pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -26,6 +26,7 @@ class SecretBackendConnectionArgs:
26
26
  cassandra: Optional[pulumi.Input['SecretBackendConnectionCassandraArgs']] = None,
27
27
  couchbase: Optional[pulumi.Input['SecretBackendConnectionCouchbaseArgs']] = None,
28
28
  data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
29
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
29
30
  elasticsearch: Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']] = None,
30
31
  hana: Optional[pulumi.Input['SecretBackendConnectionHanaArgs']] = None,
31
32
  influxdb: Optional[pulumi.Input['SecretBackendConnectionInfluxdbArgs']] = None,
@@ -45,6 +46,9 @@ class SecretBackendConnectionArgs:
45
46
  redis_elasticache: Optional[pulumi.Input['SecretBackendConnectionRedisElasticacheArgs']] = None,
46
47
  redshift: Optional[pulumi.Input['SecretBackendConnectionRedshiftArgs']] = None,
47
48
  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
49
+ rotation_period: Optional[pulumi.Input[int]] = None,
50
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
51
+ rotation_window: Optional[pulumi.Input[int]] = None,
48
52
  snowflake: Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']] = None,
49
53
  verify_connection: Optional[pulumi.Input[bool]] = None):
50
54
  """
@@ -55,6 +59,7 @@ class SecretBackendConnectionArgs:
55
59
  :param pulumi.Input['SecretBackendConnectionCassandraArgs'] cassandra: A nested block containing configuration options for Cassandra connections.
56
60
  :param pulumi.Input['SecretBackendConnectionCouchbaseArgs'] couchbase: A nested block containing configuration options for Couchbase connections.
57
61
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
62
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
58
63
  :param pulumi.Input['SecretBackendConnectionElasticsearchArgs'] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
59
64
  :param pulumi.Input['SecretBackendConnectionHanaArgs'] hana: A nested block containing configuration options for SAP HanaDB connections.
60
65
  :param pulumi.Input['SecretBackendConnectionInfluxdbArgs'] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -79,6 +84,13 @@ class SecretBackendConnectionArgs:
79
84
  Exactly one of the nested blocks of configuration options must be supplied.
80
85
  :param pulumi.Input['SecretBackendConnectionRedshiftArgs'] redshift: Connection parameters for the redshift-database-plugin plugin.
81
86
  :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
87
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
88
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
89
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
90
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
91
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
92
+ a rotation when a scheduled token rotation occurs. The default rotation window is
93
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
82
94
  :param pulumi.Input['SecretBackendConnectionSnowflakeArgs'] snowflake: A nested block containing configuration options for Snowflake connections.
83
95
  :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
84
96
  initial configuration or not.
@@ -92,6 +104,8 @@ class SecretBackendConnectionArgs:
92
104
  pulumi.set(__self__, "couchbase", couchbase)
93
105
  if data is not None:
94
106
  pulumi.set(__self__, "data", data)
107
+ if disable_automated_rotation is not None:
108
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
95
109
  if elasticsearch is not None:
96
110
  pulumi.set(__self__, "elasticsearch", elasticsearch)
97
111
  if hana is not None:
@@ -130,6 +144,12 @@ class SecretBackendConnectionArgs:
130
144
  pulumi.set(__self__, "redshift", redshift)
131
145
  if root_rotation_statements is not None:
132
146
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
147
+ if rotation_period is not None:
148
+ pulumi.set(__self__, "rotation_period", rotation_period)
149
+ if rotation_schedule is not None:
150
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
151
+ if rotation_window is not None:
152
+ pulumi.set(__self__, "rotation_window", rotation_window)
133
153
  if snowflake is not None:
134
154
  pulumi.set(__self__, "snowflake", snowflake)
135
155
  if verify_connection is not None:
@@ -196,6 +216,18 @@ class SecretBackendConnectionArgs:
196
216
  def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
197
217
  pulumi.set(self, "data", value)
198
218
 
219
+ @property
220
+ @pulumi.getter(name="disableAutomatedRotation")
221
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
222
+ """
223
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
224
+ """
225
+ return pulumi.get(self, "disable_automated_rotation")
226
+
227
+ @disable_automated_rotation.setter
228
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
229
+ pulumi.set(self, "disable_automated_rotation", value)
230
+
199
231
  @property
200
232
  @pulumi.getter
201
233
  def elasticsearch(self) -> Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']]:
@@ -429,6 +461,46 @@ class SecretBackendConnectionArgs:
429
461
  def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
430
462
  pulumi.set(self, "root_rotation_statements", value)
431
463
 
464
+ @property
465
+ @pulumi.getter(name="rotationPeriod")
466
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
467
+ """
468
+ The amount of time in seconds Vault should wait before rotating the root credential.
469
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
470
+ """
471
+ return pulumi.get(self, "rotation_period")
472
+
473
+ @rotation_period.setter
474
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
475
+ pulumi.set(self, "rotation_period", value)
476
+
477
+ @property
478
+ @pulumi.getter(name="rotationSchedule")
479
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
480
+ """
481
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
482
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
483
+ """
484
+ return pulumi.get(self, "rotation_schedule")
485
+
486
+ @rotation_schedule.setter
487
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
488
+ pulumi.set(self, "rotation_schedule", value)
489
+
490
+ @property
491
+ @pulumi.getter(name="rotationWindow")
492
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
493
+ """
494
+ The maximum amount of time in seconds allowed to complete
495
+ a rotation when a scheduled token rotation occurs. The default rotation window is
496
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
497
+ """
498
+ return pulumi.get(self, "rotation_window")
499
+
500
+ @rotation_window.setter
501
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
502
+ pulumi.set(self, "rotation_window", value)
503
+
432
504
  @property
433
505
  @pulumi.getter
434
506
  def snowflake(self) -> Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']]:
@@ -463,6 +535,7 @@ class _SecretBackendConnectionState:
463
535
  cassandra: Optional[pulumi.Input['SecretBackendConnectionCassandraArgs']] = None,
464
536
  couchbase: Optional[pulumi.Input['SecretBackendConnectionCouchbaseArgs']] = None,
465
537
  data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
538
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
466
539
  elasticsearch: Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']] = None,
467
540
  hana: Optional[pulumi.Input['SecretBackendConnectionHanaArgs']] = None,
468
541
  influxdb: Optional[pulumi.Input['SecretBackendConnectionInfluxdbArgs']] = None,
@@ -482,6 +555,9 @@ class _SecretBackendConnectionState:
482
555
  redis_elasticache: Optional[pulumi.Input['SecretBackendConnectionRedisElasticacheArgs']] = None,
483
556
  redshift: Optional[pulumi.Input['SecretBackendConnectionRedshiftArgs']] = None,
484
557
  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
558
+ rotation_period: Optional[pulumi.Input[int]] = None,
559
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
560
+ rotation_window: Optional[pulumi.Input[int]] = None,
485
561
  snowflake: Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']] = None,
486
562
  verify_connection: Optional[pulumi.Input[bool]] = None):
487
563
  """
@@ -492,6 +568,7 @@ class _SecretBackendConnectionState:
492
568
  :param pulumi.Input['SecretBackendConnectionCassandraArgs'] cassandra: A nested block containing configuration options for Cassandra connections.
493
569
  :param pulumi.Input['SecretBackendConnectionCouchbaseArgs'] couchbase: A nested block containing configuration options for Couchbase connections.
494
570
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
571
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
495
572
  :param pulumi.Input['SecretBackendConnectionElasticsearchArgs'] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
496
573
  :param pulumi.Input['SecretBackendConnectionHanaArgs'] hana: A nested block containing configuration options for SAP HanaDB connections.
497
574
  :param pulumi.Input['SecretBackendConnectionInfluxdbArgs'] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -516,6 +593,13 @@ class _SecretBackendConnectionState:
516
593
  Exactly one of the nested blocks of configuration options must be supplied.
517
594
  :param pulumi.Input['SecretBackendConnectionRedshiftArgs'] redshift: Connection parameters for the redshift-database-plugin plugin.
518
595
  :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
596
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
597
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
598
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
599
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
600
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
601
+ a rotation when a scheduled token rotation occurs. The default rotation window is
602
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
519
603
  :param pulumi.Input['SecretBackendConnectionSnowflakeArgs'] snowflake: A nested block containing configuration options for Snowflake connections.
520
604
  :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
521
605
  initial configuration or not.
@@ -530,6 +614,8 @@ class _SecretBackendConnectionState:
530
614
  pulumi.set(__self__, "couchbase", couchbase)
531
615
  if data is not None:
532
616
  pulumi.set(__self__, "data", data)
617
+ if disable_automated_rotation is not None:
618
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
533
619
  if elasticsearch is not None:
534
620
  pulumi.set(__self__, "elasticsearch", elasticsearch)
535
621
  if hana is not None:
@@ -568,6 +654,12 @@ class _SecretBackendConnectionState:
568
654
  pulumi.set(__self__, "redshift", redshift)
569
655
  if root_rotation_statements is not None:
570
656
  pulumi.set(__self__, "root_rotation_statements", root_rotation_statements)
657
+ if rotation_period is not None:
658
+ pulumi.set(__self__, "rotation_period", rotation_period)
659
+ if rotation_schedule is not None:
660
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
661
+ if rotation_window is not None:
662
+ pulumi.set(__self__, "rotation_window", rotation_window)
571
663
  if snowflake is not None:
572
664
  pulumi.set(__self__, "snowflake", snowflake)
573
665
  if verify_connection is not None:
@@ -634,6 +726,18 @@ class _SecretBackendConnectionState:
634
726
  def data(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
635
727
  pulumi.set(self, "data", value)
636
728
 
729
+ @property
730
+ @pulumi.getter(name="disableAutomatedRotation")
731
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
732
+ """
733
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
734
+ """
735
+ return pulumi.get(self, "disable_automated_rotation")
736
+
737
+ @disable_automated_rotation.setter
738
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
739
+ pulumi.set(self, "disable_automated_rotation", value)
740
+
637
741
  @property
638
742
  @pulumi.getter
639
743
  def elasticsearch(self) -> Optional[pulumi.Input['SecretBackendConnectionElasticsearchArgs']]:
@@ -867,6 +971,46 @@ class _SecretBackendConnectionState:
867
971
  def root_rotation_statements(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
868
972
  pulumi.set(self, "root_rotation_statements", value)
869
973
 
974
+ @property
975
+ @pulumi.getter(name="rotationPeriod")
976
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
977
+ """
978
+ The amount of time in seconds Vault should wait before rotating the root credential.
979
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
980
+ """
981
+ return pulumi.get(self, "rotation_period")
982
+
983
+ @rotation_period.setter
984
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
985
+ pulumi.set(self, "rotation_period", value)
986
+
987
+ @property
988
+ @pulumi.getter(name="rotationSchedule")
989
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
990
+ """
991
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
992
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
993
+ """
994
+ return pulumi.get(self, "rotation_schedule")
995
+
996
+ @rotation_schedule.setter
997
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
998
+ pulumi.set(self, "rotation_schedule", value)
999
+
1000
+ @property
1001
+ @pulumi.getter(name="rotationWindow")
1002
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
1003
+ """
1004
+ The maximum amount of time in seconds allowed to complete
1005
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1006
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1007
+ """
1008
+ return pulumi.get(self, "rotation_window")
1009
+
1010
+ @rotation_window.setter
1011
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
1012
+ pulumi.set(self, "rotation_window", value)
1013
+
870
1014
  @property
871
1015
  @pulumi.getter
872
1016
  def snowflake(self) -> Optional[pulumi.Input['SecretBackendConnectionSnowflakeArgs']]:
@@ -903,6 +1047,7 @@ class SecretBackendConnection(pulumi.CustomResource):
903
1047
  cassandra: Optional[pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']]] = None,
904
1048
  couchbase: Optional[pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']]] = None,
905
1049
  data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1050
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
906
1051
  elasticsearch: Optional[pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']]] = None,
907
1052
  hana: Optional[pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']]] = None,
908
1053
  influxdb: Optional[pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']]] = None,
@@ -922,6 +1067,9 @@ class SecretBackendConnection(pulumi.CustomResource):
922
1067
  redis_elasticache: Optional[pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']]] = None,
923
1068
  redshift: Optional[pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']]] = None,
924
1069
  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1070
+ rotation_period: Optional[pulumi.Input[int]] = None,
1071
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
1072
+ rotation_window: Optional[pulumi.Input[int]] = None,
925
1073
  snowflake: Optional[pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']]] = None,
926
1074
  verify_connection: Optional[pulumi.Input[bool]] = None,
927
1075
  __props__=None):
@@ -942,6 +1090,8 @@ class SecretBackendConnection(pulumi.CustomResource):
942
1090
  "dev",
943
1091
  "prod",
944
1092
  ],
1093
+ rotation_schedule="0 * * * SAT",
1094
+ rotation_window=3600,
945
1095
  postgresql={
946
1096
  "connection_url": "postgres://username:password@host:port/database",
947
1097
  })
@@ -963,6 +1113,7 @@ class SecretBackendConnection(pulumi.CustomResource):
963
1113
  :param pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']] cassandra: A nested block containing configuration options for Cassandra connections.
964
1114
  :param pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']] couchbase: A nested block containing configuration options for Couchbase connections.
965
1115
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
1116
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
966
1117
  :param pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
967
1118
  :param pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']] hana: A nested block containing configuration options for SAP HanaDB connections.
968
1119
  :param pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -987,6 +1138,13 @@ class SecretBackendConnection(pulumi.CustomResource):
987
1138
  Exactly one of the nested blocks of configuration options must be supplied.
988
1139
  :param pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']] redshift: Connection parameters for the redshift-database-plugin plugin.
989
1140
  :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
1141
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1142
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1143
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1144
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1145
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
1146
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1147
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
990
1148
  :param pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']] snowflake: A nested block containing configuration options for Snowflake connections.
991
1149
  :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
992
1150
  initial configuration or not.
@@ -1014,6 +1172,8 @@ class SecretBackendConnection(pulumi.CustomResource):
1014
1172
  "dev",
1015
1173
  "prod",
1016
1174
  ],
1175
+ rotation_schedule="0 * * * SAT",
1176
+ rotation_window=3600,
1017
1177
  postgresql={
1018
1178
  "connection_url": "postgres://username:password@host:port/database",
1019
1179
  })
@@ -1047,6 +1207,7 @@ class SecretBackendConnection(pulumi.CustomResource):
1047
1207
  cassandra: Optional[pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']]] = None,
1048
1208
  couchbase: Optional[pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']]] = None,
1049
1209
  data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1210
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
1050
1211
  elasticsearch: Optional[pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']]] = None,
1051
1212
  hana: Optional[pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']]] = None,
1052
1213
  influxdb: Optional[pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']]] = None,
@@ -1066,6 +1227,9 @@ class SecretBackendConnection(pulumi.CustomResource):
1066
1227
  redis_elasticache: Optional[pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']]] = None,
1067
1228
  redshift: Optional[pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']]] = None,
1068
1229
  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1230
+ rotation_period: Optional[pulumi.Input[int]] = None,
1231
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
1232
+ rotation_window: Optional[pulumi.Input[int]] = None,
1069
1233
  snowflake: Optional[pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']]] = None,
1070
1234
  verify_connection: Optional[pulumi.Input[bool]] = None,
1071
1235
  __props__=None):
@@ -1084,6 +1248,7 @@ class SecretBackendConnection(pulumi.CustomResource):
1084
1248
  __props__.__dict__["cassandra"] = cassandra
1085
1249
  __props__.__dict__["couchbase"] = couchbase
1086
1250
  __props__.__dict__["data"] = data
1251
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1087
1252
  __props__.__dict__["elasticsearch"] = elasticsearch
1088
1253
  __props__.__dict__["hana"] = hana
1089
1254
  __props__.__dict__["influxdb"] = influxdb
@@ -1103,6 +1268,9 @@ class SecretBackendConnection(pulumi.CustomResource):
1103
1268
  __props__.__dict__["redis_elasticache"] = redis_elasticache
1104
1269
  __props__.__dict__["redshift"] = redshift
1105
1270
  __props__.__dict__["root_rotation_statements"] = root_rotation_statements
1271
+ __props__.__dict__["rotation_period"] = rotation_period
1272
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1273
+ __props__.__dict__["rotation_window"] = rotation_window
1106
1274
  __props__.__dict__["snowflake"] = snowflake
1107
1275
  __props__.__dict__["verify_connection"] = verify_connection
1108
1276
  super(SecretBackendConnection, __self__).__init__(
@@ -1120,6 +1288,7 @@ class SecretBackendConnection(pulumi.CustomResource):
1120
1288
  cassandra: Optional[pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']]] = None,
1121
1289
  couchbase: Optional[pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']]] = None,
1122
1290
  data: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1291
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
1123
1292
  elasticsearch: Optional[pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']]] = None,
1124
1293
  hana: Optional[pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']]] = None,
1125
1294
  influxdb: Optional[pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']]] = None,
@@ -1139,6 +1308,9 @@ class SecretBackendConnection(pulumi.CustomResource):
1139
1308
  redis_elasticache: Optional[pulumi.Input[Union['SecretBackendConnectionRedisElasticacheArgs', 'SecretBackendConnectionRedisElasticacheArgsDict']]] = None,
1140
1309
  redshift: Optional[pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']]] = None,
1141
1310
  root_rotation_statements: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1311
+ rotation_period: Optional[pulumi.Input[int]] = None,
1312
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
1313
+ rotation_window: Optional[pulumi.Input[int]] = None,
1142
1314
  snowflake: Optional[pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']]] = None,
1143
1315
  verify_connection: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendConnection':
1144
1316
  """
@@ -1154,6 +1326,7 @@ class SecretBackendConnection(pulumi.CustomResource):
1154
1326
  :param pulumi.Input[Union['SecretBackendConnectionCassandraArgs', 'SecretBackendConnectionCassandraArgsDict']] cassandra: A nested block containing configuration options for Cassandra connections.
1155
1327
  :param pulumi.Input[Union['SecretBackendConnectionCouchbaseArgs', 'SecretBackendConnectionCouchbaseArgsDict']] couchbase: A nested block containing configuration options for Couchbase connections.
1156
1328
  :param pulumi.Input[Mapping[str, pulumi.Input[str]]] data: A map of sensitive data to pass to the endpoint. Useful for templated connection strings.
1329
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1157
1330
  :param pulumi.Input[Union['SecretBackendConnectionElasticsearchArgs', 'SecretBackendConnectionElasticsearchArgsDict']] elasticsearch: A nested block containing configuration options for Elasticsearch connections.
1158
1331
  :param pulumi.Input[Union['SecretBackendConnectionHanaArgs', 'SecretBackendConnectionHanaArgsDict']] hana: A nested block containing configuration options for SAP HanaDB connections.
1159
1332
  :param pulumi.Input[Union['SecretBackendConnectionInfluxdbArgs', 'SecretBackendConnectionInfluxdbArgsDict']] influxdb: A nested block containing configuration options for InfluxDB connections.
@@ -1178,6 +1351,13 @@ class SecretBackendConnection(pulumi.CustomResource):
1178
1351
  Exactly one of the nested blocks of configuration options must be supplied.
1179
1352
  :param pulumi.Input[Union['SecretBackendConnectionRedshiftArgs', 'SecretBackendConnectionRedshiftArgsDict']] redshift: Connection parameters for the redshift-database-plugin plugin.
1180
1353
  :param pulumi.Input[Sequence[pulumi.Input[str]]] root_rotation_statements: A list of database statements to be executed to rotate the root user's credentials.
1354
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1355
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1356
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1357
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1358
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
1359
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1360
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1181
1361
  :param pulumi.Input[Union['SecretBackendConnectionSnowflakeArgs', 'SecretBackendConnectionSnowflakeArgsDict']] snowflake: A nested block containing configuration options for Snowflake connections.
1182
1362
  :param pulumi.Input[bool] verify_connection: Whether the connection should be verified on
1183
1363
  initial configuration or not.
@@ -1191,6 +1371,7 @@ class SecretBackendConnection(pulumi.CustomResource):
1191
1371
  __props__.__dict__["cassandra"] = cassandra
1192
1372
  __props__.__dict__["couchbase"] = couchbase
1193
1373
  __props__.__dict__["data"] = data
1374
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1194
1375
  __props__.__dict__["elasticsearch"] = elasticsearch
1195
1376
  __props__.__dict__["hana"] = hana
1196
1377
  __props__.__dict__["influxdb"] = influxdb
@@ -1210,6 +1391,9 @@ class SecretBackendConnection(pulumi.CustomResource):
1210
1391
  __props__.__dict__["redis_elasticache"] = redis_elasticache
1211
1392
  __props__.__dict__["redshift"] = redshift
1212
1393
  __props__.__dict__["root_rotation_statements"] = root_rotation_statements
1394
+ __props__.__dict__["rotation_period"] = rotation_period
1395
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1396
+ __props__.__dict__["rotation_window"] = rotation_window
1213
1397
  __props__.__dict__["snowflake"] = snowflake
1214
1398
  __props__.__dict__["verify_connection"] = verify_connection
1215
1399
  return SecretBackendConnection(resource_name, opts=opts, __props__=__props__)
@@ -1255,6 +1439,14 @@ class SecretBackendConnection(pulumi.CustomResource):
1255
1439
  """
1256
1440
  return pulumi.get(self, "data")
1257
1441
 
1442
+ @property
1443
+ @pulumi.getter(name="disableAutomatedRotation")
1444
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
1445
+ """
1446
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1447
+ """
1448
+ return pulumi.get(self, "disable_automated_rotation")
1449
+
1258
1450
  @property
1259
1451
  @pulumi.getter
1260
1452
  def elasticsearch(self) -> pulumi.Output[Optional['outputs.SecretBackendConnectionElasticsearch']]:
@@ -1412,6 +1604,34 @@ class SecretBackendConnection(pulumi.CustomResource):
1412
1604
  """
1413
1605
  return pulumi.get(self, "root_rotation_statements")
1414
1606
 
1607
+ @property
1608
+ @pulumi.getter(name="rotationPeriod")
1609
+ def rotation_period(self) -> pulumi.Output[Optional[int]]:
1610
+ """
1611
+ The amount of time in seconds Vault should wait before rotating the root credential.
1612
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1613
+ """
1614
+ return pulumi.get(self, "rotation_period")
1615
+
1616
+ @property
1617
+ @pulumi.getter(name="rotationSchedule")
1618
+ def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
1619
+ """
1620
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1621
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1622
+ """
1623
+ return pulumi.get(self, "rotation_schedule")
1624
+
1625
+ @property
1626
+ @pulumi.getter(name="rotationWindow")
1627
+ def rotation_window(self) -> pulumi.Output[Optional[int]]:
1628
+ """
1629
+ The maximum amount of time in seconds allowed to complete
1630
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1631
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1632
+ """
1633
+ return pulumi.get(self, "rotation_window")
1634
+
1415
1635
  @property
1416
1636
  @pulumi.getter
1417
1637
  def snowflake(self) -> pulumi.Output[Optional['outputs.SecretBackendConnectionSnowflake']]: