pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,89 +20,101 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
19
20
  @pulumi.input_type
20
21
  class SecretBackendArgs:
21
22
  def __init__(__self__, *,
22
- binddn: pulumi.Input[str],
23
- bindpass: pulumi.Input[str],
24
- allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
- audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
- audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
28
- certificate: Optional[pulumi.Input[str]] = None,
29
- client_tls_cert: Optional[pulumi.Input[str]] = None,
30
- client_tls_key: Optional[pulumi.Input[str]] = None,
31
- connection_timeout: Optional[pulumi.Input[int]] = None,
32
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
33
- delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
34
- description: Optional[pulumi.Input[str]] = None,
35
- disable_remount: Optional[pulumi.Input[bool]] = None,
36
- external_entropy_access: Optional[pulumi.Input[bool]] = None,
37
- identity_token_key: Optional[pulumi.Input[str]] = None,
38
- insecure_tls: Optional[pulumi.Input[bool]] = None,
39
- listing_visibility: Optional[pulumi.Input[str]] = None,
40
- local: Optional[pulumi.Input[bool]] = None,
41
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
42
- namespace: Optional[pulumi.Input[str]] = None,
43
- options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
44
- passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
45
- password_policy: Optional[pulumi.Input[str]] = None,
46
- path: Optional[pulumi.Input[str]] = None,
47
- plugin_version: Optional[pulumi.Input[str]] = None,
48
- request_timeout: Optional[pulumi.Input[int]] = None,
49
- schema: Optional[pulumi.Input[str]] = None,
50
- seal_wrap: Optional[pulumi.Input[bool]] = None,
51
- skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
52
- starttls: Optional[pulumi.Input[bool]] = None,
53
- upndomain: Optional[pulumi.Input[str]] = None,
54
- url: Optional[pulumi.Input[str]] = None,
55
- userattr: Optional[pulumi.Input[str]] = None,
56
- userdn: Optional[pulumi.Input[str]] = None):
23
+ binddn: pulumi.Input[builtins.str],
24
+ bindpass: pulumi.Input[builtins.str],
25
+ allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
26
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
27
+ audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
28
+ audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
29
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
30
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
31
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
32
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
33
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
34
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
35
+ description: Optional[pulumi.Input[builtins.str]] = None,
36
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
37
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
38
+ external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
39
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
40
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
41
+ listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
42
+ local: Optional[pulumi.Input[builtins.bool]] = None,
43
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
44
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
45
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
46
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
47
+ password_policy: Optional[pulumi.Input[builtins.str]] = None,
48
+ path: Optional[pulumi.Input[builtins.str]] = None,
49
+ plugin_version: Optional[pulumi.Input[builtins.str]] = None,
50
+ request_timeout: Optional[pulumi.Input[builtins.int]] = None,
51
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
52
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
53
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
54
+ schema: Optional[pulumi.Input[builtins.str]] = None,
55
+ seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
56
+ skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
57
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
58
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
59
+ url: Optional[pulumi.Input[builtins.str]] = None,
60
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
61
+ userdn: Optional[pulumi.Input[builtins.str]] = None):
57
62
  """
58
63
  The set of arguments for constructing a SecretBackend resource.
59
- :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
60
- :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
61
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
62
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
63
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
64
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
65
- :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
64
+ :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
65
+ :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
66
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
67
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
68
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
69
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
70
+ :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
66
71
  x509 PEM encoded.
67
- :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
68
- :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
69
- :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
72
+ :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
73
+ :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
74
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
70
75
  the next URL in the configuration.
71
- :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
72
- :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
73
- :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
74
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
75
- :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
76
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
77
- :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
76
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
77
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
78
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
79
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
80
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
81
+ :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
82
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
83
+ :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
78
84
  Defaults to `false`.
79
- :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
80
- :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
85
+ :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
86
+ :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
81
87
  replication.Tolerance duration to use when checking the last rotation time.
82
- :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
83
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
88
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
89
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
84
90
  The value should not contain leading or trailing forward slashes.
85
91
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
86
92
  *Available only for Vault Enterprise*.
87
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
88
- :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
89
- :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
90
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
93
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
94
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
95
+ :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
96
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
91
97
  not begin or end with a `/`. Defaults to `ldap`.
92
- :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
93
- :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
98
+ :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
99
+ :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
94
100
  before returning back an error.
95
- :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
96
- :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
97
- :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
101
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
102
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
103
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
104
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
105
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
106
+ a rotation when a scheduled token rotation occurs. The default rotation window is
107
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
108
+ :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
109
+ :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
110
+ :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
98
111
  Defaults to false. Requires Vault 1.16 or above.
99
- :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
100
- :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
101
- :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
112
+ :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
113
+ :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
114
+ :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
102
115
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
103
- :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
104
- :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
116
+ :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
117
+ :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
105
118
  """
106
119
  pulumi.set(__self__, "binddn", binddn)
107
120
  pulumi.set(__self__, "bindpass", bindpass)
@@ -127,6 +140,8 @@ class SecretBackendArgs:
127
140
  pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
128
141
  if description is not None:
129
142
  pulumi.set(__self__, "description", description)
143
+ if disable_automated_rotation is not None:
144
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
130
145
  if disable_remount is not None:
131
146
  pulumi.set(__self__, "disable_remount", disable_remount)
132
147
  if external_entropy_access is not None:
@@ -155,6 +170,12 @@ class SecretBackendArgs:
155
170
  pulumi.set(__self__, "plugin_version", plugin_version)
156
171
  if request_timeout is not None:
157
172
  pulumi.set(__self__, "request_timeout", request_timeout)
173
+ if rotation_period is not None:
174
+ pulumi.set(__self__, "rotation_period", rotation_period)
175
+ if rotation_schedule is not None:
176
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
177
+ if rotation_window is not None:
178
+ pulumi.set(__self__, "rotation_window", rotation_window)
158
179
  if schema is not None:
159
180
  pulumi.set(__self__, "schema", schema)
160
181
  if seal_wrap is not None:
@@ -174,79 +195,79 @@ class SecretBackendArgs:
174
195
 
175
196
  @property
176
197
  @pulumi.getter
177
- def binddn(self) -> pulumi.Input[str]:
198
+ def binddn(self) -> pulumi.Input[builtins.str]:
178
199
  """
179
200
  Distinguished name of object to bind when performing user and group search.
180
201
  """
181
202
  return pulumi.get(self, "binddn")
182
203
 
183
204
  @binddn.setter
184
- def binddn(self, value: pulumi.Input[str]):
205
+ def binddn(self, value: pulumi.Input[builtins.str]):
185
206
  pulumi.set(self, "binddn", value)
186
207
 
187
208
  @property
188
209
  @pulumi.getter
189
- def bindpass(self) -> pulumi.Input[str]:
210
+ def bindpass(self) -> pulumi.Input[builtins.str]:
190
211
  """
191
212
  Password to use along with binddn when performing user search.
192
213
  """
193
214
  return pulumi.get(self, "bindpass")
194
215
 
195
216
  @bindpass.setter
196
- def bindpass(self, value: pulumi.Input[str]):
217
+ def bindpass(self, value: pulumi.Input[builtins.str]):
197
218
  pulumi.set(self, "bindpass", value)
198
219
 
199
220
  @property
200
221
  @pulumi.getter(name="allowedManagedKeys")
201
- def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
222
+ def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
202
223
  """
203
224
  List of managed key registry entry names that the mount in question is allowed to access
204
225
  """
205
226
  return pulumi.get(self, "allowed_managed_keys")
206
227
 
207
228
  @allowed_managed_keys.setter
208
- def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
229
+ def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
209
230
  pulumi.set(self, "allowed_managed_keys", value)
210
231
 
211
232
  @property
212
233
  @pulumi.getter(name="allowedResponseHeaders")
213
- def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
234
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
214
235
  """
215
236
  List of headers to allow and pass from the request to the plugin
216
237
  """
217
238
  return pulumi.get(self, "allowed_response_headers")
218
239
 
219
240
  @allowed_response_headers.setter
220
- def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
241
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
221
242
  pulumi.set(self, "allowed_response_headers", value)
222
243
 
223
244
  @property
224
245
  @pulumi.getter(name="auditNonHmacRequestKeys")
225
- def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
246
+ def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
226
247
  """
227
248
  Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
228
249
  """
229
250
  return pulumi.get(self, "audit_non_hmac_request_keys")
230
251
 
231
252
  @audit_non_hmac_request_keys.setter
232
- def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
253
+ def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
233
254
  pulumi.set(self, "audit_non_hmac_request_keys", value)
234
255
 
235
256
  @property
236
257
  @pulumi.getter(name="auditNonHmacResponseKeys")
237
- def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
258
+ def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
238
259
  """
239
260
  Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
240
261
  """
241
262
  return pulumi.get(self, "audit_non_hmac_response_keys")
242
263
 
243
264
  @audit_non_hmac_response_keys.setter
244
- def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
265
+ def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
245
266
  pulumi.set(self, "audit_non_hmac_response_keys", value)
246
267
 
247
268
  @property
248
269
  @pulumi.getter
249
- def certificate(self) -> Optional[pulumi.Input[str]]:
270
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
250
271
  """
251
272
  CA certificate to use when verifying LDAP server certificate, must be
252
273
  x509 PEM encoded.
@@ -254,36 +275,36 @@ class SecretBackendArgs:
254
275
  return pulumi.get(self, "certificate")
255
276
 
256
277
  @certificate.setter
257
- def certificate(self, value: Optional[pulumi.Input[str]]):
278
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
258
279
  pulumi.set(self, "certificate", value)
259
280
 
260
281
  @property
261
282
  @pulumi.getter(name="clientTlsCert")
262
- def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
283
+ def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
263
284
  """
264
285
  Client certificate to provide to the LDAP server, must be x509 PEM encoded.
265
286
  """
266
287
  return pulumi.get(self, "client_tls_cert")
267
288
 
268
289
  @client_tls_cert.setter
269
- def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
290
+ def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
270
291
  pulumi.set(self, "client_tls_cert", value)
271
292
 
272
293
  @property
273
294
  @pulumi.getter(name="clientTlsKey")
274
- def client_tls_key(self) -> Optional[pulumi.Input[str]]:
295
+ def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
275
296
  """
276
297
  Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
277
298
  """
278
299
  return pulumi.get(self, "client_tls_key")
279
300
 
280
301
  @client_tls_key.setter
281
- def client_tls_key(self, value: Optional[pulumi.Input[str]]):
302
+ def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
282
303
  pulumi.set(self, "client_tls_key", value)
283
304
 
284
305
  @property
285
306
  @pulumi.getter(name="connectionTimeout")
286
- def connection_timeout(self) -> Optional[pulumi.Input[int]]:
307
+ def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
287
308
  """
288
309
  Timeout, in seconds, when attempting to connect to the LDAP server before trying
289
310
  the next URL in the configuration.
@@ -291,84 +312,96 @@ class SecretBackendArgs:
291
312
  return pulumi.get(self, "connection_timeout")
292
313
 
293
314
  @connection_timeout.setter
294
- def connection_timeout(self, value: Optional[pulumi.Input[int]]):
315
+ def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
295
316
  pulumi.set(self, "connection_timeout", value)
296
317
 
297
318
  @property
298
319
  @pulumi.getter(name="defaultLeaseTtlSeconds")
299
- def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
320
+ def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
300
321
  """
301
322
  Default lease duration for secrets in seconds.
302
323
  """
303
324
  return pulumi.get(self, "default_lease_ttl_seconds")
304
325
 
305
326
  @default_lease_ttl_seconds.setter
306
- def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
327
+ def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
307
328
  pulumi.set(self, "default_lease_ttl_seconds", value)
308
329
 
309
330
  @property
310
331
  @pulumi.getter(name="delegatedAuthAccessors")
311
- def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
332
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
312
333
  """
313
334
  List of headers to allow and pass from the request to the plugin
314
335
  """
315
336
  return pulumi.get(self, "delegated_auth_accessors")
316
337
 
317
338
  @delegated_auth_accessors.setter
318
- def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
339
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
319
340
  pulumi.set(self, "delegated_auth_accessors", value)
320
341
 
321
342
  @property
322
343
  @pulumi.getter
323
- def description(self) -> Optional[pulumi.Input[str]]:
344
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
324
345
  """
325
346
  Human-friendly description of the mount for the Active Directory backend.
326
347
  """
327
348
  return pulumi.get(self, "description")
328
349
 
329
350
  @description.setter
330
- def description(self, value: Optional[pulumi.Input[str]]):
351
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
331
352
  pulumi.set(self, "description", value)
332
353
 
354
+ @property
355
+ @pulumi.getter(name="disableAutomatedRotation")
356
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
357
+ """
358
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
359
+ """
360
+ return pulumi.get(self, "disable_automated_rotation")
361
+
362
+ @disable_automated_rotation.setter
363
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
364
+ pulumi.set(self, "disable_automated_rotation", value)
365
+
333
366
  @property
334
367
  @pulumi.getter(name="disableRemount")
335
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
368
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
336
369
  """
337
370
  If set, opts out of mount migration on path updates.
338
371
  """
339
372
  return pulumi.get(self, "disable_remount")
340
373
 
341
374
  @disable_remount.setter
342
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
375
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
343
376
  pulumi.set(self, "disable_remount", value)
344
377
 
345
378
  @property
346
379
  @pulumi.getter(name="externalEntropyAccess")
347
- def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
380
+ def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
348
381
  """
349
382
  Enable the secrets engine to access Vault's external entropy source
350
383
  """
351
384
  return pulumi.get(self, "external_entropy_access")
352
385
 
353
386
  @external_entropy_access.setter
354
- def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
387
+ def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
355
388
  pulumi.set(self, "external_entropy_access", value)
356
389
 
357
390
  @property
358
391
  @pulumi.getter(name="identityTokenKey")
359
- def identity_token_key(self) -> Optional[pulumi.Input[str]]:
392
+ def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
360
393
  """
361
394
  The key to use for signing plugin workload identity tokens
362
395
  """
363
396
  return pulumi.get(self, "identity_token_key")
364
397
 
365
398
  @identity_token_key.setter
366
- def identity_token_key(self, value: Optional[pulumi.Input[str]]):
399
+ def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
367
400
  pulumi.set(self, "identity_token_key", value)
368
401
 
369
402
  @property
370
403
  @pulumi.getter(name="insecureTls")
371
- def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
404
+ def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
372
405
  """
373
406
  Skip LDAP server SSL Certificate verification. This is not recommended for production.
374
407
  Defaults to `false`.
@@ -376,24 +409,24 @@ class SecretBackendArgs:
376
409
  return pulumi.get(self, "insecure_tls")
377
410
 
378
411
  @insecure_tls.setter
379
- def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
412
+ def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
380
413
  pulumi.set(self, "insecure_tls", value)
381
414
 
382
415
  @property
383
416
  @pulumi.getter(name="listingVisibility")
384
- def listing_visibility(self) -> Optional[pulumi.Input[str]]:
417
+ def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
385
418
  """
386
419
  Specifies whether to show this mount in the UI-specific listing endpoint
387
420
  """
388
421
  return pulumi.get(self, "listing_visibility")
389
422
 
390
423
  @listing_visibility.setter
391
- def listing_visibility(self, value: Optional[pulumi.Input[str]]):
424
+ def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
392
425
  pulumi.set(self, "listing_visibility", value)
393
426
 
394
427
  @property
395
428
  @pulumi.getter
396
- def local(self) -> Optional[pulumi.Input[bool]]:
429
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
397
430
  """
398
431
  Mark the secrets engine as local-only. Local engines are not replicated or removed by
399
432
  replication.Tolerance duration to use when checking the last rotation time.
@@ -401,24 +434,24 @@ class SecretBackendArgs:
401
434
  return pulumi.get(self, "local")
402
435
 
403
436
  @local.setter
404
- def local(self, value: Optional[pulumi.Input[bool]]):
437
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
405
438
  pulumi.set(self, "local", value)
406
439
 
407
440
  @property
408
441
  @pulumi.getter(name="maxLeaseTtlSeconds")
409
- def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
442
+ def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
410
443
  """
411
444
  Maximum possible lease duration for secrets in seconds.
412
445
  """
413
446
  return pulumi.get(self, "max_lease_ttl_seconds")
414
447
 
415
448
  @max_lease_ttl_seconds.setter
416
- def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
449
+ def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
417
450
  pulumi.set(self, "max_lease_ttl_seconds", value)
418
451
 
419
452
  @property
420
453
  @pulumi.getter
421
- def namespace(self) -> Optional[pulumi.Input[str]]:
454
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
422
455
  """
423
456
  The namespace to provision the resource in.
424
457
  The value should not contain leading or trailing forward slashes.
@@ -428,48 +461,48 @@ class SecretBackendArgs:
428
461
  return pulumi.get(self, "namespace")
429
462
 
430
463
  @namespace.setter
431
- def namespace(self, value: Optional[pulumi.Input[str]]):
464
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
432
465
  pulumi.set(self, "namespace", value)
433
466
 
434
467
  @property
435
468
  @pulumi.getter
436
- def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
469
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
437
470
  """
438
471
  Specifies mount type specific options that are passed to the backend
439
472
  """
440
473
  return pulumi.get(self, "options")
441
474
 
442
475
  @options.setter
443
- def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
476
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
444
477
  pulumi.set(self, "options", value)
445
478
 
446
479
  @property
447
480
  @pulumi.getter(name="passthroughRequestHeaders")
448
- def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
481
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
449
482
  """
450
483
  List of headers to allow and pass from the request to the plugin
451
484
  """
452
485
  return pulumi.get(self, "passthrough_request_headers")
453
486
 
454
487
  @passthrough_request_headers.setter
455
- def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
488
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
456
489
  pulumi.set(self, "passthrough_request_headers", value)
457
490
 
458
491
  @property
459
492
  @pulumi.getter(name="passwordPolicy")
460
- def password_policy(self) -> Optional[pulumi.Input[str]]:
493
+ def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
461
494
  """
462
495
  Name of the password policy to use to generate passwords.
463
496
  """
464
497
  return pulumi.get(self, "password_policy")
465
498
 
466
499
  @password_policy.setter
467
- def password_policy(self, value: Optional[pulumi.Input[str]]):
500
+ def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
468
501
  pulumi.set(self, "password_policy", value)
469
502
 
470
503
  @property
471
504
  @pulumi.getter
472
- def path(self) -> Optional[pulumi.Input[str]]:
505
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
473
506
  """
474
507
  The unique path this backend should be mounted at. Must
475
508
  not begin or end with a `/`. Defaults to `ldap`.
@@ -477,24 +510,24 @@ class SecretBackendArgs:
477
510
  return pulumi.get(self, "path")
478
511
 
479
512
  @path.setter
480
- def path(self, value: Optional[pulumi.Input[str]]):
513
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
481
514
  pulumi.set(self, "path", value)
482
515
 
483
516
  @property
484
517
  @pulumi.getter(name="pluginVersion")
485
- def plugin_version(self) -> Optional[pulumi.Input[str]]:
518
+ def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
486
519
  """
487
520
  Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
488
521
  """
489
522
  return pulumi.get(self, "plugin_version")
490
523
 
491
524
  @plugin_version.setter
492
- def plugin_version(self, value: Optional[pulumi.Input[str]]):
525
+ def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
493
526
  pulumi.set(self, "plugin_version", value)
494
527
 
495
528
  @property
496
529
  @pulumi.getter(name="requestTimeout")
497
- def request_timeout(self) -> Optional[pulumi.Input[int]]:
530
+ def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
498
531
  """
499
532
  Timeout, in seconds, for the connection when making requests against the server
500
533
  before returning back an error.
@@ -502,36 +535,76 @@ class SecretBackendArgs:
502
535
  return pulumi.get(self, "request_timeout")
503
536
 
504
537
  @request_timeout.setter
505
- def request_timeout(self, value: Optional[pulumi.Input[int]]):
538
+ def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
506
539
  pulumi.set(self, "request_timeout", value)
507
540
 
541
+ @property
542
+ @pulumi.getter(name="rotationPeriod")
543
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
544
+ """
545
+ The amount of time in seconds Vault should wait before rotating the root credential.
546
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
547
+ """
548
+ return pulumi.get(self, "rotation_period")
549
+
550
+ @rotation_period.setter
551
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
552
+ pulumi.set(self, "rotation_period", value)
553
+
554
+ @property
555
+ @pulumi.getter(name="rotationSchedule")
556
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
557
+ """
558
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
559
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
560
+ """
561
+ return pulumi.get(self, "rotation_schedule")
562
+
563
+ @rotation_schedule.setter
564
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
565
+ pulumi.set(self, "rotation_schedule", value)
566
+
567
+ @property
568
+ @pulumi.getter(name="rotationWindow")
569
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
570
+ """
571
+ The maximum amount of time in seconds allowed to complete
572
+ a rotation when a scheduled token rotation occurs. The default rotation window is
573
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
574
+ """
575
+ return pulumi.get(self, "rotation_window")
576
+
577
+ @rotation_window.setter
578
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
579
+ pulumi.set(self, "rotation_window", value)
580
+
508
581
  @property
509
582
  @pulumi.getter
510
- def schema(self) -> Optional[pulumi.Input[str]]:
583
+ def schema(self) -> Optional[pulumi.Input[builtins.str]]:
511
584
  """
512
585
  The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
513
586
  """
514
587
  return pulumi.get(self, "schema")
515
588
 
516
589
  @schema.setter
517
- def schema(self, value: Optional[pulumi.Input[str]]):
590
+ def schema(self, value: Optional[pulumi.Input[builtins.str]]):
518
591
  pulumi.set(self, "schema", value)
519
592
 
520
593
  @property
521
594
  @pulumi.getter(name="sealWrap")
522
- def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
595
+ def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
523
596
  """
524
597
  Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
525
598
  """
526
599
  return pulumi.get(self, "seal_wrap")
527
600
 
528
601
  @seal_wrap.setter
529
- def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
602
+ def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
530
603
  pulumi.set(self, "seal_wrap", value)
531
604
 
532
605
  @property
533
606
  @pulumi.getter(name="skipStaticRoleImportRotation")
534
- def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
607
+ def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
535
608
  """
536
609
  If set to true, static roles will not be rotated during import.
537
610
  Defaults to false. Requires Vault 1.16 or above.
@@ -539,36 +612,36 @@ class SecretBackendArgs:
539
612
  return pulumi.get(self, "skip_static_role_import_rotation")
540
613
 
541
614
  @skip_static_role_import_rotation.setter
542
- def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
615
+ def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
543
616
  pulumi.set(self, "skip_static_role_import_rotation", value)
544
617
 
545
618
  @property
546
619
  @pulumi.getter
547
- def starttls(self) -> Optional[pulumi.Input[bool]]:
620
+ def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
548
621
  """
549
622
  Issue a StartTLS command after establishing unencrypted connection.
550
623
  """
551
624
  return pulumi.get(self, "starttls")
552
625
 
553
626
  @starttls.setter
554
- def starttls(self, value: Optional[pulumi.Input[bool]]):
627
+ def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
555
628
  pulumi.set(self, "starttls", value)
556
629
 
557
630
  @property
558
631
  @pulumi.getter
559
- def upndomain(self) -> Optional[pulumi.Input[str]]:
632
+ def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
560
633
  """
561
634
  Enables userPrincipalDomain login with [username]@UPNDomain.
562
635
  """
563
636
  return pulumi.get(self, "upndomain")
564
637
 
565
638
  @upndomain.setter
566
- def upndomain(self, value: Optional[pulumi.Input[str]]):
639
+ def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
567
640
  pulumi.set(self, "upndomain", value)
568
641
 
569
642
  @property
570
643
  @pulumi.getter
571
- def url(self) -> Optional[pulumi.Input[str]]:
644
+ def url(self) -> Optional[pulumi.Input[builtins.str]]:
572
645
  """
573
646
  LDAP URL to connect to. Multiple URLs can be specified by concatenating
574
647
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -576,122 +649,134 @@ class SecretBackendArgs:
576
649
  return pulumi.get(self, "url")
577
650
 
578
651
  @url.setter
579
- def url(self, value: Optional[pulumi.Input[str]]):
652
+ def url(self, value: Optional[pulumi.Input[builtins.str]]):
580
653
  pulumi.set(self, "url", value)
581
654
 
582
655
  @property
583
656
  @pulumi.getter
584
- def userattr(self) -> Optional[pulumi.Input[str]]:
657
+ def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
585
658
  """
586
659
  Attribute used when searching users. Defaults to `cn`.
587
660
  """
588
661
  return pulumi.get(self, "userattr")
589
662
 
590
663
  @userattr.setter
591
- def userattr(self, value: Optional[pulumi.Input[str]]):
664
+ def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
592
665
  pulumi.set(self, "userattr", value)
593
666
 
594
667
  @property
595
668
  @pulumi.getter
596
- def userdn(self) -> Optional[pulumi.Input[str]]:
669
+ def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
597
670
  """
598
671
  LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
599
672
  """
600
673
  return pulumi.get(self, "userdn")
601
674
 
602
675
  @userdn.setter
603
- def userdn(self, value: Optional[pulumi.Input[str]]):
676
+ def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
604
677
  pulumi.set(self, "userdn", value)
605
678
 
606
679
 
607
680
  @pulumi.input_type
608
681
  class _SecretBackendState:
609
682
  def __init__(__self__, *,
610
- accessor: Optional[pulumi.Input[str]] = None,
611
- allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
612
- allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
613
- audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
614
- audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
615
- binddn: Optional[pulumi.Input[str]] = None,
616
- bindpass: Optional[pulumi.Input[str]] = None,
617
- certificate: Optional[pulumi.Input[str]] = None,
618
- client_tls_cert: Optional[pulumi.Input[str]] = None,
619
- client_tls_key: Optional[pulumi.Input[str]] = None,
620
- connection_timeout: Optional[pulumi.Input[int]] = None,
621
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
622
- delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
623
- description: Optional[pulumi.Input[str]] = None,
624
- disable_remount: Optional[pulumi.Input[bool]] = None,
625
- external_entropy_access: Optional[pulumi.Input[bool]] = None,
626
- identity_token_key: Optional[pulumi.Input[str]] = None,
627
- insecure_tls: Optional[pulumi.Input[bool]] = None,
628
- listing_visibility: Optional[pulumi.Input[str]] = None,
629
- local: Optional[pulumi.Input[bool]] = None,
630
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
631
- namespace: Optional[pulumi.Input[str]] = None,
632
- options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
633
- passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
634
- password_policy: Optional[pulumi.Input[str]] = None,
635
- path: Optional[pulumi.Input[str]] = None,
636
- plugin_version: Optional[pulumi.Input[str]] = None,
637
- request_timeout: Optional[pulumi.Input[int]] = None,
638
- schema: Optional[pulumi.Input[str]] = None,
639
- seal_wrap: Optional[pulumi.Input[bool]] = None,
640
- skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
641
- starttls: Optional[pulumi.Input[bool]] = None,
642
- upndomain: Optional[pulumi.Input[str]] = None,
643
- url: Optional[pulumi.Input[str]] = None,
644
- userattr: Optional[pulumi.Input[str]] = None,
645
- userdn: Optional[pulumi.Input[str]] = None):
683
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
684
+ allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
685
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
686
+ audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
687
+ audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
688
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
689
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
690
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
691
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
692
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
693
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
694
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
695
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
696
+ description: Optional[pulumi.Input[builtins.str]] = None,
697
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
698
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
699
+ external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
700
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
701
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
702
+ listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
703
+ local: Optional[pulumi.Input[builtins.bool]] = None,
704
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
705
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
706
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
707
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
708
+ password_policy: Optional[pulumi.Input[builtins.str]] = None,
709
+ path: Optional[pulumi.Input[builtins.str]] = None,
710
+ plugin_version: Optional[pulumi.Input[builtins.str]] = None,
711
+ request_timeout: Optional[pulumi.Input[builtins.int]] = None,
712
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
713
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
714
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
715
+ schema: Optional[pulumi.Input[builtins.str]] = None,
716
+ seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
717
+ skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
718
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
719
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
720
+ url: Optional[pulumi.Input[builtins.str]] = None,
721
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
722
+ userdn: Optional[pulumi.Input[builtins.str]] = None):
646
723
  """
647
724
  Input properties used for looking up and filtering SecretBackend resources.
648
- :param pulumi.Input[str] accessor: Accessor of the mount
649
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
650
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
651
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
652
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
653
- :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
654
- :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
655
- :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
725
+ :param pulumi.Input[builtins.str] accessor: Accessor of the mount
726
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
727
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
728
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
729
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
730
+ :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
731
+ :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
732
+ :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
656
733
  x509 PEM encoded.
657
- :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
658
- :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
659
- :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
734
+ :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
735
+ :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
736
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
660
737
  the next URL in the configuration.
661
- :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
662
- :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
663
- :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
664
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
665
- :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
666
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
667
- :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
738
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
739
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
740
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
741
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
742
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
743
+ :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
744
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
745
+ :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
668
746
  Defaults to `false`.
669
- :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
670
- :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
747
+ :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
748
+ :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
671
749
  replication.Tolerance duration to use when checking the last rotation time.
672
- :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
673
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
750
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
751
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
674
752
  The value should not contain leading or trailing forward slashes.
675
753
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
676
754
  *Available only for Vault Enterprise*.
677
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
678
- :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
679
- :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
680
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
755
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
756
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
757
+ :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
758
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
681
759
  not begin or end with a `/`. Defaults to `ldap`.
682
- :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
683
- :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
760
+ :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
761
+ :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
684
762
  before returning back an error.
685
- :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
686
- :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
687
- :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
763
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
764
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
765
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
766
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
767
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
768
+ a rotation when a scheduled token rotation occurs. The default rotation window is
769
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
770
+ :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
771
+ :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
772
+ :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
688
773
  Defaults to false. Requires Vault 1.16 or above.
689
- :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
690
- :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
691
- :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
774
+ :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
775
+ :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
776
+ :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
692
777
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
693
- :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
694
- :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
778
+ :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
779
+ :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
695
780
  """
696
781
  if accessor is not None:
697
782
  pulumi.set(__self__, "accessor", accessor)
@@ -721,6 +806,8 @@ class _SecretBackendState:
721
806
  pulumi.set(__self__, "delegated_auth_accessors", delegated_auth_accessors)
722
807
  if description is not None:
723
808
  pulumi.set(__self__, "description", description)
809
+ if disable_automated_rotation is not None:
810
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
724
811
  if disable_remount is not None:
725
812
  pulumi.set(__self__, "disable_remount", disable_remount)
726
813
  if external_entropy_access is not None:
@@ -749,6 +836,12 @@ class _SecretBackendState:
749
836
  pulumi.set(__self__, "plugin_version", plugin_version)
750
837
  if request_timeout is not None:
751
838
  pulumi.set(__self__, "request_timeout", request_timeout)
839
+ if rotation_period is not None:
840
+ pulumi.set(__self__, "rotation_period", rotation_period)
841
+ if rotation_schedule is not None:
842
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
843
+ if rotation_window is not None:
844
+ pulumi.set(__self__, "rotation_window", rotation_window)
752
845
  if schema is not None:
753
846
  pulumi.set(__self__, "schema", schema)
754
847
  if seal_wrap is not None:
@@ -768,91 +861,91 @@ class _SecretBackendState:
768
861
 
769
862
  @property
770
863
  @pulumi.getter
771
- def accessor(self) -> Optional[pulumi.Input[str]]:
864
+ def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
772
865
  """
773
866
  Accessor of the mount
774
867
  """
775
868
  return pulumi.get(self, "accessor")
776
869
 
777
870
  @accessor.setter
778
- def accessor(self, value: Optional[pulumi.Input[str]]):
871
+ def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
779
872
  pulumi.set(self, "accessor", value)
780
873
 
781
874
  @property
782
875
  @pulumi.getter(name="allowedManagedKeys")
783
- def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
876
+ def allowed_managed_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
784
877
  """
785
878
  List of managed key registry entry names that the mount in question is allowed to access
786
879
  """
787
880
  return pulumi.get(self, "allowed_managed_keys")
788
881
 
789
882
  @allowed_managed_keys.setter
790
- def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
883
+ def allowed_managed_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
791
884
  pulumi.set(self, "allowed_managed_keys", value)
792
885
 
793
886
  @property
794
887
  @pulumi.getter(name="allowedResponseHeaders")
795
- def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
888
+ def allowed_response_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
796
889
  """
797
890
  List of headers to allow and pass from the request to the plugin
798
891
  """
799
892
  return pulumi.get(self, "allowed_response_headers")
800
893
 
801
894
  @allowed_response_headers.setter
802
- def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
895
+ def allowed_response_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
803
896
  pulumi.set(self, "allowed_response_headers", value)
804
897
 
805
898
  @property
806
899
  @pulumi.getter(name="auditNonHmacRequestKeys")
807
- def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
900
+ def audit_non_hmac_request_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
808
901
  """
809
902
  Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
810
903
  """
811
904
  return pulumi.get(self, "audit_non_hmac_request_keys")
812
905
 
813
906
  @audit_non_hmac_request_keys.setter
814
- def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
907
+ def audit_non_hmac_request_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
815
908
  pulumi.set(self, "audit_non_hmac_request_keys", value)
816
909
 
817
910
  @property
818
911
  @pulumi.getter(name="auditNonHmacResponseKeys")
819
- def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
912
+ def audit_non_hmac_response_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
820
913
  """
821
914
  Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
822
915
  """
823
916
  return pulumi.get(self, "audit_non_hmac_response_keys")
824
917
 
825
918
  @audit_non_hmac_response_keys.setter
826
- def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
919
+ def audit_non_hmac_response_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
827
920
  pulumi.set(self, "audit_non_hmac_response_keys", value)
828
921
 
829
922
  @property
830
923
  @pulumi.getter
831
- def binddn(self) -> Optional[pulumi.Input[str]]:
924
+ def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
832
925
  """
833
926
  Distinguished name of object to bind when performing user and group search.
834
927
  """
835
928
  return pulumi.get(self, "binddn")
836
929
 
837
930
  @binddn.setter
838
- def binddn(self, value: Optional[pulumi.Input[str]]):
931
+ def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
839
932
  pulumi.set(self, "binddn", value)
840
933
 
841
934
  @property
842
935
  @pulumi.getter
843
- def bindpass(self) -> Optional[pulumi.Input[str]]:
936
+ def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
844
937
  """
845
938
  Password to use along with binddn when performing user search.
846
939
  """
847
940
  return pulumi.get(self, "bindpass")
848
941
 
849
942
  @bindpass.setter
850
- def bindpass(self, value: Optional[pulumi.Input[str]]):
943
+ def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
851
944
  pulumi.set(self, "bindpass", value)
852
945
 
853
946
  @property
854
947
  @pulumi.getter
855
- def certificate(self) -> Optional[pulumi.Input[str]]:
948
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
856
949
  """
857
950
  CA certificate to use when verifying LDAP server certificate, must be
858
951
  x509 PEM encoded.
@@ -860,36 +953,36 @@ class _SecretBackendState:
860
953
  return pulumi.get(self, "certificate")
861
954
 
862
955
  @certificate.setter
863
- def certificate(self, value: Optional[pulumi.Input[str]]):
956
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
864
957
  pulumi.set(self, "certificate", value)
865
958
 
866
959
  @property
867
960
  @pulumi.getter(name="clientTlsCert")
868
- def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
961
+ def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
869
962
  """
870
963
  Client certificate to provide to the LDAP server, must be x509 PEM encoded.
871
964
  """
872
965
  return pulumi.get(self, "client_tls_cert")
873
966
 
874
967
  @client_tls_cert.setter
875
- def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
968
+ def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
876
969
  pulumi.set(self, "client_tls_cert", value)
877
970
 
878
971
  @property
879
972
  @pulumi.getter(name="clientTlsKey")
880
- def client_tls_key(self) -> Optional[pulumi.Input[str]]:
973
+ def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
881
974
  """
882
975
  Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
883
976
  """
884
977
  return pulumi.get(self, "client_tls_key")
885
978
 
886
979
  @client_tls_key.setter
887
- def client_tls_key(self, value: Optional[pulumi.Input[str]]):
980
+ def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
888
981
  pulumi.set(self, "client_tls_key", value)
889
982
 
890
983
  @property
891
984
  @pulumi.getter(name="connectionTimeout")
892
- def connection_timeout(self) -> Optional[pulumi.Input[int]]:
985
+ def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
893
986
  """
894
987
  Timeout, in seconds, when attempting to connect to the LDAP server before trying
895
988
  the next URL in the configuration.
@@ -897,84 +990,96 @@ class _SecretBackendState:
897
990
  return pulumi.get(self, "connection_timeout")
898
991
 
899
992
  @connection_timeout.setter
900
- def connection_timeout(self, value: Optional[pulumi.Input[int]]):
993
+ def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
901
994
  pulumi.set(self, "connection_timeout", value)
902
995
 
903
996
  @property
904
997
  @pulumi.getter(name="defaultLeaseTtlSeconds")
905
- def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
998
+ def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
906
999
  """
907
1000
  Default lease duration for secrets in seconds.
908
1001
  """
909
1002
  return pulumi.get(self, "default_lease_ttl_seconds")
910
1003
 
911
1004
  @default_lease_ttl_seconds.setter
912
- def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
1005
+ def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
913
1006
  pulumi.set(self, "default_lease_ttl_seconds", value)
914
1007
 
915
1008
  @property
916
1009
  @pulumi.getter(name="delegatedAuthAccessors")
917
- def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1010
+ def delegated_auth_accessors(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
918
1011
  """
919
1012
  List of headers to allow and pass from the request to the plugin
920
1013
  """
921
1014
  return pulumi.get(self, "delegated_auth_accessors")
922
1015
 
923
1016
  @delegated_auth_accessors.setter
924
- def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1017
+ def delegated_auth_accessors(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
925
1018
  pulumi.set(self, "delegated_auth_accessors", value)
926
1019
 
927
1020
  @property
928
1021
  @pulumi.getter
929
- def description(self) -> Optional[pulumi.Input[str]]:
1022
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
930
1023
  """
931
1024
  Human-friendly description of the mount for the Active Directory backend.
932
1025
  """
933
1026
  return pulumi.get(self, "description")
934
1027
 
935
1028
  @description.setter
936
- def description(self, value: Optional[pulumi.Input[str]]):
1029
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
937
1030
  pulumi.set(self, "description", value)
938
1031
 
1032
+ @property
1033
+ @pulumi.getter(name="disableAutomatedRotation")
1034
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
1035
+ """
1036
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1037
+ """
1038
+ return pulumi.get(self, "disable_automated_rotation")
1039
+
1040
+ @disable_automated_rotation.setter
1041
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
1042
+ pulumi.set(self, "disable_automated_rotation", value)
1043
+
939
1044
  @property
940
1045
  @pulumi.getter(name="disableRemount")
941
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
1046
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
942
1047
  """
943
1048
  If set, opts out of mount migration on path updates.
944
1049
  """
945
1050
  return pulumi.get(self, "disable_remount")
946
1051
 
947
1052
  @disable_remount.setter
948
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
1053
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
949
1054
  pulumi.set(self, "disable_remount", value)
950
1055
 
951
1056
  @property
952
1057
  @pulumi.getter(name="externalEntropyAccess")
953
- def external_entropy_access(self) -> Optional[pulumi.Input[bool]]:
1058
+ def external_entropy_access(self) -> Optional[pulumi.Input[builtins.bool]]:
954
1059
  """
955
1060
  Enable the secrets engine to access Vault's external entropy source
956
1061
  """
957
1062
  return pulumi.get(self, "external_entropy_access")
958
1063
 
959
1064
  @external_entropy_access.setter
960
- def external_entropy_access(self, value: Optional[pulumi.Input[bool]]):
1065
+ def external_entropy_access(self, value: Optional[pulumi.Input[builtins.bool]]):
961
1066
  pulumi.set(self, "external_entropy_access", value)
962
1067
 
963
1068
  @property
964
1069
  @pulumi.getter(name="identityTokenKey")
965
- def identity_token_key(self) -> Optional[pulumi.Input[str]]:
1070
+ def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
966
1071
  """
967
1072
  The key to use for signing plugin workload identity tokens
968
1073
  """
969
1074
  return pulumi.get(self, "identity_token_key")
970
1075
 
971
1076
  @identity_token_key.setter
972
- def identity_token_key(self, value: Optional[pulumi.Input[str]]):
1077
+ def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
973
1078
  pulumi.set(self, "identity_token_key", value)
974
1079
 
975
1080
  @property
976
1081
  @pulumi.getter(name="insecureTls")
977
- def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
1082
+ def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
978
1083
  """
979
1084
  Skip LDAP server SSL Certificate verification. This is not recommended for production.
980
1085
  Defaults to `false`.
@@ -982,24 +1087,24 @@ class _SecretBackendState:
982
1087
  return pulumi.get(self, "insecure_tls")
983
1088
 
984
1089
  @insecure_tls.setter
985
- def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
1090
+ def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
986
1091
  pulumi.set(self, "insecure_tls", value)
987
1092
 
988
1093
  @property
989
1094
  @pulumi.getter(name="listingVisibility")
990
- def listing_visibility(self) -> Optional[pulumi.Input[str]]:
1095
+ def listing_visibility(self) -> Optional[pulumi.Input[builtins.str]]:
991
1096
  """
992
1097
  Specifies whether to show this mount in the UI-specific listing endpoint
993
1098
  """
994
1099
  return pulumi.get(self, "listing_visibility")
995
1100
 
996
1101
  @listing_visibility.setter
997
- def listing_visibility(self, value: Optional[pulumi.Input[str]]):
1102
+ def listing_visibility(self, value: Optional[pulumi.Input[builtins.str]]):
998
1103
  pulumi.set(self, "listing_visibility", value)
999
1104
 
1000
1105
  @property
1001
1106
  @pulumi.getter
1002
- def local(self) -> Optional[pulumi.Input[bool]]:
1107
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
1003
1108
  """
1004
1109
  Mark the secrets engine as local-only. Local engines are not replicated or removed by
1005
1110
  replication.Tolerance duration to use when checking the last rotation time.
@@ -1007,24 +1112,24 @@ class _SecretBackendState:
1007
1112
  return pulumi.get(self, "local")
1008
1113
 
1009
1114
  @local.setter
1010
- def local(self, value: Optional[pulumi.Input[bool]]):
1115
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
1011
1116
  pulumi.set(self, "local", value)
1012
1117
 
1013
1118
  @property
1014
1119
  @pulumi.getter(name="maxLeaseTtlSeconds")
1015
- def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
1120
+ def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
1016
1121
  """
1017
1122
  Maximum possible lease duration for secrets in seconds.
1018
1123
  """
1019
1124
  return pulumi.get(self, "max_lease_ttl_seconds")
1020
1125
 
1021
1126
  @max_lease_ttl_seconds.setter
1022
- def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
1127
+ def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
1023
1128
  pulumi.set(self, "max_lease_ttl_seconds", value)
1024
1129
 
1025
1130
  @property
1026
1131
  @pulumi.getter
1027
- def namespace(self) -> Optional[pulumi.Input[str]]:
1132
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
1028
1133
  """
1029
1134
  The namespace to provision the resource in.
1030
1135
  The value should not contain leading or trailing forward slashes.
@@ -1034,48 +1139,48 @@ class _SecretBackendState:
1034
1139
  return pulumi.get(self, "namespace")
1035
1140
 
1036
1141
  @namespace.setter
1037
- def namespace(self, value: Optional[pulumi.Input[str]]):
1142
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
1038
1143
  pulumi.set(self, "namespace", value)
1039
1144
 
1040
1145
  @property
1041
1146
  @pulumi.getter
1042
- def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
1147
+ def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
1043
1148
  """
1044
1149
  Specifies mount type specific options that are passed to the backend
1045
1150
  """
1046
1151
  return pulumi.get(self, "options")
1047
1152
 
1048
1153
  @options.setter
1049
- def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
1154
+ def options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
1050
1155
  pulumi.set(self, "options", value)
1051
1156
 
1052
1157
  @property
1053
1158
  @pulumi.getter(name="passthroughRequestHeaders")
1054
- def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1159
+ def passthrough_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1055
1160
  """
1056
1161
  List of headers to allow and pass from the request to the plugin
1057
1162
  """
1058
1163
  return pulumi.get(self, "passthrough_request_headers")
1059
1164
 
1060
1165
  @passthrough_request_headers.setter
1061
- def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1166
+ def passthrough_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1062
1167
  pulumi.set(self, "passthrough_request_headers", value)
1063
1168
 
1064
1169
  @property
1065
1170
  @pulumi.getter(name="passwordPolicy")
1066
- def password_policy(self) -> Optional[pulumi.Input[str]]:
1171
+ def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
1067
1172
  """
1068
1173
  Name of the password policy to use to generate passwords.
1069
1174
  """
1070
1175
  return pulumi.get(self, "password_policy")
1071
1176
 
1072
1177
  @password_policy.setter
1073
- def password_policy(self, value: Optional[pulumi.Input[str]]):
1178
+ def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
1074
1179
  pulumi.set(self, "password_policy", value)
1075
1180
 
1076
1181
  @property
1077
1182
  @pulumi.getter
1078
- def path(self) -> Optional[pulumi.Input[str]]:
1183
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
1079
1184
  """
1080
1185
  The unique path this backend should be mounted at. Must
1081
1186
  not begin or end with a `/`. Defaults to `ldap`.
@@ -1083,24 +1188,24 @@ class _SecretBackendState:
1083
1188
  return pulumi.get(self, "path")
1084
1189
 
1085
1190
  @path.setter
1086
- def path(self, value: Optional[pulumi.Input[str]]):
1191
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
1087
1192
  pulumi.set(self, "path", value)
1088
1193
 
1089
1194
  @property
1090
1195
  @pulumi.getter(name="pluginVersion")
1091
- def plugin_version(self) -> Optional[pulumi.Input[str]]:
1196
+ def plugin_version(self) -> Optional[pulumi.Input[builtins.str]]:
1092
1197
  """
1093
1198
  Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1094
1199
  """
1095
1200
  return pulumi.get(self, "plugin_version")
1096
1201
 
1097
1202
  @plugin_version.setter
1098
- def plugin_version(self, value: Optional[pulumi.Input[str]]):
1203
+ def plugin_version(self, value: Optional[pulumi.Input[builtins.str]]):
1099
1204
  pulumi.set(self, "plugin_version", value)
1100
1205
 
1101
1206
  @property
1102
1207
  @pulumi.getter(name="requestTimeout")
1103
- def request_timeout(self) -> Optional[pulumi.Input[int]]:
1208
+ def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
1104
1209
  """
1105
1210
  Timeout, in seconds, for the connection when making requests against the server
1106
1211
  before returning back an error.
@@ -1108,36 +1213,76 @@ class _SecretBackendState:
1108
1213
  return pulumi.get(self, "request_timeout")
1109
1214
 
1110
1215
  @request_timeout.setter
1111
- def request_timeout(self, value: Optional[pulumi.Input[int]]):
1216
+ def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
1112
1217
  pulumi.set(self, "request_timeout", value)
1113
1218
 
1219
+ @property
1220
+ @pulumi.getter(name="rotationPeriod")
1221
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
1222
+ """
1223
+ The amount of time in seconds Vault should wait before rotating the root credential.
1224
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1225
+ """
1226
+ return pulumi.get(self, "rotation_period")
1227
+
1228
+ @rotation_period.setter
1229
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
1230
+ pulumi.set(self, "rotation_period", value)
1231
+
1232
+ @property
1233
+ @pulumi.getter(name="rotationSchedule")
1234
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
1235
+ """
1236
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1237
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1238
+ """
1239
+ return pulumi.get(self, "rotation_schedule")
1240
+
1241
+ @rotation_schedule.setter
1242
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
1243
+ pulumi.set(self, "rotation_schedule", value)
1244
+
1245
+ @property
1246
+ @pulumi.getter(name="rotationWindow")
1247
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
1248
+ """
1249
+ The maximum amount of time in seconds allowed to complete
1250
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1251
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1252
+ """
1253
+ return pulumi.get(self, "rotation_window")
1254
+
1255
+ @rotation_window.setter
1256
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
1257
+ pulumi.set(self, "rotation_window", value)
1258
+
1114
1259
  @property
1115
1260
  @pulumi.getter
1116
- def schema(self) -> Optional[pulumi.Input[str]]:
1261
+ def schema(self) -> Optional[pulumi.Input[builtins.str]]:
1117
1262
  """
1118
1263
  The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1119
1264
  """
1120
1265
  return pulumi.get(self, "schema")
1121
1266
 
1122
1267
  @schema.setter
1123
- def schema(self, value: Optional[pulumi.Input[str]]):
1268
+ def schema(self, value: Optional[pulumi.Input[builtins.str]]):
1124
1269
  pulumi.set(self, "schema", value)
1125
1270
 
1126
1271
  @property
1127
1272
  @pulumi.getter(name="sealWrap")
1128
- def seal_wrap(self) -> Optional[pulumi.Input[bool]]:
1273
+ def seal_wrap(self) -> Optional[pulumi.Input[builtins.bool]]:
1129
1274
  """
1130
1275
  Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1131
1276
  """
1132
1277
  return pulumi.get(self, "seal_wrap")
1133
1278
 
1134
1279
  @seal_wrap.setter
1135
- def seal_wrap(self, value: Optional[pulumi.Input[bool]]):
1280
+ def seal_wrap(self, value: Optional[pulumi.Input[builtins.bool]]):
1136
1281
  pulumi.set(self, "seal_wrap", value)
1137
1282
 
1138
1283
  @property
1139
1284
  @pulumi.getter(name="skipStaticRoleImportRotation")
1140
- def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[bool]]:
1285
+ def skip_static_role_import_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
1141
1286
  """
1142
1287
  If set to true, static roles will not be rotated during import.
1143
1288
  Defaults to false. Requires Vault 1.16 or above.
@@ -1145,36 +1290,36 @@ class _SecretBackendState:
1145
1290
  return pulumi.get(self, "skip_static_role_import_rotation")
1146
1291
 
1147
1292
  @skip_static_role_import_rotation.setter
1148
- def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[bool]]):
1293
+ def skip_static_role_import_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
1149
1294
  pulumi.set(self, "skip_static_role_import_rotation", value)
1150
1295
 
1151
1296
  @property
1152
1297
  @pulumi.getter
1153
- def starttls(self) -> Optional[pulumi.Input[bool]]:
1298
+ def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
1154
1299
  """
1155
1300
  Issue a StartTLS command after establishing unencrypted connection.
1156
1301
  """
1157
1302
  return pulumi.get(self, "starttls")
1158
1303
 
1159
1304
  @starttls.setter
1160
- def starttls(self, value: Optional[pulumi.Input[bool]]):
1305
+ def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
1161
1306
  pulumi.set(self, "starttls", value)
1162
1307
 
1163
1308
  @property
1164
1309
  @pulumi.getter
1165
- def upndomain(self) -> Optional[pulumi.Input[str]]:
1310
+ def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
1166
1311
  """
1167
1312
  Enables userPrincipalDomain login with [username]@UPNDomain.
1168
1313
  """
1169
1314
  return pulumi.get(self, "upndomain")
1170
1315
 
1171
1316
  @upndomain.setter
1172
- def upndomain(self, value: Optional[pulumi.Input[str]]):
1317
+ def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
1173
1318
  pulumi.set(self, "upndomain", value)
1174
1319
 
1175
1320
  @property
1176
1321
  @pulumi.getter
1177
- def url(self) -> Optional[pulumi.Input[str]]:
1322
+ def url(self) -> Optional[pulumi.Input[builtins.str]]:
1178
1323
  """
1179
1324
  LDAP URL to connect to. Multiple URLs can be specified by concatenating
1180
1325
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -1182,31 +1327,31 @@ class _SecretBackendState:
1182
1327
  return pulumi.get(self, "url")
1183
1328
 
1184
1329
  @url.setter
1185
- def url(self, value: Optional[pulumi.Input[str]]):
1330
+ def url(self, value: Optional[pulumi.Input[builtins.str]]):
1186
1331
  pulumi.set(self, "url", value)
1187
1332
 
1188
1333
  @property
1189
1334
  @pulumi.getter
1190
- def userattr(self) -> Optional[pulumi.Input[str]]:
1335
+ def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
1191
1336
  """
1192
1337
  Attribute used when searching users. Defaults to `cn`.
1193
1338
  """
1194
1339
  return pulumi.get(self, "userattr")
1195
1340
 
1196
1341
  @userattr.setter
1197
- def userattr(self, value: Optional[pulumi.Input[str]]):
1342
+ def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
1198
1343
  pulumi.set(self, "userattr", value)
1199
1344
 
1200
1345
  @property
1201
1346
  @pulumi.getter
1202
- def userdn(self) -> Optional[pulumi.Input[str]]:
1347
+ def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
1203
1348
  """
1204
1349
  LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
1205
1350
  """
1206
1351
  return pulumi.get(self, "userdn")
1207
1352
 
1208
1353
  @userdn.setter
1209
- def userdn(self, value: Optional[pulumi.Input[str]]):
1354
+ def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
1210
1355
  pulumi.set(self, "userdn", value)
1211
1356
 
1212
1357
 
@@ -1215,41 +1360,45 @@ class SecretBackend(pulumi.CustomResource):
1215
1360
  def __init__(__self__,
1216
1361
  resource_name: str,
1217
1362
  opts: Optional[pulumi.ResourceOptions] = None,
1218
- allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1219
- allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1220
- audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1221
- audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1222
- binddn: Optional[pulumi.Input[str]] = None,
1223
- bindpass: Optional[pulumi.Input[str]] = None,
1224
- certificate: Optional[pulumi.Input[str]] = None,
1225
- client_tls_cert: Optional[pulumi.Input[str]] = None,
1226
- client_tls_key: Optional[pulumi.Input[str]] = None,
1227
- connection_timeout: Optional[pulumi.Input[int]] = None,
1228
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1229
- delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1230
- description: Optional[pulumi.Input[str]] = None,
1231
- disable_remount: Optional[pulumi.Input[bool]] = None,
1232
- external_entropy_access: Optional[pulumi.Input[bool]] = None,
1233
- identity_token_key: Optional[pulumi.Input[str]] = None,
1234
- insecure_tls: Optional[pulumi.Input[bool]] = None,
1235
- listing_visibility: Optional[pulumi.Input[str]] = None,
1236
- local: Optional[pulumi.Input[bool]] = None,
1237
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1238
- namespace: Optional[pulumi.Input[str]] = None,
1239
- options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1240
- passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1241
- password_policy: Optional[pulumi.Input[str]] = None,
1242
- path: Optional[pulumi.Input[str]] = None,
1243
- plugin_version: Optional[pulumi.Input[str]] = None,
1244
- request_timeout: Optional[pulumi.Input[int]] = None,
1245
- schema: Optional[pulumi.Input[str]] = None,
1246
- seal_wrap: Optional[pulumi.Input[bool]] = None,
1247
- skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
1248
- starttls: Optional[pulumi.Input[bool]] = None,
1249
- upndomain: Optional[pulumi.Input[str]] = None,
1250
- url: Optional[pulumi.Input[str]] = None,
1251
- userattr: Optional[pulumi.Input[str]] = None,
1252
- userdn: Optional[pulumi.Input[str]] = None,
1363
+ allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1364
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1365
+ audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1366
+ audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1367
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
1368
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
1369
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1370
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
1371
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
1372
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
1373
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
1374
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1375
+ description: Optional[pulumi.Input[builtins.str]] = None,
1376
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1377
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1378
+ external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
1379
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
1380
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
1381
+ listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
1382
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1383
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
1384
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1385
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1386
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1387
+ password_policy: Optional[pulumi.Input[builtins.str]] = None,
1388
+ path: Optional[pulumi.Input[builtins.str]] = None,
1389
+ plugin_version: Optional[pulumi.Input[builtins.str]] = None,
1390
+ request_timeout: Optional[pulumi.Input[builtins.int]] = None,
1391
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
1392
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
1393
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
1394
+ schema: Optional[pulumi.Input[builtins.str]] = None,
1395
+ seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
1396
+ skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1397
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
1398
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
1399
+ url: Optional[pulumi.Input[builtins.str]] = None,
1400
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
1401
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
1253
1402
  __props__=None):
1254
1403
  """
1255
1404
  ## Example Usage
@@ -1264,7 +1413,9 @@ class SecretBackend(pulumi.CustomResource):
1264
1413
  bindpass="SuperSecretPassw0rd",
1265
1414
  url="ldaps://localhost",
1266
1415
  insecure_tls=True,
1267
- userdn="CN=Users,DC=corp,DC=example,DC=net")
1416
+ userdn="CN=Users,DC=corp,DC=example,DC=net",
1417
+ rotation_schedule="0 * * * SAT",
1418
+ rotation_window=3600)
1268
1419
  ```
1269
1420
 
1270
1421
  ## Import
@@ -1277,52 +1428,60 @@ class SecretBackend(pulumi.CustomResource):
1277
1428
 
1278
1429
  :param str resource_name: The name of the resource.
1279
1430
  :param pulumi.ResourceOptions opts: Options for the resource.
1280
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1281
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1282
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1283
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1284
- :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
1285
- :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
1286
- :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
1431
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1432
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1433
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1434
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1435
+ :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
1436
+ :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
1437
+ :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
1287
1438
  x509 PEM encoded.
1288
- :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
1289
- :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
1290
- :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
1439
+ :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
1440
+ :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
1441
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
1291
1442
  the next URL in the configuration.
1292
- :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
1293
- :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1294
- :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
1295
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1296
- :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1297
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
1298
- :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
1443
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
1444
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1445
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
1446
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1447
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
1448
+ :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1449
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
1450
+ :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
1299
1451
  Defaults to `false`.
1300
- :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1301
- :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
1452
+ :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1453
+ :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
1302
1454
  replication.Tolerance duration to use when checking the last rotation time.
1303
- :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
1304
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1455
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
1456
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1305
1457
  The value should not contain leading or trailing forward slashes.
1306
1458
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1307
1459
  *Available only for Vault Enterprise*.
1308
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1309
- :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1310
- :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
1311
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
1460
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
1461
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1462
+ :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
1463
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
1312
1464
  not begin or end with a `/`. Defaults to `ldap`.
1313
- :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1314
- :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
1465
+ :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1466
+ :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
1315
1467
  before returning back an error.
1316
- :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1317
- :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1318
- :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
1468
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1469
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1470
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1471
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1472
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
1473
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1474
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1475
+ :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1476
+ :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1477
+ :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
1319
1478
  Defaults to false. Requires Vault 1.16 or above.
1320
- :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
1321
- :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
1322
- :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
1479
+ :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
1480
+ :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
1481
+ :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
1323
1482
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
1324
- :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
1325
- :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
1483
+ :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
1484
+ :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
1326
1485
  """
1327
1486
  ...
1328
1487
  @overload
@@ -1343,7 +1502,9 @@ class SecretBackend(pulumi.CustomResource):
1343
1502
  bindpass="SuperSecretPassw0rd",
1344
1503
  url="ldaps://localhost",
1345
1504
  insecure_tls=True,
1346
- userdn="CN=Users,DC=corp,DC=example,DC=net")
1505
+ userdn="CN=Users,DC=corp,DC=example,DC=net",
1506
+ rotation_schedule="0 * * * SAT",
1507
+ rotation_window=3600)
1347
1508
  ```
1348
1509
 
1349
1510
  ## Import
@@ -1369,41 +1530,45 @@ class SecretBackend(pulumi.CustomResource):
1369
1530
  def _internal_init(__self__,
1370
1531
  resource_name: str,
1371
1532
  opts: Optional[pulumi.ResourceOptions] = None,
1372
- allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1373
- allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1374
- audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1375
- audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1376
- binddn: Optional[pulumi.Input[str]] = None,
1377
- bindpass: Optional[pulumi.Input[str]] = None,
1378
- certificate: Optional[pulumi.Input[str]] = None,
1379
- client_tls_cert: Optional[pulumi.Input[str]] = None,
1380
- client_tls_key: Optional[pulumi.Input[str]] = None,
1381
- connection_timeout: Optional[pulumi.Input[int]] = None,
1382
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1383
- delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1384
- description: Optional[pulumi.Input[str]] = None,
1385
- disable_remount: Optional[pulumi.Input[bool]] = None,
1386
- external_entropy_access: Optional[pulumi.Input[bool]] = None,
1387
- identity_token_key: Optional[pulumi.Input[str]] = None,
1388
- insecure_tls: Optional[pulumi.Input[bool]] = None,
1389
- listing_visibility: Optional[pulumi.Input[str]] = None,
1390
- local: Optional[pulumi.Input[bool]] = None,
1391
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1392
- namespace: Optional[pulumi.Input[str]] = None,
1393
- options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1394
- passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1395
- password_policy: Optional[pulumi.Input[str]] = None,
1396
- path: Optional[pulumi.Input[str]] = None,
1397
- plugin_version: Optional[pulumi.Input[str]] = None,
1398
- request_timeout: Optional[pulumi.Input[int]] = None,
1399
- schema: Optional[pulumi.Input[str]] = None,
1400
- seal_wrap: Optional[pulumi.Input[bool]] = None,
1401
- skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
1402
- starttls: Optional[pulumi.Input[bool]] = None,
1403
- upndomain: Optional[pulumi.Input[str]] = None,
1404
- url: Optional[pulumi.Input[str]] = None,
1405
- userattr: Optional[pulumi.Input[str]] = None,
1406
- userdn: Optional[pulumi.Input[str]] = None,
1533
+ allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1534
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1535
+ audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1536
+ audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1537
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
1538
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
1539
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1540
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
1541
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
1542
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
1543
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
1544
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1545
+ description: Optional[pulumi.Input[builtins.str]] = None,
1546
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1547
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1548
+ external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
1549
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
1550
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
1551
+ listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
1552
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1553
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
1554
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1555
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1556
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1557
+ password_policy: Optional[pulumi.Input[builtins.str]] = None,
1558
+ path: Optional[pulumi.Input[builtins.str]] = None,
1559
+ plugin_version: Optional[pulumi.Input[builtins.str]] = None,
1560
+ request_timeout: Optional[pulumi.Input[builtins.int]] = None,
1561
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
1562
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
1563
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
1564
+ schema: Optional[pulumi.Input[builtins.str]] = None,
1565
+ seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
1566
+ skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1567
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
1568
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
1569
+ url: Optional[pulumi.Input[builtins.str]] = None,
1570
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
1571
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
1407
1572
  __props__=None):
1408
1573
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1409
1574
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1430,6 +1595,7 @@ class SecretBackend(pulumi.CustomResource):
1430
1595
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1431
1596
  __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
1432
1597
  __props__.__dict__["description"] = description
1598
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1433
1599
  __props__.__dict__["disable_remount"] = disable_remount
1434
1600
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1435
1601
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -1444,6 +1610,9 @@ class SecretBackend(pulumi.CustomResource):
1444
1610
  __props__.__dict__["path"] = path
1445
1611
  __props__.__dict__["plugin_version"] = plugin_version
1446
1612
  __props__.__dict__["request_timeout"] = request_timeout
1613
+ __props__.__dict__["rotation_period"] = rotation_period
1614
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1615
+ __props__.__dict__["rotation_window"] = rotation_window
1447
1616
  __props__.__dict__["schema"] = schema
1448
1617
  __props__.__dict__["seal_wrap"] = seal_wrap
1449
1618
  __props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
@@ -1465,42 +1634,46 @@ class SecretBackend(pulumi.CustomResource):
1465
1634
  def get(resource_name: str,
1466
1635
  id: pulumi.Input[str],
1467
1636
  opts: Optional[pulumi.ResourceOptions] = None,
1468
- accessor: Optional[pulumi.Input[str]] = None,
1469
- allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1470
- allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1471
- audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1472
- audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1473
- binddn: Optional[pulumi.Input[str]] = None,
1474
- bindpass: Optional[pulumi.Input[str]] = None,
1475
- certificate: Optional[pulumi.Input[str]] = None,
1476
- client_tls_cert: Optional[pulumi.Input[str]] = None,
1477
- client_tls_key: Optional[pulumi.Input[str]] = None,
1478
- connection_timeout: Optional[pulumi.Input[int]] = None,
1479
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1480
- delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1481
- description: Optional[pulumi.Input[str]] = None,
1482
- disable_remount: Optional[pulumi.Input[bool]] = None,
1483
- external_entropy_access: Optional[pulumi.Input[bool]] = None,
1484
- identity_token_key: Optional[pulumi.Input[str]] = None,
1485
- insecure_tls: Optional[pulumi.Input[bool]] = None,
1486
- listing_visibility: Optional[pulumi.Input[str]] = None,
1487
- local: Optional[pulumi.Input[bool]] = None,
1488
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
1489
- namespace: Optional[pulumi.Input[str]] = None,
1490
- options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
1491
- passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1492
- password_policy: Optional[pulumi.Input[str]] = None,
1493
- path: Optional[pulumi.Input[str]] = None,
1494
- plugin_version: Optional[pulumi.Input[str]] = None,
1495
- request_timeout: Optional[pulumi.Input[int]] = None,
1496
- schema: Optional[pulumi.Input[str]] = None,
1497
- seal_wrap: Optional[pulumi.Input[bool]] = None,
1498
- skip_static_role_import_rotation: Optional[pulumi.Input[bool]] = None,
1499
- starttls: Optional[pulumi.Input[bool]] = None,
1500
- upndomain: Optional[pulumi.Input[str]] = None,
1501
- url: Optional[pulumi.Input[str]] = None,
1502
- userattr: Optional[pulumi.Input[str]] = None,
1503
- userdn: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
1637
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
1638
+ allowed_managed_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1639
+ allowed_response_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1640
+ audit_non_hmac_request_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1641
+ audit_non_hmac_response_keys: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1642
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
1643
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
1644
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1645
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
1646
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
1647
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
1648
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
1649
+ delegated_auth_accessors: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1650
+ description: Optional[pulumi.Input[builtins.str]] = None,
1651
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1652
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1653
+ external_entropy_access: Optional[pulumi.Input[builtins.bool]] = None,
1654
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
1655
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
1656
+ listing_visibility: Optional[pulumi.Input[builtins.str]] = None,
1657
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1658
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
1659
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1660
+ options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
1661
+ passthrough_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1662
+ password_policy: Optional[pulumi.Input[builtins.str]] = None,
1663
+ path: Optional[pulumi.Input[builtins.str]] = None,
1664
+ plugin_version: Optional[pulumi.Input[builtins.str]] = None,
1665
+ request_timeout: Optional[pulumi.Input[builtins.int]] = None,
1666
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
1667
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
1668
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
1669
+ schema: Optional[pulumi.Input[builtins.str]] = None,
1670
+ seal_wrap: Optional[pulumi.Input[builtins.bool]] = None,
1671
+ skip_static_role_import_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1672
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
1673
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
1674
+ url: Optional[pulumi.Input[builtins.str]] = None,
1675
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
1676
+ userdn: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
1504
1677
  """
1505
1678
  Get an existing SecretBackend resource's state with the given name, id, and optional extra
1506
1679
  properties used to qualify the lookup.
@@ -1508,53 +1681,61 @@ class SecretBackend(pulumi.CustomResource):
1508
1681
  :param str resource_name: The unique name of the resulting resource.
1509
1682
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1510
1683
  :param pulumi.ResourceOptions opts: Options for the resource.
1511
- :param pulumi.Input[str] accessor: Accessor of the mount
1512
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1513
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1514
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1515
- :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1516
- :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
1517
- :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
1518
- :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
1684
+ :param pulumi.Input[builtins.str] accessor: Accessor of the mount
1685
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_managed_keys: List of managed key registry entry names that the mount in question is allowed to access
1686
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_response_headers: List of headers to allow and pass from the request to the plugin
1687
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_request_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1688
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] audit_non_hmac_response_keys: Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1689
+ :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
1690
+ :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
1691
+ :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
1519
1692
  x509 PEM encoded.
1520
- :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
1521
- :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
1522
- :param pulumi.Input[int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
1693
+ :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
1694
+ :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
1695
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout, in seconds, when attempting to connect to the LDAP server before trying
1523
1696
  the next URL in the configuration.
1524
- :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
1525
- :param pulumi.Input[Sequence[pulumi.Input[str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1526
- :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
1527
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1528
- :param pulumi.Input[bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1529
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin workload identity tokens
1530
- :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
1697
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
1698
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] delegated_auth_accessors: List of headers to allow and pass from the request to the plugin
1699
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
1700
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1701
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
1702
+ :param pulumi.Input[builtins.bool] external_entropy_access: Enable the secrets engine to access Vault's external entropy source
1703
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin workload identity tokens
1704
+ :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
1531
1705
  Defaults to `false`.
1532
- :param pulumi.Input[str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1533
- :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
1706
+ :param pulumi.Input[builtins.str] listing_visibility: Specifies whether to show this mount in the UI-specific listing endpoint
1707
+ :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
1534
1708
  replication.Tolerance duration to use when checking the last rotation time.
1535
- :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
1536
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1709
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
1710
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1537
1711
  The value should not contain leading or trailing forward slashes.
1538
1712
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1539
1713
  *Available only for Vault Enterprise*.
1540
- :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: Specifies mount type specific options that are passed to the backend
1541
- :param pulumi.Input[Sequence[pulumi.Input[str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1542
- :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
1543
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
1714
+ :param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] options: Specifies mount type specific options that are passed to the backend
1715
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] passthrough_request_headers: List of headers to allow and pass from the request to the plugin
1716
+ :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
1717
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
1544
1718
  not begin or end with a `/`. Defaults to `ldap`.
1545
- :param pulumi.Input[str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1546
- :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
1719
+ :param pulumi.Input[builtins.str] plugin_version: Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1720
+ :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
1547
1721
  before returning back an error.
1548
- :param pulumi.Input[str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1549
- :param pulumi.Input[bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1550
- :param pulumi.Input[bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
1722
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1723
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1724
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1725
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1726
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
1727
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1728
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1729
+ :param pulumi.Input[builtins.str] schema: The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1730
+ :param pulumi.Input[builtins.bool] seal_wrap: Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1731
+ :param pulumi.Input[builtins.bool] skip_static_role_import_rotation: If set to true, static roles will not be rotated during import.
1551
1732
  Defaults to false. Requires Vault 1.16 or above.
1552
- :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
1553
- :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
1554
- :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
1733
+ :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
1734
+ :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
1735
+ :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
1555
1736
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
1556
- :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
1557
- :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
1737
+ :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
1738
+ :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
1558
1739
  """
1559
1740
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1560
1741
 
@@ -1574,6 +1755,7 @@ class SecretBackend(pulumi.CustomResource):
1574
1755
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
1575
1756
  __props__.__dict__["delegated_auth_accessors"] = delegated_auth_accessors
1576
1757
  __props__.__dict__["description"] = description
1758
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1577
1759
  __props__.__dict__["disable_remount"] = disable_remount
1578
1760
  __props__.__dict__["external_entropy_access"] = external_entropy_access
1579
1761
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -1588,6 +1770,9 @@ class SecretBackend(pulumi.CustomResource):
1588
1770
  __props__.__dict__["path"] = path
1589
1771
  __props__.__dict__["plugin_version"] = plugin_version
1590
1772
  __props__.__dict__["request_timeout"] = request_timeout
1773
+ __props__.__dict__["rotation_period"] = rotation_period
1774
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1775
+ __props__.__dict__["rotation_window"] = rotation_window
1591
1776
  __props__.__dict__["schema"] = schema
1592
1777
  __props__.__dict__["seal_wrap"] = seal_wrap
1593
1778
  __props__.__dict__["skip_static_role_import_rotation"] = skip_static_role_import_rotation
@@ -1600,7 +1785,7 @@ class SecretBackend(pulumi.CustomResource):
1600
1785
 
1601
1786
  @property
1602
1787
  @pulumi.getter
1603
- def accessor(self) -> pulumi.Output[str]:
1788
+ def accessor(self) -> pulumi.Output[builtins.str]:
1604
1789
  """
1605
1790
  Accessor of the mount
1606
1791
  """
@@ -1608,7 +1793,7 @@ class SecretBackend(pulumi.CustomResource):
1608
1793
 
1609
1794
  @property
1610
1795
  @pulumi.getter(name="allowedManagedKeys")
1611
- def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[str]]]:
1796
+ def allowed_managed_keys(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1612
1797
  """
1613
1798
  List of managed key registry entry names that the mount in question is allowed to access
1614
1799
  """
@@ -1616,7 +1801,7 @@ class SecretBackend(pulumi.CustomResource):
1616
1801
 
1617
1802
  @property
1618
1803
  @pulumi.getter(name="allowedResponseHeaders")
1619
- def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1804
+ def allowed_response_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1620
1805
  """
1621
1806
  List of headers to allow and pass from the request to the plugin
1622
1807
  """
@@ -1624,7 +1809,7 @@ class SecretBackend(pulumi.CustomResource):
1624
1809
 
1625
1810
  @property
1626
1811
  @pulumi.getter(name="auditNonHmacRequestKeys")
1627
- def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[str]]:
1812
+ def audit_non_hmac_request_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
1628
1813
  """
1629
1814
  Specifies the list of keys that will not be HMAC'd by audit devices in the request data object.
1630
1815
  """
@@ -1632,7 +1817,7 @@ class SecretBackend(pulumi.CustomResource):
1632
1817
 
1633
1818
  @property
1634
1819
  @pulumi.getter(name="auditNonHmacResponseKeys")
1635
- def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[str]]:
1820
+ def audit_non_hmac_response_keys(self) -> pulumi.Output[Sequence[builtins.str]]:
1636
1821
  """
1637
1822
  Specifies the list of keys that will not be HMAC'd by audit devices in the response data object.
1638
1823
  """
@@ -1640,7 +1825,7 @@ class SecretBackend(pulumi.CustomResource):
1640
1825
 
1641
1826
  @property
1642
1827
  @pulumi.getter
1643
- def binddn(self) -> pulumi.Output[str]:
1828
+ def binddn(self) -> pulumi.Output[builtins.str]:
1644
1829
  """
1645
1830
  Distinguished name of object to bind when performing user and group search.
1646
1831
  """
@@ -1648,7 +1833,7 @@ class SecretBackend(pulumi.CustomResource):
1648
1833
 
1649
1834
  @property
1650
1835
  @pulumi.getter
1651
- def bindpass(self) -> pulumi.Output[str]:
1836
+ def bindpass(self) -> pulumi.Output[builtins.str]:
1652
1837
  """
1653
1838
  Password to use along with binddn when performing user search.
1654
1839
  """
@@ -1656,7 +1841,7 @@ class SecretBackend(pulumi.CustomResource):
1656
1841
 
1657
1842
  @property
1658
1843
  @pulumi.getter
1659
- def certificate(self) -> pulumi.Output[Optional[str]]:
1844
+ def certificate(self) -> pulumi.Output[Optional[builtins.str]]:
1660
1845
  """
1661
1846
  CA certificate to use when verifying LDAP server certificate, must be
1662
1847
  x509 PEM encoded.
@@ -1665,7 +1850,7 @@ class SecretBackend(pulumi.CustomResource):
1665
1850
 
1666
1851
  @property
1667
1852
  @pulumi.getter(name="clientTlsCert")
1668
- def client_tls_cert(self) -> pulumi.Output[Optional[str]]:
1853
+ def client_tls_cert(self) -> pulumi.Output[Optional[builtins.str]]:
1669
1854
  """
1670
1855
  Client certificate to provide to the LDAP server, must be x509 PEM encoded.
1671
1856
  """
@@ -1673,7 +1858,7 @@ class SecretBackend(pulumi.CustomResource):
1673
1858
 
1674
1859
  @property
1675
1860
  @pulumi.getter(name="clientTlsKey")
1676
- def client_tls_key(self) -> pulumi.Output[Optional[str]]:
1861
+ def client_tls_key(self) -> pulumi.Output[Optional[builtins.str]]:
1677
1862
  """
1678
1863
  Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
1679
1864
  """
@@ -1681,7 +1866,7 @@ class SecretBackend(pulumi.CustomResource):
1681
1866
 
1682
1867
  @property
1683
1868
  @pulumi.getter(name="connectionTimeout")
1684
- def connection_timeout(self) -> pulumi.Output[Optional[int]]:
1869
+ def connection_timeout(self) -> pulumi.Output[Optional[builtins.int]]:
1685
1870
  """
1686
1871
  Timeout, in seconds, when attempting to connect to the LDAP server before trying
1687
1872
  the next URL in the configuration.
@@ -1690,7 +1875,7 @@ class SecretBackend(pulumi.CustomResource):
1690
1875
 
1691
1876
  @property
1692
1877
  @pulumi.getter(name="defaultLeaseTtlSeconds")
1693
- def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
1878
+ def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
1694
1879
  """
1695
1880
  Default lease duration for secrets in seconds.
1696
1881
  """
@@ -1698,7 +1883,7 @@ class SecretBackend(pulumi.CustomResource):
1698
1883
 
1699
1884
  @property
1700
1885
  @pulumi.getter(name="delegatedAuthAccessors")
1701
- def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[str]]]:
1886
+ def delegated_auth_accessors(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1702
1887
  """
1703
1888
  List of headers to allow and pass from the request to the plugin
1704
1889
  """
@@ -1706,15 +1891,23 @@ class SecretBackend(pulumi.CustomResource):
1706
1891
 
1707
1892
  @property
1708
1893
  @pulumi.getter
1709
- def description(self) -> pulumi.Output[Optional[str]]:
1894
+ def description(self) -> pulumi.Output[Optional[builtins.str]]:
1710
1895
  """
1711
1896
  Human-friendly description of the mount for the Active Directory backend.
1712
1897
  """
1713
1898
  return pulumi.get(self, "description")
1714
1899
 
1900
+ @property
1901
+ @pulumi.getter(name="disableAutomatedRotation")
1902
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
1903
+ """
1904
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1905
+ """
1906
+ return pulumi.get(self, "disable_automated_rotation")
1907
+
1715
1908
  @property
1716
1909
  @pulumi.getter(name="disableRemount")
1717
- def disable_remount(self) -> pulumi.Output[Optional[bool]]:
1910
+ def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
1718
1911
  """
1719
1912
  If set, opts out of mount migration on path updates.
1720
1913
  """
@@ -1722,7 +1915,7 @@ class SecretBackend(pulumi.CustomResource):
1722
1915
 
1723
1916
  @property
1724
1917
  @pulumi.getter(name="externalEntropyAccess")
1725
- def external_entropy_access(self) -> pulumi.Output[Optional[bool]]:
1918
+ def external_entropy_access(self) -> pulumi.Output[Optional[builtins.bool]]:
1726
1919
  """
1727
1920
  Enable the secrets engine to access Vault's external entropy source
1728
1921
  """
@@ -1730,7 +1923,7 @@ class SecretBackend(pulumi.CustomResource):
1730
1923
 
1731
1924
  @property
1732
1925
  @pulumi.getter(name="identityTokenKey")
1733
- def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1926
+ def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
1734
1927
  """
1735
1928
  The key to use for signing plugin workload identity tokens
1736
1929
  """
@@ -1738,7 +1931,7 @@ class SecretBackend(pulumi.CustomResource):
1738
1931
 
1739
1932
  @property
1740
1933
  @pulumi.getter(name="insecureTls")
1741
- def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
1934
+ def insecure_tls(self) -> pulumi.Output[Optional[builtins.bool]]:
1742
1935
  """
1743
1936
  Skip LDAP server SSL Certificate verification. This is not recommended for production.
1744
1937
  Defaults to `false`.
@@ -1747,7 +1940,7 @@ class SecretBackend(pulumi.CustomResource):
1747
1940
 
1748
1941
  @property
1749
1942
  @pulumi.getter(name="listingVisibility")
1750
- def listing_visibility(self) -> pulumi.Output[Optional[str]]:
1943
+ def listing_visibility(self) -> pulumi.Output[Optional[builtins.str]]:
1751
1944
  """
1752
1945
  Specifies whether to show this mount in the UI-specific listing endpoint
1753
1946
  """
@@ -1755,7 +1948,7 @@ class SecretBackend(pulumi.CustomResource):
1755
1948
 
1756
1949
  @property
1757
1950
  @pulumi.getter
1758
- def local(self) -> pulumi.Output[Optional[bool]]:
1951
+ def local(self) -> pulumi.Output[Optional[builtins.bool]]:
1759
1952
  """
1760
1953
  Mark the secrets engine as local-only. Local engines are not replicated or removed by
1761
1954
  replication.Tolerance duration to use when checking the last rotation time.
@@ -1764,7 +1957,7 @@ class SecretBackend(pulumi.CustomResource):
1764
1957
 
1765
1958
  @property
1766
1959
  @pulumi.getter(name="maxLeaseTtlSeconds")
1767
- def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
1960
+ def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
1768
1961
  """
1769
1962
  Maximum possible lease duration for secrets in seconds.
1770
1963
  """
@@ -1772,7 +1965,7 @@ class SecretBackend(pulumi.CustomResource):
1772
1965
 
1773
1966
  @property
1774
1967
  @pulumi.getter
1775
- def namespace(self) -> pulumi.Output[Optional[str]]:
1968
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1776
1969
  """
1777
1970
  The namespace to provision the resource in.
1778
1971
  The value should not contain leading or trailing forward slashes.
@@ -1783,7 +1976,7 @@ class SecretBackend(pulumi.CustomResource):
1783
1976
 
1784
1977
  @property
1785
1978
  @pulumi.getter
1786
- def options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
1979
+ def options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
1787
1980
  """
1788
1981
  Specifies mount type specific options that are passed to the backend
1789
1982
  """
@@ -1791,7 +1984,7 @@ class SecretBackend(pulumi.CustomResource):
1791
1984
 
1792
1985
  @property
1793
1986
  @pulumi.getter(name="passthroughRequestHeaders")
1794
- def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1987
+ def passthrough_request_headers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1795
1988
  """
1796
1989
  List of headers to allow and pass from the request to the plugin
1797
1990
  """
@@ -1799,7 +1992,7 @@ class SecretBackend(pulumi.CustomResource):
1799
1992
 
1800
1993
  @property
1801
1994
  @pulumi.getter(name="passwordPolicy")
1802
- def password_policy(self) -> pulumi.Output[Optional[str]]:
1995
+ def password_policy(self) -> pulumi.Output[Optional[builtins.str]]:
1803
1996
  """
1804
1997
  Name of the password policy to use to generate passwords.
1805
1998
  """
@@ -1807,7 +2000,7 @@ class SecretBackend(pulumi.CustomResource):
1807
2000
 
1808
2001
  @property
1809
2002
  @pulumi.getter
1810
- def path(self) -> pulumi.Output[Optional[str]]:
2003
+ def path(self) -> pulumi.Output[Optional[builtins.str]]:
1811
2004
  """
1812
2005
  The unique path this backend should be mounted at. Must
1813
2006
  not begin or end with a `/`. Defaults to `ldap`.
@@ -1816,7 +2009,7 @@ class SecretBackend(pulumi.CustomResource):
1816
2009
 
1817
2010
  @property
1818
2011
  @pulumi.getter(name="pluginVersion")
1819
- def plugin_version(self) -> pulumi.Output[Optional[str]]:
2012
+ def plugin_version(self) -> pulumi.Output[Optional[builtins.str]]:
1820
2013
  """
1821
2014
  Specifies the semantic version of the plugin to use, e.g. 'v1.0.0'
1822
2015
  """
@@ -1824,16 +2017,44 @@ class SecretBackend(pulumi.CustomResource):
1824
2017
 
1825
2018
  @property
1826
2019
  @pulumi.getter(name="requestTimeout")
1827
- def request_timeout(self) -> pulumi.Output[int]:
2020
+ def request_timeout(self) -> pulumi.Output[builtins.int]:
1828
2021
  """
1829
2022
  Timeout, in seconds, for the connection when making requests against the server
1830
2023
  before returning back an error.
1831
2024
  """
1832
2025
  return pulumi.get(self, "request_timeout")
1833
2026
 
2027
+ @property
2028
+ @pulumi.getter(name="rotationPeriod")
2029
+ def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
2030
+ """
2031
+ The amount of time in seconds Vault should wait before rotating the root credential.
2032
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2033
+ """
2034
+ return pulumi.get(self, "rotation_period")
2035
+
2036
+ @property
2037
+ @pulumi.getter(name="rotationSchedule")
2038
+ def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
2039
+ """
2040
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2041
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2042
+ """
2043
+ return pulumi.get(self, "rotation_schedule")
2044
+
2045
+ @property
2046
+ @pulumi.getter(name="rotationWindow")
2047
+ def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
2048
+ """
2049
+ The maximum amount of time in seconds allowed to complete
2050
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2051
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2052
+ """
2053
+ return pulumi.get(self, "rotation_window")
2054
+
1834
2055
  @property
1835
2056
  @pulumi.getter
1836
- def schema(self) -> pulumi.Output[str]:
2057
+ def schema(self) -> pulumi.Output[builtins.str]:
1837
2058
  """
1838
2059
  The LDAP schema to use when storing entry passwords. Valid schemas include `openldap`, `ad`, and `racf`. Default is `openldap`.
1839
2060
  """
@@ -1841,7 +2062,7 @@ class SecretBackend(pulumi.CustomResource):
1841
2062
 
1842
2063
  @property
1843
2064
  @pulumi.getter(name="sealWrap")
1844
- def seal_wrap(self) -> pulumi.Output[bool]:
2065
+ def seal_wrap(self) -> pulumi.Output[builtins.bool]:
1845
2066
  """
1846
2067
  Enable seal wrapping for the mount, causing values stored by the mount to be wrapped by the seal's encryption capability
1847
2068
  """
@@ -1849,7 +2070,7 @@ class SecretBackend(pulumi.CustomResource):
1849
2070
 
1850
2071
  @property
1851
2072
  @pulumi.getter(name="skipStaticRoleImportRotation")
1852
- def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[bool]]:
2073
+ def skip_static_role_import_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
1853
2074
  """
1854
2075
  If set to true, static roles will not be rotated during import.
1855
2076
  Defaults to false. Requires Vault 1.16 or above.
@@ -1858,7 +2079,7 @@ class SecretBackend(pulumi.CustomResource):
1858
2079
 
1859
2080
  @property
1860
2081
  @pulumi.getter
1861
- def starttls(self) -> pulumi.Output[bool]:
2082
+ def starttls(self) -> pulumi.Output[builtins.bool]:
1862
2083
  """
1863
2084
  Issue a StartTLS command after establishing unencrypted connection.
1864
2085
  """
@@ -1866,7 +2087,7 @@ class SecretBackend(pulumi.CustomResource):
1866
2087
 
1867
2088
  @property
1868
2089
  @pulumi.getter
1869
- def upndomain(self) -> pulumi.Output[str]:
2090
+ def upndomain(self) -> pulumi.Output[builtins.str]:
1870
2091
  """
1871
2092
  Enables userPrincipalDomain login with [username]@UPNDomain.
1872
2093
  """
@@ -1874,7 +2095,7 @@ class SecretBackend(pulumi.CustomResource):
1874
2095
 
1875
2096
  @property
1876
2097
  @pulumi.getter
1877
- def url(self) -> pulumi.Output[str]:
2098
+ def url(self) -> pulumi.Output[builtins.str]:
1878
2099
  """
1879
2100
  LDAP URL to connect to. Multiple URLs can be specified by concatenating
1880
2101
  them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -1883,7 +2104,7 @@ class SecretBackend(pulumi.CustomResource):
1883
2104
 
1884
2105
  @property
1885
2106
  @pulumi.getter
1886
- def userattr(self) -> pulumi.Output[str]:
2107
+ def userattr(self) -> pulumi.Output[builtins.str]:
1887
2108
  """
1888
2109
  Attribute used when searching users. Defaults to `cn`.
1889
2110
  """
@@ -1891,7 +2112,7 @@ class SecretBackend(pulumi.CustomResource):
1891
2112
 
1892
2113
  @property
1893
2114
  @pulumi.getter
1894
- def userdn(self) -> pulumi.Output[Optional[str]]:
2115
+ def userdn(self) -> pulumi.Output[Optional[builtins.str]]:
1895
2116
  """
1896
2117
  LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
1897
2118
  """