247
  suggest = "plugin_name"
6222
7248
  elif key == "rootRotationStatements":
6223
7249
  suggest = "root_rotation_statements"
7250
+ elif key == "rotationPeriod":
7251
+ suggest = "rotation_period"
7252
+ elif key == "rotationSchedule":
7253
+ suggest = "rotation_schedule"
7254
+ elif key == "rotationWindow":
7255
+ suggest = "rotation_window"
6224
7256
  elif key == "usernameTemplate":
6225
7257
  suggest = "username_template"
6226
7258
  elif key == "verifyConnection":
@@ -6242,6 +7274,7 @@ class SecretsMountRedshift(dict):
6242
7274
  allowed_roles: Optional[Sequence[str]] = None,
6243
7275
  connection_url: Optional[str] = None,
6244
7276
  data: Optional[Mapping[str, str]] = None,
7277
+ disable_automated_rotation: Optional[bool] = None,
6245
7278
  disable_escaping: Optional[bool] = None,
6246
7279
  max_connection_lifetime: Optional[int] = None,
6247
7280
  max_idle_connections: Optional[int] = None,
@@ -6249,6 +7282,9 @@ class SecretsMountRedshift(dict):
6249
7282
  password: Optional[str] = None,
6250
7283
  plugin_name: Optional[str] = None,
6251
7284
  root_rotation_statements: Optional[Sequence[str]] = None,
7285
+ rotation_period: Optional[int] = None,
7286
+ rotation_schedule: Optional[str] = None,
7287
+ rotation_window: Optional[int] = None,
6252
7288
  username: Optional[str] = None,
6253
7289
  username_template: Optional[str] = None,
6254
7290
  verify_connection: Optional[bool] = None):
@@ -6258,6 +7294,7 @@ class SecretsMountRedshift(dict):
6258
7294
  connection.
6259
7295
  :param str connection_url: Connection string to use to connect to the database.
6260
7296
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7297
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6261
7298
 
6262
7299
  Supported list of database secrets engines that can be configured:
6263
7300
  :param bool disable_escaping: Disable special character escaping in username and password
@@ -6267,6 +7304,13 @@ class SecretsMountRedshift(dict):
6267
7304
  :param str password: The root credential password used in the connection URL
6268
7305
  :param str plugin_name: Specifies the name of the plugin to use.
6269
7306
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
7307
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
7308
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7309
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7310
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7311
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
7312
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7313
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6270
7314
  :param str username: The root credential username used in the connection URL
6271
7315
  :param str username_template: Username generation template.
6272
7316
  :param bool verify_connection: Whether the connection should be verified on
@@ -6279,6 +7323,8 @@ class SecretsMountRedshift(dict):
6279
7323
  pulumi.set(__self__, "connection_url", connection_url)
6280
7324
  if data is not None:
6281
7325
  pulumi.set(__self__, "data", data)
7326
+ if disable_automated_rotation is not None:
7327
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
6282
7328
  if disable_escaping is not None:
6283
7329
  pulumi.set(__self__, "disable_escaping", disable_escaping)
6284
7330
  if max_connection_lifetime is not None:
@@ -6293,6 +7339,12 @@ class SecretsMountRedshift(dict):
6293
7339
  pulumi.set(__self__, "plugin_name", plugin_name)
6294
7340
  if root_rotation_statements is not None:
6295
7341
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
7342
+ if rotation_period is not None:
7343
+ pulumi.set(__self__, "rotation_period", rotation_period)
7344
+ if rotation_schedule is not None:
7345
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
7346
+ if rotation_window is not None:
7347
+ pulumi.set(__self__, "rotation_window", rotation_window)
6296
7348
  if username is not None:
6297
7349
  pulumi.set(__self__, "username", username)
6298
7350
  if username_template is not None:
@@ -6330,10 +7382,18 @@ class SecretsMountRedshift(dict):
6330
7382
  def data(self) -> Optional[Mapping[str, str]]:
6331
7383
  """
6332
7384
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7385
+ """
7386
+ return pulumi.get(self, "data")
7387
+
7388
+ @property
7389
+ @pulumi.getter(name="disableAutomatedRotation")
7390
+ def disable_automated_rotation(self) -> Optional[bool]:
7391
+ """
7392
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6333
7393
 
6334
7394
  Supported list of database secrets engines that can be configured:
6335
7395
  """
6336
- return pulumi.get(self, "data")
7396
+ return pulumi.get(self, "disable_automated_rotation")
6337
7397
 
6338
7398
  @property
6339
7399
  @pulumi.getter(name="disableEscaping")
@@ -6391,6 +7451,34 @@ class SecretsMountRedshift(dict):
6391
7451
  """
6392
7452
  return pulumi.get(self, "root_rotation_statements")
6393
7453
 
7454
+ @property
7455
+ @pulumi.getter(name="rotationPeriod")
7456
+ def rotation_period(self) -> Optional[int]:
7457
+ """
7458
+ The amount of time in seconds Vault should wait before rotating the root credential.
7459
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7460
+ """
7461
+ return pulumi.get(self, "rotation_period")
7462
+
7463
+ @property
7464
+ @pulumi.getter(name="rotationSchedule")
7465
+ def rotation_schedule(self) -> Optional[str]:
7466
+ """
7467
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7468
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7469
+ """
7470
+ return pulumi.get(self, "rotation_schedule")
7471
+
7472
+ @property
7473
+ @pulumi.getter(name="rotationWindow")
7474
+ def rotation_window(self) -> Optional[int]:
7475
+ """
7476
+ The maximum amount of time in seconds allowed to complete
7477
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7478
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
7479
+ """
7480
+ return pulumi.get(self, "rotation_window")
7481
+
6394
7482
  @property
6395
7483
  @pulumi.getter
6396
7484
  def username(self) -> Optional[str]:
@@ -6426,6 +7514,8 @@ class SecretsMountSnowflake(dict):
6426
7514
  suggest = "allowed_roles"
6427
7515
  elif key == "connectionUrl":
6428
7516
  suggest = "connection_url"
7517
+ elif key == "disableAutomatedRotation":
7518
+ suggest = "disable_automated_rotation"
6429
7519
  elif key == "maxConnectionLifetime":
6430
7520
  suggest = "max_connection_lifetime"
6431
7521
  elif key == "maxIdleConnections":
@@ -6436,6 +7526,12 @@ class SecretsMountSnowflake(dict):
6436
7526
  suggest = "plugin_name"
6437
7527
  elif key == "rootRotationStatements":
6438
7528
  suggest = "root_rotation_statements"
7529
+ elif key == "rotationPeriod":
7530
+ suggest = "rotation_period"
7531
+ elif key == "rotationSchedule":
7532
+ suggest = "rotation_schedule"
7533
+ elif key == "rotationWindow":
7534
+ suggest = "rotation_window"
6439
7535
  elif key == "usernameTemplate":
6440
7536
  suggest = "username_template"
6441
7537
  elif key == "verifyConnection":
@@ -6457,12 +7553,16 @@ class SecretsMountSnowflake(dict):
6457
7553
  allowed_roles: Optional[Sequence[str]] = None,
6458
7554
  connection_url: Optional[str] = None,
6459
7555
  data: Optional[Mapping[str, str]] = None,
7556
+ disable_automated_rotation: Optional[bool] = None,
6460
7557
  max_connection_lifetime: Optional[int] = None,
6461
7558
  max_idle_connections: Optional[int] = None,
6462
7559
  max_open_connections: Optional[int] = None,
6463
7560
  password: Optional[str] = None,
6464
7561
  plugin_name: Optional[str] = None,
6465
7562
  root_rotation_statements: Optional[Sequence[str]] = None,
7563
+ rotation_period: Optional[int] = None,
7564
+ rotation_schedule: Optional[str] = None,
7565
+ rotation_window: Optional[int] = None,
6466
7566
  username: Optional[str] = None,
6467
7567
  username_template: Optional[str] = None,
6468
7568
  verify_connection: Optional[bool] = None):
@@ -6472,6 +7572,7 @@ class SecretsMountSnowflake(dict):
6472
7572
  connection.
6473
7573
  :param str connection_url: Connection string to use to connect to the database.
6474
7574
  :param Mapping[str, str] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7575
+ :param bool disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6475
7576
 
6476
7577
  Supported list of database secrets engines that can be configured:
6477
7578
  :param int max_connection_lifetime: Maximum number of seconds a connection may be reused.
@@ -6480,6 +7581,13 @@ class SecretsMountSnowflake(dict):
6480
7581
  :param str password: The root credential password used in the connection URL
6481
7582
  :param str plugin_name: Specifies the name of the plugin to use.
6482
7583
  :param Sequence[str] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
7584
+ :param int rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
7585
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7586
+ :param str rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7587
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7588
+ :param int rotation_window: The maximum amount of time in seconds allowed to complete
7589
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7590
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
6483
7591
  :param str username: The root credential username used in the connection URL
6484
7592
  :param str username_template: Username generation template.
6485
7593
  :param bool verify_connection: Whether the connection should be verified on
@@ -6492,6 +7600,8 @@ class SecretsMountSnowflake(dict):
6492
7600
  pulumi.set(__self__, "connection_url", connection_url)
6493
7601
  if data is not None:
6494
7602
  pulumi.set(__self__, "data", data)
7603
+ if disable_automated_rotation is not None:
7604
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
6495
7605
  if max_connection_lifetime is not None:
6496
7606
  pulumi.set(__self__, "max_connection_lifetime", max_connection_lifetime)
6497
7607
  if max_idle_connections is not None:
@@ -6504,6 +7614,12 @@ class SecretsMountSnowflake(dict):
6504
7614
  pulumi.set(__self__, "plugin_name", plugin_name)
6505
7615
  if root_rotation_statements is not None:
6506
7616
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
7617
+ if rotation_period is not None:
7618
+ pulumi.set(__self__, "rotation_period", rotation_period)
7619
+ if rotation_schedule is not None:
7620
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
7621
+ if rotation_window is not None:
7622
+ pulumi.set(__self__, "rotation_window", rotation_window)
6507
7623
  if username is not None:
6508
7624
  pulumi.set(__self__, "username", username)
6509
7625
  if username_template is not None:
@@ -6541,10 +7657,18 @@ class SecretsMountSnowflake(dict):
6541
7657
  def data(self) -> Optional[Mapping[str, str]]:
6542
7658
  """
6543
7659
  A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
7660
+ """
7661
+ return pulumi.get(self, "data")
7662
+
7663
+ @property
7664
+ @pulumi.getter(name="disableAutomatedRotation")
7665
+ def disable_automated_rotation(self) -> Optional[bool]:
7666
+ """
7667
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
6544
7668
 
6545
7669
  Supported list of database secrets engines that can be configured:
6546
7670
  """
6547
- return pulumi.get(self, "data")
7671
+ return pulumi.get(self, "disable_automated_rotation")
6548
7672
 
6549
7673
  @property
6550
7674
  @pulumi.getter(name="maxConnectionLifetime")
@@ -6594,6 +7718,34 @@ class SecretsMountSnowflake(dict):
6594
7718
  """
6595
7719
  return pulumi.get(self, "root_rotation_statements")
6596
7720
 
7721
+ @property
7722
+ @pulumi.getter(name="rotationPeriod")
7723
+ def rotation_period(self) -> Optional[int]:
7724
+ """
7725
+ The amount of time in seconds Vault should wait before rotating the root credential.
7726
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
7727
+ """
7728
+ return pulumi.get(self, "rotation_period")
7729
+
7730
+ @property
7731
+ @pulumi.getter(name="rotationSchedule")
7732
+ def rotation_schedule(self) -> Optional[str]:
7733
+ """
7734
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
7735
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
7736
+ """
7737
+ return pulumi.get(self, "rotation_schedule")
7738
+
7739
+ @property
7740
+ @pulumi.getter(name="rotationWindow")
7741
+ def rotation_window(self) -> Optional[int]:
7742
+ """
7743
+ The maximum amount of time in seconds allowed to complete
7744
+ a rotation when a scheduled token rotation occurs. The default rotation window is
7745
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
7746
+ """
7747
+ return pulumi.get(self, "rotation_window")
7748
+
6597
7749
  @property
6598
7750
  @pulumi.getter
6599
7751
  def username(self) -> Optional[str]: