pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -29,6 +29,7 @@ class AuthBackendArgs:
29
29
  connection_timeout: Optional[pulumi.Input[int]] = None,
30
30
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
31
31
  description: Optional[pulumi.Input[str]] = None,
32
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
32
33
  disable_remount: Optional[pulumi.Input[bool]] = None,
33
34
  discoverdn: Optional[pulumi.Input[bool]] = None,
34
35
  groupattr: Optional[pulumi.Input[str]] = None,
@@ -39,6 +40,9 @@ class AuthBackendArgs:
39
40
  max_page_size: Optional[pulumi.Input[int]] = None,
40
41
  namespace: Optional[pulumi.Input[str]] = None,
41
42
  path: Optional[pulumi.Input[str]] = None,
43
+ rotation_period: Optional[pulumi.Input[int]] = None,
44
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
45
+ rotation_window: Optional[pulumi.Input[int]] = None,
42
46
  starttls: Optional[pulumi.Input[bool]] = None,
43
47
  tls_max_version: Optional[pulumi.Input[str]] = None,
44
48
  tls_min_version: Optional[pulumi.Input[str]] = None,
@@ -67,6 +71,7 @@ class AuthBackendArgs:
67
71
  :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
68
72
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
69
73
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
74
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
70
75
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
71
76
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
72
77
  :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
@@ -82,6 +87,13 @@ class AuthBackendArgs:
82
87
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
83
88
  *Available only for Vault Enterprise*.
84
89
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
90
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
91
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
92
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
93
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
94
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
95
+ a rotation when a scheduled token rotation occurs. The default rotation window is
96
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
85
97
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
86
98
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
87
99
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
@@ -120,6 +132,8 @@ class AuthBackendArgs:
120
132
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
121
133
  if description is not None:
122
134
  pulumi.set(__self__, "description", description)
135
+ if disable_automated_rotation is not None:
136
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
123
137
  if disable_remount is not None:
124
138
  pulumi.set(__self__, "disable_remount", disable_remount)
125
139
  if discoverdn is not None:
@@ -140,6 +154,12 @@ class AuthBackendArgs:
140
154
  pulumi.set(__self__, "namespace", namespace)
141
155
  if path is not None:
142
156
  pulumi.set(__self__, "path", path)
157
+ if rotation_period is not None:
158
+ pulumi.set(__self__, "rotation_period", rotation_period)
159
+ if rotation_schedule is not None:
160
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
161
+ if rotation_window is not None:
162
+ pulumi.set(__self__, "rotation_window", rotation_window)
143
163
  if starttls is not None:
144
164
  pulumi.set(__self__, "starttls", starttls)
145
165
  if tls_max_version is not None:
@@ -291,6 +311,18 @@ class AuthBackendArgs:
291
311
  def description(self, value: Optional[pulumi.Input[str]]):
292
312
  pulumi.set(self, "description", value)
293
313
 
314
+ @property
315
+ @pulumi.getter(name="disableAutomatedRotation")
316
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
317
+ """
318
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
319
+ """
320
+ return pulumi.get(self, "disable_automated_rotation")
321
+
322
+ @disable_automated_rotation.setter
323
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
324
+ pulumi.set(self, "disable_automated_rotation", value)
325
+
294
326
  @property
295
327
  @pulumi.getter(name="disableRemount")
296
328
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -416,6 +448,46 @@ class AuthBackendArgs:
416
448
  def path(self, value: Optional[pulumi.Input[str]]):
417
449
  pulumi.set(self, "path", value)
418
450
 
451
+ @property
452
+ @pulumi.getter(name="rotationPeriod")
453
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
454
+ """
455
+ The amount of time in seconds Vault should wait before rotating the root credential.
456
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
457
+ """
458
+ return pulumi.get(self, "rotation_period")
459
+
460
+ @rotation_period.setter
461
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
462
+ pulumi.set(self, "rotation_period", value)
463
+
464
+ @property
465
+ @pulumi.getter(name="rotationSchedule")
466
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
467
+ """
468
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
469
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
470
+ """
471
+ return pulumi.get(self, "rotation_schedule")
472
+
473
+ @rotation_schedule.setter
474
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
475
+ pulumi.set(self, "rotation_schedule", value)
476
+
477
+ @property
478
+ @pulumi.getter(name="rotationWindow")
479
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
480
+ """
481
+ The maximum amount of time in seconds allowed to complete
482
+ a rotation when a scheduled token rotation occurs. The default rotation window is
483
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
484
+ """
485
+ return pulumi.get(self, "rotation_window")
486
+
487
+ @rotation_window.setter
488
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
489
+ pulumi.set(self, "rotation_window", value)
490
+
419
491
  @property
420
492
  @pulumi.getter
421
493
  def starttls(self) -> Optional[pulumi.Input[bool]]:
@@ -646,6 +718,7 @@ class _AuthBackendState:
646
718
  connection_timeout: Optional[pulumi.Input[int]] = None,
647
719
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
648
720
  description: Optional[pulumi.Input[str]] = None,
721
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
649
722
  disable_remount: Optional[pulumi.Input[bool]] = None,
650
723
  discoverdn: Optional[pulumi.Input[bool]] = None,
651
724
  groupattr: Optional[pulumi.Input[str]] = None,
@@ -656,6 +729,9 @@ class _AuthBackendState:
656
729
  max_page_size: Optional[pulumi.Input[int]] = None,
657
730
  namespace: Optional[pulumi.Input[str]] = None,
658
731
  path: Optional[pulumi.Input[str]] = None,
732
+ rotation_period: Optional[pulumi.Input[int]] = None,
733
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
734
+ rotation_window: Optional[pulumi.Input[int]] = None,
659
735
  starttls: Optional[pulumi.Input[bool]] = None,
660
736
  tls_max_version: Optional[pulumi.Input[str]] = None,
661
737
  tls_min_version: Optional[pulumi.Input[str]] = None,
@@ -685,6 +761,7 @@ class _AuthBackendState:
685
761
  :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
686
762
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
687
763
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
764
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
688
765
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
689
766
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
690
767
  :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
@@ -700,6 +777,13 @@ class _AuthBackendState:
700
777
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
701
778
  *Available only for Vault Enterprise*.
702
779
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
780
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
781
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
782
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
783
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
784
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
785
+ a rotation when a scheduled token rotation occurs. The default rotation window is
786
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
703
787
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
704
788
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
705
789
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
@@ -740,6 +824,8 @@ class _AuthBackendState:
740
824
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
741
825
  if description is not None:
742
826
  pulumi.set(__self__, "description", description)
827
+ if disable_automated_rotation is not None:
828
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
743
829
  if disable_remount is not None:
744
830
  pulumi.set(__self__, "disable_remount", disable_remount)
745
831
  if discoverdn is not None:
@@ -760,6 +846,12 @@ class _AuthBackendState:
760
846
  pulumi.set(__self__, "namespace", namespace)
761
847
  if path is not None:
762
848
  pulumi.set(__self__, "path", path)
849
+ if rotation_period is not None:
850
+ pulumi.set(__self__, "rotation_period", rotation_period)
851
+ if rotation_schedule is not None:
852
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
853
+ if rotation_window is not None:
854
+ pulumi.set(__self__, "rotation_window", rotation_window)
763
855
  if starttls is not None:
764
856
  pulumi.set(__self__, "starttls", starttls)
765
857
  if tls_max_version is not None:
@@ -913,6 +1005,18 @@ class _AuthBackendState:
913
1005
  def description(self, value: Optional[pulumi.Input[str]]):
914
1006
  pulumi.set(self, "description", value)
915
1007
 
1008
+ @property
1009
+ @pulumi.getter(name="disableAutomatedRotation")
1010
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
1011
+ """
1012
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1013
+ """
1014
+ return pulumi.get(self, "disable_automated_rotation")
1015
+
1016
+ @disable_automated_rotation.setter
1017
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
1018
+ pulumi.set(self, "disable_automated_rotation", value)
1019
+
916
1020
  @property
917
1021
  @pulumi.getter(name="disableRemount")
918
1022
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -1038,6 +1142,46 @@ class _AuthBackendState:
1038
1142
  def path(self, value: Optional[pulumi.Input[str]]):
1039
1143
  pulumi.set(self, "path", value)
1040
1144
 
1145
+ @property
1146
+ @pulumi.getter(name="rotationPeriod")
1147
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
1148
+ """
1149
+ The amount of time in seconds Vault should wait before rotating the root credential.
1150
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1151
+ """
1152
+ return pulumi.get(self, "rotation_period")
1153
+
1154
+ @rotation_period.setter
1155
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
1156
+ pulumi.set(self, "rotation_period", value)
1157
+
1158
+ @property
1159
+ @pulumi.getter(name="rotationSchedule")
1160
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
1161
+ """
1162
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1163
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1164
+ """
1165
+ return pulumi.get(self, "rotation_schedule")
1166
+
1167
+ @rotation_schedule.setter
1168
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
1169
+ pulumi.set(self, "rotation_schedule", value)
1170
+
1171
+ @property
1172
+ @pulumi.getter(name="rotationWindow")
1173
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
1174
+ """
1175
+ The maximum amount of time in seconds allowed to complete
1176
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1177
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1178
+ """
1179
+ return pulumi.get(self, "rotation_window")
1180
+
1181
+ @rotation_window.setter
1182
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
1183
+ pulumi.set(self, "rotation_window", value)
1184
+
1041
1185
  @property
1042
1186
  @pulumi.getter
1043
1187
  def starttls(self) -> Optional[pulumi.Input[bool]]:
@@ -1281,6 +1425,7 @@ class AuthBackend(pulumi.CustomResource):
1281
1425
  connection_timeout: Optional[pulumi.Input[int]] = None,
1282
1426
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1283
1427
  description: Optional[pulumi.Input[str]] = None,
1428
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
1284
1429
  disable_remount: Optional[pulumi.Input[bool]] = None,
1285
1430
  discoverdn: Optional[pulumi.Input[bool]] = None,
1286
1431
  groupattr: Optional[pulumi.Input[str]] = None,
@@ -1291,6 +1436,9 @@ class AuthBackend(pulumi.CustomResource):
1291
1436
  max_page_size: Optional[pulumi.Input[int]] = None,
1292
1437
  namespace: Optional[pulumi.Input[str]] = None,
1293
1438
  path: Optional[pulumi.Input[str]] = None,
1439
+ rotation_period: Optional[pulumi.Input[int]] = None,
1440
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
1441
+ rotation_window: Optional[pulumi.Input[int]] = None,
1294
1442
  starttls: Optional[pulumi.Input[bool]] = None,
1295
1443
  tls_max_version: Optional[pulumi.Input[str]] = None,
1296
1444
  tls_min_version: Optional[pulumi.Input[str]] = None,
@@ -1328,7 +1476,9 @@ class AuthBackend(pulumi.CustomResource):
1328
1476
  upndomain="EXAMPLE.ORG",
1329
1477
  discoverdn=False,
1330
1478
  groupdn="OU=Groups,DC=example,DC=org",
1331
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1479
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1480
+ rotation_schedule="0 * * * SAT",
1481
+ rotation_window=3600)
1332
1482
  ```
1333
1483
 
1334
1484
  ## Import
@@ -1348,6 +1498,7 @@ class AuthBackend(pulumi.CustomResource):
1348
1498
  :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1349
1499
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1350
1500
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1501
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1351
1502
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1352
1503
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
1353
1504
  :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
@@ -1363,6 +1514,13 @@ class AuthBackend(pulumi.CustomResource):
1363
1514
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1364
1515
  *Available only for Vault Enterprise*.
1365
1516
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1517
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1518
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1519
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1520
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1521
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
1522
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1523
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1366
1524
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1367
1525
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1368
1526
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
@@ -1406,7 +1564,9 @@ class AuthBackend(pulumi.CustomResource):
1406
1564
  upndomain="EXAMPLE.ORG",
1407
1565
  discoverdn=False,
1408
1566
  groupdn="OU=Groups,DC=example,DC=org",
1409
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1567
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1568
+ rotation_schedule="0 * * * SAT",
1569
+ rotation_window=3600)
1410
1570
  ```
1411
1571
 
1412
1572
  ## Import
@@ -1441,6 +1601,7 @@ class AuthBackend(pulumi.CustomResource):
1441
1601
  connection_timeout: Optional[pulumi.Input[int]] = None,
1442
1602
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1443
1603
  description: Optional[pulumi.Input[str]] = None,
1604
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
1444
1605
  disable_remount: Optional[pulumi.Input[bool]] = None,
1445
1606
  discoverdn: Optional[pulumi.Input[bool]] = None,
1446
1607
  groupattr: Optional[pulumi.Input[str]] = None,
@@ -1451,6 +1612,9 @@ class AuthBackend(pulumi.CustomResource):
1451
1612
  max_page_size: Optional[pulumi.Input[int]] = None,
1452
1613
  namespace: Optional[pulumi.Input[str]] = None,
1453
1614
  path: Optional[pulumi.Input[str]] = None,
1615
+ rotation_period: Optional[pulumi.Input[int]] = None,
1616
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
1617
+ rotation_window: Optional[pulumi.Input[int]] = None,
1454
1618
  starttls: Optional[pulumi.Input[bool]] = None,
1455
1619
  tls_max_version: Optional[pulumi.Input[str]] = None,
1456
1620
  tls_min_version: Optional[pulumi.Input[str]] = None,
@@ -1488,6 +1652,7 @@ class AuthBackend(pulumi.CustomResource):
1488
1652
  __props__.__dict__["connection_timeout"] = connection_timeout
1489
1653
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1490
1654
  __props__.__dict__["description"] = description
1655
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1491
1656
  __props__.__dict__["disable_remount"] = disable_remount
1492
1657
  __props__.__dict__["discoverdn"] = discoverdn
1493
1658
  __props__.__dict__["groupattr"] = groupattr
@@ -1498,6 +1663,9 @@ class AuthBackend(pulumi.CustomResource):
1498
1663
  __props__.__dict__["max_page_size"] = max_page_size
1499
1664
  __props__.__dict__["namespace"] = namespace
1500
1665
  __props__.__dict__["path"] = path
1666
+ __props__.__dict__["rotation_period"] = rotation_period
1667
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1668
+ __props__.__dict__["rotation_window"] = rotation_window
1501
1669
  __props__.__dict__["starttls"] = starttls
1502
1670
  __props__.__dict__["tls_max_version"] = tls_max_version
1503
1671
  __props__.__dict__["tls_min_version"] = tls_min_version
@@ -1542,6 +1710,7 @@ class AuthBackend(pulumi.CustomResource):
1542
1710
  connection_timeout: Optional[pulumi.Input[int]] = None,
1543
1711
  deny_null_bind: Optional[pulumi.Input[bool]] = None,
1544
1712
  description: Optional[pulumi.Input[str]] = None,
1713
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
1545
1714
  disable_remount: Optional[pulumi.Input[bool]] = None,
1546
1715
  discoverdn: Optional[pulumi.Input[bool]] = None,
1547
1716
  groupattr: Optional[pulumi.Input[str]] = None,
@@ -1552,6 +1721,9 @@ class AuthBackend(pulumi.CustomResource):
1552
1721
  max_page_size: Optional[pulumi.Input[int]] = None,
1553
1722
  namespace: Optional[pulumi.Input[str]] = None,
1554
1723
  path: Optional[pulumi.Input[str]] = None,
1724
+ rotation_period: Optional[pulumi.Input[int]] = None,
1725
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
1726
+ rotation_window: Optional[pulumi.Input[int]] = None,
1555
1727
  starttls: Optional[pulumi.Input[bool]] = None,
1556
1728
  tls_max_version: Optional[pulumi.Input[str]] = None,
1557
1729
  tls_min_version: Optional[pulumi.Input[str]] = None,
@@ -1586,6 +1758,7 @@ class AuthBackend(pulumi.CustomResource):
1586
1758
  :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1587
1759
  :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1588
1760
  :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1761
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1589
1762
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1590
1763
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
1591
1764
  :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
@@ -1601,6 +1774,13 @@ class AuthBackend(pulumi.CustomResource):
1601
1774
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1602
1775
  *Available only for Vault Enterprise*.
1603
1776
  :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1777
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1778
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1779
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1780
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1781
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
1782
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1783
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1604
1784
  :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1605
1785
  :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1606
1786
  :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
@@ -1635,6 +1815,7 @@ class AuthBackend(pulumi.CustomResource):
1635
1815
  __props__.__dict__["connection_timeout"] = connection_timeout
1636
1816
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1637
1817
  __props__.__dict__["description"] = description
1818
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1638
1819
  __props__.__dict__["disable_remount"] = disable_remount
1639
1820
  __props__.__dict__["discoverdn"] = discoverdn
1640
1821
  __props__.__dict__["groupattr"] = groupattr
@@ -1645,6 +1826,9 @@ class AuthBackend(pulumi.CustomResource):
1645
1826
  __props__.__dict__["max_page_size"] = max_page_size
1646
1827
  __props__.__dict__["namespace"] = namespace
1647
1828
  __props__.__dict__["path"] = path
1829
+ __props__.__dict__["rotation_period"] = rotation_period
1830
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1831
+ __props__.__dict__["rotation_window"] = rotation_window
1648
1832
  __props__.__dict__["starttls"] = starttls
1649
1833
  __props__.__dict__["tls_max_version"] = tls_max_version
1650
1834
  __props__.__dict__["tls_min_version"] = tls_min_version
@@ -1740,6 +1924,14 @@ class AuthBackend(pulumi.CustomResource):
1740
1924
  """
1741
1925
  return pulumi.get(self, "description")
1742
1926
 
1927
+ @property
1928
+ @pulumi.getter(name="disableAutomatedRotation")
1929
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
1930
+ """
1931
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1932
+ """
1933
+ return pulumi.get(self, "disable_automated_rotation")
1934
+
1743
1935
  @property
1744
1936
  @pulumi.getter(name="disableRemount")
1745
1937
  def disable_remount(self) -> pulumi.Output[Optional[bool]]:
@@ -1825,6 +2017,34 @@ class AuthBackend(pulumi.CustomResource):
1825
2017
  """
1826
2018
  return pulumi.get(self, "path")
1827
2019
 
2020
+ @property
2021
+ @pulumi.getter(name="rotationPeriod")
2022
+ def rotation_period(self) -> pulumi.Output[Optional[int]]:
2023
+ """
2024
+ The amount of time in seconds Vault should wait before rotating the root credential.
2025
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2026
+ """
2027
+ return pulumi.get(self, "rotation_period")
2028
+
2029
+ @property
2030
+ @pulumi.getter(name="rotationSchedule")
2031
+ def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
2032
+ """
2033
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2034
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2035
+ """
2036
+ return pulumi.get(self, "rotation_schedule")
2037
+
2038
+ @property
2039
+ @pulumi.getter(name="rotationWindow")
2040
+ def rotation_window(self) -> pulumi.Output[Optional[int]]:
2041
+ """
2042
+ The maximum amount of time in seconds allowed to complete
2043
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2044
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2045
+ """
2046
+ return pulumi.get(self, "rotation_window")
2047
+
1828
2048
  @property
1829
2049
  @pulumi.getter
1830
2050
  def starttls(self) -> pulumi.Output[bool]: