pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -24,6 +24,7 @@ class BackendArgs:
24
24
  client_id: Optional[pulumi.Input[str]] = None,
25
25
  client_secret: Optional[pulumi.Input[str]] = None,
26
26
  description: Optional[pulumi.Input[str]] = None,
27
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
27
28
  disable_remount: Optional[pulumi.Input[bool]] = None,
28
29
  environment: Optional[pulumi.Input[str]] = None,
29
30
  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -31,6 +32,9 @@ class BackendArgs:
31
32
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
32
33
  namespace: Optional[pulumi.Input[str]] = None,
33
34
  path: Optional[pulumi.Input[str]] = None,
35
+ rotation_period: Optional[pulumi.Input[int]] = None,
36
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
37
+ rotation_window: Optional[pulumi.Input[int]] = None,
34
38
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
35
39
  """
36
40
  The set of arguments for constructing a Backend resource.
@@ -39,6 +43,8 @@ class BackendArgs:
39
43
  :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
40
44
  :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
41
45
  :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
46
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
47
+ *Available only for Vault Enterprise*
42
48
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
43
49
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
44
50
  :param pulumi.Input[str] environment: The Azure environment.
@@ -53,6 +59,15 @@ class BackendArgs:
53
59
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
54
60
  *Available only for Vault Enterprise*.
55
61
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
62
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
63
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
64
+ *Available only for Vault Enterprise*
65
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
66
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
67
+ *Available only for Vault Enterprise*
68
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
69
+ a rotation when a scheduled token rotation occurs. The default rotation window is
70
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
56
71
  :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
57
72
  """
58
73
  pulumi.set(__self__, "subscription_id", subscription_id)
@@ -63,6 +78,8 @@ class BackendArgs:
63
78
  pulumi.set(__self__, "client_secret", client_secret)
64
79
  if description is not None:
65
80
  pulumi.set(__self__, "description", description)
81
+ if disable_automated_rotation is not None:
82
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
66
83
  if disable_remount is not None:
67
84
  pulumi.set(__self__, "disable_remount", disable_remount)
68
85
  if environment is not None:
@@ -77,6 +94,12 @@ class BackendArgs:
77
94
  pulumi.set(__self__, "namespace", namespace)
78
95
  if path is not None:
79
96
  pulumi.set(__self__, "path", path)
97
+ if rotation_period is not None:
98
+ pulumi.set(__self__, "rotation_period", rotation_period)
99
+ if rotation_schedule is not None:
100
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
101
+ if rotation_window is not None:
102
+ pulumi.set(__self__, "rotation_window", rotation_window)
80
103
  if use_microsoft_graph_api is not None:
81
104
  warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
82
105
  pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
@@ -143,6 +166,19 @@ class BackendArgs:
143
166
  def description(self, value: Optional[pulumi.Input[str]]):
144
167
  pulumi.set(self, "description", value)
145
168
 
169
+ @property
170
+ @pulumi.getter(name="disableAutomatedRotation")
171
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
172
+ """
173
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
174
+ *Available only for Vault Enterprise*
175
+ """
176
+ return pulumi.get(self, "disable_automated_rotation")
177
+
178
+ @disable_automated_rotation.setter
179
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
180
+ pulumi.set(self, "disable_automated_rotation", value)
181
+
146
182
  @property
147
183
  @pulumi.getter(name="disableRemount")
148
184
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -234,6 +270,48 @@ class BackendArgs:
234
270
  def path(self, value: Optional[pulumi.Input[str]]):
235
271
  pulumi.set(self, "path", value)
236
272
 
273
+ @property
274
+ @pulumi.getter(name="rotationPeriod")
275
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
276
+ """
277
+ The amount of time in seconds Vault should wait before rotating the root credential.
278
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
279
+ *Available only for Vault Enterprise*
280
+ """
281
+ return pulumi.get(self, "rotation_period")
282
+
283
+ @rotation_period.setter
284
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
285
+ pulumi.set(self, "rotation_period", value)
286
+
287
+ @property
288
+ @pulumi.getter(name="rotationSchedule")
289
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
290
+ """
291
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
292
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
293
+ *Available only for Vault Enterprise*
294
+ """
295
+ return pulumi.get(self, "rotation_schedule")
296
+
297
+ @rotation_schedule.setter
298
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
299
+ pulumi.set(self, "rotation_schedule", value)
300
+
301
+ @property
302
+ @pulumi.getter(name="rotationWindow")
303
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
304
+ """
305
+ The maximum amount of time in seconds allowed to complete
306
+ a rotation when a scheduled token rotation occurs. The default rotation window is
307
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
308
+ """
309
+ return pulumi.get(self, "rotation_window")
310
+
311
+ @rotation_window.setter
312
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
313
+ pulumi.set(self, "rotation_window", value)
314
+
237
315
  @property
238
316
  @pulumi.getter(name="useMicrosoftGraphApi")
239
317
  @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
@@ -254,6 +332,7 @@ class _BackendState:
254
332
  client_id: Optional[pulumi.Input[str]] = None,
255
333
  client_secret: Optional[pulumi.Input[str]] = None,
256
334
  description: Optional[pulumi.Input[str]] = None,
335
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
257
336
  disable_remount: Optional[pulumi.Input[bool]] = None,
258
337
  environment: Optional[pulumi.Input[str]] = None,
259
338
  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -261,6 +340,9 @@ class _BackendState:
261
340
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
262
341
  namespace: Optional[pulumi.Input[str]] = None,
263
342
  path: Optional[pulumi.Input[str]] = None,
343
+ rotation_period: Optional[pulumi.Input[int]] = None,
344
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
345
+ rotation_window: Optional[pulumi.Input[int]] = None,
264
346
  subscription_id: Optional[pulumi.Input[str]] = None,
265
347
  tenant_id: Optional[pulumi.Input[str]] = None,
266
348
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
@@ -269,6 +351,8 @@ class _BackendState:
269
351
  :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
270
352
  :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
271
353
  :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
354
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
355
+ *Available only for Vault Enterprise*
272
356
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
273
357
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
274
358
  :param pulumi.Input[str] environment: The Azure environment.
@@ -283,6 +367,15 @@ class _BackendState:
283
367
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
284
368
  *Available only for Vault Enterprise*.
285
369
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
370
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
371
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
372
+ *Available only for Vault Enterprise*
373
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
374
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
375
+ *Available only for Vault Enterprise*
376
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
377
+ a rotation when a scheduled token rotation occurs. The default rotation window is
378
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
286
379
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
287
380
  :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
288
381
  :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -293,6 +386,8 @@ class _BackendState:
293
386
  pulumi.set(__self__, "client_secret", client_secret)
294
387
  if description is not None:
295
388
  pulumi.set(__self__, "description", description)
389
+ if disable_automated_rotation is not None:
390
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
296
391
  if disable_remount is not None:
297
392
  pulumi.set(__self__, "disable_remount", disable_remount)
298
393
  if environment is not None:
@@ -307,6 +402,12 @@ class _BackendState:
307
402
  pulumi.set(__self__, "namespace", namespace)
308
403
  if path is not None:
309
404
  pulumi.set(__self__, "path", path)
405
+ if rotation_period is not None:
406
+ pulumi.set(__self__, "rotation_period", rotation_period)
407
+ if rotation_schedule is not None:
408
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
409
+ if rotation_window is not None:
410
+ pulumi.set(__self__, "rotation_window", rotation_window)
310
411
  if subscription_id is not None:
311
412
  pulumi.set(__self__, "subscription_id", subscription_id)
312
413
  if tenant_id is not None:
@@ -353,6 +454,19 @@ class _BackendState:
353
454
  def description(self, value: Optional[pulumi.Input[str]]):
354
455
  pulumi.set(self, "description", value)
355
456
 
457
+ @property
458
+ @pulumi.getter(name="disableAutomatedRotation")
459
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
460
+ """
461
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
462
+ *Available only for Vault Enterprise*
463
+ """
464
+ return pulumi.get(self, "disable_automated_rotation")
465
+
466
+ @disable_automated_rotation.setter
467
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
468
+ pulumi.set(self, "disable_automated_rotation", value)
469
+
356
470
  @property
357
471
  @pulumi.getter(name="disableRemount")
358
472
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -444,6 +558,48 @@ class _BackendState:
444
558
  def path(self, value: Optional[pulumi.Input[str]]):
445
559
  pulumi.set(self, "path", value)
446
560
 
561
+ @property
562
+ @pulumi.getter(name="rotationPeriod")
563
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
564
+ """
565
+ The amount of time in seconds Vault should wait before rotating the root credential.
566
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
567
+ *Available only for Vault Enterprise*
568
+ """
569
+ return pulumi.get(self, "rotation_period")
570
+
571
+ @rotation_period.setter
572
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
573
+ pulumi.set(self, "rotation_period", value)
574
+
575
+ @property
576
+ @pulumi.getter(name="rotationSchedule")
577
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
578
+ """
579
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
580
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
581
+ *Available only for Vault Enterprise*
582
+ """
583
+ return pulumi.get(self, "rotation_schedule")
584
+
585
+ @rotation_schedule.setter
586
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
587
+ pulumi.set(self, "rotation_schedule", value)
588
+
589
+ @property
590
+ @pulumi.getter(name="rotationWindow")
591
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
592
+ """
593
+ The maximum amount of time in seconds allowed to complete
594
+ a rotation when a scheduled token rotation occurs. The default rotation window is
595
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
596
+ """
597
+ return pulumi.get(self, "rotation_window")
598
+
599
+ @rotation_window.setter
600
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
601
+ pulumi.set(self, "rotation_window", value)
602
+
447
603
  @property
448
604
  @pulumi.getter(name="subscriptionId")
449
605
  def subscription_id(self) -> Optional[pulumi.Input[str]]:
@@ -490,6 +646,7 @@ class Backend(pulumi.CustomResource):
490
646
  client_id: Optional[pulumi.Input[str]] = None,
491
647
  client_secret: Optional[pulumi.Input[str]] = None,
492
648
  description: Optional[pulumi.Input[str]] = None,
649
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
493
650
  disable_remount: Optional[pulumi.Input[bool]] = None,
494
651
  environment: Optional[pulumi.Input[str]] = None,
495
652
  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -497,6 +654,9 @@ class Backend(pulumi.CustomResource):
497
654
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
498
655
  namespace: Optional[pulumi.Input[str]] = None,
499
656
  path: Optional[pulumi.Input[str]] = None,
657
+ rotation_period: Optional[pulumi.Input[int]] = None,
658
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
659
+ rotation_window: Optional[pulumi.Input[int]] = None,
500
660
  subscription_id: Optional[pulumi.Input[str]] = None,
501
661
  tenant_id: Optional[pulumi.Input[str]] = None,
502
662
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None,
@@ -516,7 +676,9 @@ class Backend(pulumi.CustomResource):
516
676
  tenant_id="11111111-2222-3333-4444-222222222222",
517
677
  client_id="11111111-2222-3333-4444-333333333333",
518
678
  identity_token_audience="<TOKEN_AUDIENCE>",
519
- identity_token_ttl="<TOKEN_TTL>")
679
+ identity_token_ttl="<TOKEN_TTL>",
680
+ rotation_schedule="0 * * * SAT",
681
+ rotation_window=3600)
520
682
  ```
521
683
 
522
684
  ```python
@@ -529,7 +691,9 @@ class Backend(pulumi.CustomResource):
529
691
  tenant_id="11111111-2222-3333-4444-222222222222",
530
692
  client_id="11111111-2222-3333-4444-333333333333",
531
693
  client_secret="12345678901234567890",
532
- environment="AzurePublicCloud")
694
+ environment="AzurePublicCloud",
695
+ rotation_schedule="0 * * * SAT",
696
+ rotation_window=3600)
533
697
  ```
534
698
 
535
699
  ### *Vault-1.8 And Below*
@@ -552,6 +716,8 @@ class Backend(pulumi.CustomResource):
552
716
  :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
553
717
  :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
554
718
  :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
719
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
720
+ *Available only for Vault Enterprise*
555
721
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
556
722
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
557
723
  :param pulumi.Input[str] environment: The Azure environment.
@@ -566,6 +732,15 @@ class Backend(pulumi.CustomResource):
566
732
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
567
733
  *Available only for Vault Enterprise*.
568
734
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
735
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
736
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
737
+ *Available only for Vault Enterprise*
738
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
739
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
740
+ *Available only for Vault Enterprise*
741
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
742
+ a rotation when a scheduled token rotation occurs. The default rotation window is
743
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
569
744
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
570
745
  :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
571
746
  :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -591,7 +766,9 @@ class Backend(pulumi.CustomResource):
591
766
  tenant_id="11111111-2222-3333-4444-222222222222",
592
767
  client_id="11111111-2222-3333-4444-333333333333",
593
768
  identity_token_audience="<TOKEN_AUDIENCE>",
594
- identity_token_ttl="<TOKEN_TTL>")
769
+ identity_token_ttl="<TOKEN_TTL>",
770
+ rotation_schedule="0 * * * SAT",
771
+ rotation_window=3600)
595
772
  ```
596
773
 
597
774
  ```python
@@ -604,7 +781,9 @@ class Backend(pulumi.CustomResource):
604
781
  tenant_id="11111111-2222-3333-4444-222222222222",
605
782
  client_id="11111111-2222-3333-4444-333333333333",
606
783
  client_secret="12345678901234567890",
607
- environment="AzurePublicCloud")
784
+ environment="AzurePublicCloud",
785
+ rotation_schedule="0 * * * SAT",
786
+ rotation_window=3600)
608
787
  ```
609
788
 
610
789
  ### *Vault-1.8 And Below*
@@ -640,6 +819,7 @@ class Backend(pulumi.CustomResource):
640
819
  client_id: Optional[pulumi.Input[str]] = None,
641
820
  client_secret: Optional[pulumi.Input[str]] = None,
642
821
  description: Optional[pulumi.Input[str]] = None,
822
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
643
823
  disable_remount: Optional[pulumi.Input[bool]] = None,
644
824
  environment: Optional[pulumi.Input[str]] = None,
645
825
  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -647,6 +827,9 @@ class Backend(pulumi.CustomResource):
647
827
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
648
828
  namespace: Optional[pulumi.Input[str]] = None,
649
829
  path: Optional[pulumi.Input[str]] = None,
830
+ rotation_period: Optional[pulumi.Input[int]] = None,
831
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
832
+ rotation_window: Optional[pulumi.Input[int]] = None,
650
833
  subscription_id: Optional[pulumi.Input[str]] = None,
651
834
  tenant_id: Optional[pulumi.Input[str]] = None,
652
835
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None,
@@ -662,6 +845,7 @@ class Backend(pulumi.CustomResource):
662
845
  __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
663
846
  __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
664
847
  __props__.__dict__["description"] = description
848
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
665
849
  __props__.__dict__["disable_remount"] = disable_remount
666
850
  __props__.__dict__["environment"] = environment
667
851
  __props__.__dict__["identity_token_audience"] = identity_token_audience
@@ -669,6 +853,9 @@ class Backend(pulumi.CustomResource):
669
853
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
670
854
  __props__.__dict__["namespace"] = namespace
671
855
  __props__.__dict__["path"] = path
856
+ __props__.__dict__["rotation_period"] = rotation_period
857
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
858
+ __props__.__dict__["rotation_window"] = rotation_window
672
859
  if subscription_id is None and not opts.urn:
673
860
  raise TypeError("Missing required property 'subscription_id'")
674
861
  __props__.__dict__["subscription_id"] = None if subscription_id is None else pulumi.Output.secret(subscription_id)
@@ -691,6 +878,7 @@ class Backend(pulumi.CustomResource):
691
878
  client_id: Optional[pulumi.Input[str]] = None,
692
879
  client_secret: Optional[pulumi.Input[str]] = None,
693
880
  description: Optional[pulumi.Input[str]] = None,
881
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
694
882
  disable_remount: Optional[pulumi.Input[bool]] = None,
695
883
  environment: Optional[pulumi.Input[str]] = None,
696
884
  identity_token_audience: Optional[pulumi.Input[str]] = None,
@@ -698,6 +886,9 @@ class Backend(pulumi.CustomResource):
698
886
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
699
887
  namespace: Optional[pulumi.Input[str]] = None,
700
888
  path: Optional[pulumi.Input[str]] = None,
889
+ rotation_period: Optional[pulumi.Input[int]] = None,
890
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
891
+ rotation_window: Optional[pulumi.Input[int]] = None,
701
892
  subscription_id: Optional[pulumi.Input[str]] = None,
702
893
  tenant_id: Optional[pulumi.Input[str]] = None,
703
894
  use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None) -> 'Backend':
@@ -711,6 +902,8 @@ class Backend(pulumi.CustomResource):
711
902
  :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
712
903
  :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
713
904
  :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
905
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
906
+ *Available only for Vault Enterprise*
714
907
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
715
908
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
716
909
  :param pulumi.Input[str] environment: The Azure environment.
@@ -725,6 +918,15 @@ class Backend(pulumi.CustomResource):
725
918
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
726
919
  *Available only for Vault Enterprise*.
727
920
  :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
921
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
922
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
923
+ *Available only for Vault Enterprise*
924
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
925
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
926
+ *Available only for Vault Enterprise*
927
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
928
+ a rotation when a scheduled token rotation occurs. The default rotation window is
929
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
728
930
  :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
729
931
  :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
730
932
  :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
@@ -736,6 +938,7 @@ class Backend(pulumi.CustomResource):
736
938
  __props__.__dict__["client_id"] = client_id
737
939
  __props__.__dict__["client_secret"] = client_secret
738
940
  __props__.__dict__["description"] = description
941
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
739
942
  __props__.__dict__["disable_remount"] = disable_remount
740
943
  __props__.__dict__["environment"] = environment
741
944
  __props__.__dict__["identity_token_audience"] = identity_token_audience
@@ -743,6 +946,9 @@ class Backend(pulumi.CustomResource):
743
946
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
744
947
  __props__.__dict__["namespace"] = namespace
745
948
  __props__.__dict__["path"] = path
949
+ __props__.__dict__["rotation_period"] = rotation_period
950
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
951
+ __props__.__dict__["rotation_window"] = rotation_window
746
952
  __props__.__dict__["subscription_id"] = subscription_id
747
953
  __props__.__dict__["tenant_id"] = tenant_id
748
954
  __props__.__dict__["use_microsoft_graph_api"] = use_microsoft_graph_api
@@ -772,6 +978,15 @@ class Backend(pulumi.CustomResource):
772
978
  """
773
979
  return pulumi.get(self, "description")
774
980
 
981
+ @property
982
+ @pulumi.getter(name="disableAutomatedRotation")
983
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
984
+ """
985
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
986
+ *Available only for Vault Enterprise*
987
+ """
988
+ return pulumi.get(self, "disable_automated_rotation")
989
+
775
990
  @property
776
991
  @pulumi.getter(name="disableRemount")
777
992
  def disable_remount(self) -> pulumi.Output[Optional[bool]]:
@@ -835,6 +1050,36 @@ class Backend(pulumi.CustomResource):
835
1050
  """
836
1051
  return pulumi.get(self, "path")
837
1052
 
1053
+ @property
1054
+ @pulumi.getter(name="rotationPeriod")
1055
+ def rotation_period(self) -> pulumi.Output[Optional[int]]:
1056
+ """
1057
+ The amount of time in seconds Vault should wait before rotating the root credential.
1058
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1059
+ *Available only for Vault Enterprise*
1060
+ """
1061
+ return pulumi.get(self, "rotation_period")
1062
+
1063
+ @property
1064
+ @pulumi.getter(name="rotationSchedule")
1065
+ def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
1066
+ """
1067
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1068
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1069
+ *Available only for Vault Enterprise*
1070
+ """
1071
+ return pulumi.get(self, "rotation_schedule")
1072
+
1073
+ @property
1074
+ @pulumi.getter(name="rotationWindow")
1075
+ def rotation_window(self) -> pulumi.Output[Optional[int]]:
1076
+ """
1077
+ The maximum amount of time in seconds allowed to complete
1078
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1079
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
1080
+ """
1081
+ return pulumi.get(self, "rotation_window")
1082
+
838
1083
  @property
839
1084
  @pulumi.getter(name="subscriptionId")
840
1085
  def subscription_id(self) -> pulumi.Output[str]: