PyPI - pulumi-vault - Versions diffs - 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl - Mend

pulumi-vault 6.6.0a1741415971py3-none-any.whl → 6.7.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

pulumi_vault/__init__.py +9 -0
pulumi_vault/_inputs.py +583 -562
pulumi_vault/ad/__init__.py +1 -0
pulumi_vault/ad/get_access_credentials.py +20 -19
pulumi_vault/ad/secret_backend.py +477 -476
pulumi_vault/ad/secret_library.py +99 -98
pulumi_vault/ad/secret_role.py +85 -84
pulumi_vault/alicloud/__init__.py +1 -0
pulumi_vault/alicloud/auth_backend_role.py +183 -182
pulumi_vault/approle/__init__.py +1 -0
pulumi_vault/approle/auth_backend_login.py +106 -105
pulumi_vault/approle/auth_backend_role.py +239 -238
pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
pulumi_vault/audit.py +85 -84
pulumi_vault/audit_request_header.py +43 -42
pulumi_vault/auth_backend.py +106 -105
pulumi_vault/aws/__init__.py +1 -0
pulumi_vault/aws/auth_backend_cert.py +71 -70
pulumi_vault/aws/auth_backend_client.py +425 -200
pulumi_vault/aws/auth_backend_config_identity.py +85 -84
pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
pulumi_vault/aws/auth_backend_login.py +209 -208
pulumi_vault/aws/auth_backend_role.py +400 -399
pulumi_vault/aws/auth_backend_role_tag.py +127 -126
pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
pulumi_vault/aws/auth_backend_sts_role.py +71 -70
pulumi_vault/aws/get_access_credentials.py +44 -43
pulumi_vault/aws/get_static_access_credentials.py +13 -12
pulumi_vault/aws/secret_backend.py +523 -306
pulumi_vault/aws/secret_backend_role.py +211 -210
pulumi_vault/aws/secret_backend_static_role.py +288 -70
pulumi_vault/azure/__init__.py +1 -0
pulumi_vault/azure/_inputs.py +21 -20
pulumi_vault/azure/auth_backend_config.py +383 -130
pulumi_vault/azure/auth_backend_role.py +253 -252
pulumi_vault/azure/backend.py +432 -186
pulumi_vault/azure/backend_role.py +188 -140
pulumi_vault/azure/get_access_credentials.py +58 -57
pulumi_vault/azure/outputs.py +11 -10
pulumi_vault/cert_auth_backend_role.py +365 -364
pulumi_vault/config/__init__.py +1 -0
pulumi_vault/config/__init__.pyi +1 -0
pulumi_vault/config/_inputs.py +11 -10
pulumi_vault/config/outputs.py +287 -286
pulumi_vault/config/ui_custom_message.py +113 -112
pulumi_vault/config/vars.py +1 -0
pulumi_vault/consul/__init__.py +1 -0
pulumi_vault/consul/secret_backend.py +197 -196
pulumi_vault/consul/secret_backend_role.py +183 -182
pulumi_vault/database/__init__.py +1 -0
pulumi_vault/database/_inputs.py +3857 -2200
pulumi_vault/database/outputs.py +2483 -1330
pulumi_vault/database/secret_backend_connection.py +333 -112
pulumi_vault/database/secret_backend_role.py +169 -168
pulumi_vault/database/secret_backend_static_role.py +283 -140
pulumi_vault/database/secrets_mount.py +275 -266
pulumi_vault/egp_policy.py +71 -70
pulumi_vault/gcp/__init__.py +1 -0
pulumi_vault/gcp/_inputs.py +82 -81
pulumi_vault/gcp/auth_backend.py +426 -205
pulumi_vault/gcp/auth_backend_role.py +281 -280
pulumi_vault/gcp/get_auth_backend_role.py +70 -69
pulumi_vault/gcp/outputs.py +50 -49
pulumi_vault/gcp/secret_backend.py +420 -179
pulumi_vault/gcp/secret_impersonated_account.py +92 -91
pulumi_vault/gcp/secret_roleset.py +92 -91
pulumi_vault/gcp/secret_static_account.py +92 -91
pulumi_vault/generic/__init__.py +1 -0
pulumi_vault/generic/endpoint.py +113 -112
pulumi_vault/generic/get_secret.py +28 -27
pulumi_vault/generic/secret.py +78 -77
pulumi_vault/get_auth_backend.py +19 -18
pulumi_vault/get_auth_backends.py +14 -13
pulumi_vault/get_namespace.py +15 -14
pulumi_vault/get_namespaces.py +68 -18
pulumi_vault/get_nomad_access_token.py +19 -18
pulumi_vault/get_policy_document.py +6 -5
pulumi_vault/get_raft_autopilot_state.py +18 -17
pulumi_vault/github/__init__.py +1 -0
pulumi_vault/github/_inputs.py +42 -41
pulumi_vault/github/auth_backend.py +232 -231
pulumi_vault/github/outputs.py +26 -25
pulumi_vault/github/team.py +57 -56
pulumi_vault/github/user.py +57 -56
pulumi_vault/identity/__init__.py +1 -0
pulumi_vault/identity/entity.py +85 -84
pulumi_vault/identity/entity_alias.py +71 -70
pulumi_vault/identity/entity_policies.py +64 -63
pulumi_vault/identity/get_entity.py +43 -42
pulumi_vault/identity/get_group.py +50 -49
pulumi_vault/identity/get_oidc_client_creds.py +14 -13
pulumi_vault/identity/get_oidc_openid_config.py +24 -23
pulumi_vault/identity/get_oidc_public_keys.py +13 -12
pulumi_vault/identity/group.py +141 -140
pulumi_vault/identity/group_alias.py +57 -56
pulumi_vault/identity/group_member_entity_ids.py +57 -56
pulumi_vault/identity/group_member_group_ids.py +57 -56
pulumi_vault/identity/group_policies.py +64 -63
pulumi_vault/identity/mfa_duo.py +148 -147
pulumi_vault/identity/mfa_login_enforcement.py +120 -119
pulumi_vault/identity/mfa_okta.py +134 -133
pulumi_vault/identity/mfa_pingid.py +127 -126
pulumi_vault/identity/mfa_totp.py +176 -175
pulumi_vault/identity/oidc.py +29 -28
pulumi_vault/identity/oidc_assignment.py +57 -56
pulumi_vault/identity/oidc_client.py +127 -126
pulumi_vault/identity/oidc_key.py +85 -84
pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
pulumi_vault/identity/oidc_provider.py +92 -91
pulumi_vault/identity/oidc_role.py +85 -84
pulumi_vault/identity/oidc_scope.py +57 -56
pulumi_vault/identity/outputs.py +32 -31
pulumi_vault/jwt/__init__.py +1 -0
pulumi_vault/jwt/_inputs.py +42 -41
pulumi_vault/jwt/auth_backend.py +288 -287
pulumi_vault/jwt/auth_backend_role.py +407 -406
pulumi_vault/jwt/outputs.py +26 -25
pulumi_vault/kmip/__init__.py +1 -0
pulumi_vault/kmip/secret_backend.py +183 -182
pulumi_vault/kmip/secret_role.py +295 -294
pulumi_vault/kmip/secret_scope.py +57 -56
pulumi_vault/kubernetes/__init__.py +1 -0
pulumi_vault/kubernetes/auth_backend_config.py +141 -140
pulumi_vault/kubernetes/auth_backend_role.py +225 -224
pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
pulumi_vault/kubernetes/get_service_account_token.py +38 -37
pulumi_vault/kubernetes/secret_backend.py +316 -315
pulumi_vault/kubernetes/secret_backend_role.py +197 -196
pulumi_vault/kv/__init__.py +1 -0
pulumi_vault/kv/_inputs.py +21 -20
pulumi_vault/kv/get_secret.py +17 -16
pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
pulumi_vault/kv/get_secret_v2.py +29 -28
pulumi_vault/kv/get_secrets_list.py +13 -12
pulumi_vault/kv/get_secrets_list_v2.py +19 -18
pulumi_vault/kv/outputs.py +13 -12
pulumi_vault/kv/secret.py +50 -49
pulumi_vault/kv/secret_backend_v2.py +71 -70
pulumi_vault/kv/secret_v2.py +134 -133
pulumi_vault/ldap/__init__.py +1 -0
pulumi_vault/ldap/auth_backend.py +754 -533
pulumi_vault/ldap/auth_backend_group.py +57 -56
pulumi_vault/ldap/auth_backend_user.py +71 -70
pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
pulumi_vault/ldap/get_static_credentials.py +18 -17
pulumi_vault/ldap/secret_backend.py +720 -499
pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
pulumi_vault/ldap/secret_backend_library_set.py +99 -98
pulumi_vault/ldap/secret_backend_static_role.py +99 -98
pulumi_vault/managed/__init__.py +1 -0
pulumi_vault/managed/_inputs.py +229 -228
pulumi_vault/managed/keys.py +15 -14
pulumi_vault/managed/outputs.py +139 -138
pulumi_vault/mfa_duo.py +113 -112
pulumi_vault/mfa_okta.py +113 -112
pulumi_vault/mfa_pingid.py +120 -119
pulumi_vault/mfa_totp.py +127 -126
pulumi_vault/mongodbatlas/__init__.py +1 -0
pulumi_vault/mongodbatlas/secret_backend.py +64 -63
pulumi_vault/mongodbatlas/secret_role.py +155 -154
pulumi_vault/mount.py +274 -273
pulumi_vault/namespace.py +64 -63
pulumi_vault/nomad_secret_backend.py +211 -210
pulumi_vault/nomad_secret_role.py +85 -84
pulumi_vault/okta/__init__.py +1 -0
pulumi_vault/okta/_inputs.py +26 -25
pulumi_vault/okta/auth_backend.py +274 -273
pulumi_vault/okta/auth_backend_group.py +57 -56
pulumi_vault/okta/auth_backend_user.py +71 -70
pulumi_vault/okta/outputs.py +16 -15
pulumi_vault/outputs.py +73 -60
pulumi_vault/password_policy.py +43 -42
pulumi_vault/pkisecret/__init__.py +3 -0
pulumi_vault/pkisecret/_inputs.py +31 -36
pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
pulumi_vault/pkisecret/backend_config_acme.py +174 -126
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
pulumi_vault/pkisecret/backend_config_est.py +120 -119
pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
pulumi_vault/pkisecret/get_backend_key.py +20 -19
pulumi_vault/pkisecret/get_backend_keys.py +15 -14
pulumi_vault/pkisecret/outputs.py +28 -31
pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
pulumi_vault/pkisecret/secret_backend_key.py +120 -119
pulumi_vault/pkisecret/secret_backend_role.py +894 -644
pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
pulumi_vault/plugin.py +127 -126
pulumi_vault/plugin_pinned_version.py +43 -42
pulumi_vault/policy.py +43 -42
pulumi_vault/provider.py +120 -119
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/quota_lease_count.py +85 -84
pulumi_vault/quota_rate_limit.py +113 -112
pulumi_vault/rabbitmq/__init__.py +1 -0
pulumi_vault/rabbitmq/_inputs.py +41 -40
pulumi_vault/rabbitmq/outputs.py +25 -24
pulumi_vault/rabbitmq/secret_backend.py +169 -168
pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
pulumi_vault/raft_autopilot.py +113 -112
pulumi_vault/raft_snapshot_agent_config.py +393 -392
pulumi_vault/rgp_policy.py +57 -56
pulumi_vault/saml/__init__.py +1 -0
pulumi_vault/saml/auth_backend.py +155 -154
pulumi_vault/saml/auth_backend_role.py +239 -238
pulumi_vault/secrets/__init__.py +1 -0
pulumi_vault/secrets/_inputs.py +16 -15
pulumi_vault/secrets/outputs.py +10 -9
pulumi_vault/secrets/sync_association.py +71 -70
pulumi_vault/secrets/sync_aws_destination.py +148 -147
pulumi_vault/secrets/sync_azure_destination.py +148 -147
pulumi_vault/secrets/sync_config.py +43 -42
pulumi_vault/secrets/sync_gcp_destination.py +106 -105
pulumi_vault/secrets/sync_gh_destination.py +134 -133
pulumi_vault/secrets/sync_github_apps.py +64 -63
pulumi_vault/secrets/sync_vercel_destination.py +120 -119
pulumi_vault/ssh/__init__.py +2 -0
pulumi_vault/ssh/_inputs.py +11 -10
pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
pulumi_vault/ssh/outputs.py +7 -6
pulumi_vault/ssh/secret_backend_ca.py +99 -98
pulumi_vault/ssh/secret_backend_role.py +365 -364
pulumi_vault/terraformcloud/__init__.py +1 -0
pulumi_vault/terraformcloud/secret_backend.py +111 -110
pulumi_vault/terraformcloud/secret_creds.py +74 -73
pulumi_vault/terraformcloud/secret_role.py +96 -95
pulumi_vault/token.py +246 -245
pulumi_vault/tokenauth/__init__.py +1 -0
pulumi_vault/tokenauth/auth_backend_role.py +267 -266
pulumi_vault/transform/__init__.py +1 -0
pulumi_vault/transform/alphabet.py +57 -56
pulumi_vault/transform/get_decode.py +47 -46
pulumi_vault/transform/get_encode.py +47 -46
pulumi_vault/transform/role.py +57 -56
pulumi_vault/transform/template.py +113 -112
pulumi_vault/transform/transformation.py +141 -140
pulumi_vault/transit/__init__.py +3 -0
pulumi_vault/transit/get_decrypt.py +18 -17
pulumi_vault/transit/get_encrypt.py +21 -20
pulumi_vault/transit/get_sign.py +325 -0
pulumi_vault/transit/get_verify.py +355 -0
pulumi_vault/transit/secret_backend_key.py +394 -231
pulumi_vault/transit/secret_cache_config.py +43 -42
{pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
pulumi_vault-6.7.0.dist-info/RECORD +265 -0
{pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
{pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0

pulumi_vault/pkisecret/secret_backend_crl_config.py CHANGED Viewed

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins
 import copy
 import warnings
 import sys
@@ -19,39 +20,42 @@ __all__ = ['SecretBackendCrlConfigArgs', 'SecretBackendCrlConfig']
 @pulumi.input_type
 class SecretBackendCrlConfigArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[str],
-                 auto_rebuild: Optional[pulumi.Input[bool]] = None,
-                 auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
-                 cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
-                 delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
-                 disable: Optional[pulumi.Input[bool]] = None,
-                 enable_delta: Optional[pulumi.Input[bool]] = None,
-                 expiry: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_disable: Optional[pulumi.Input[bool]] = None,
-                 ocsp_expiry: Optional[pulumi.Input[str]] = None,
-                 unified_crl: Optional[pulumi.Input[bool]] = None,
-                 unified_crl_on_existing_paths: Optional[pulumi.Input[bool]] = None):
+                 backend: pulumi.Input[builtins.str],
+                 auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
+                 auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
+                 cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
+                 delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
+                 disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
+                 expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
+                 unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None):
         """
         The set of arguments for constructing a SecretBackendCrlConfig resource.
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
-        :param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
-        :param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
-        :param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
-        :param pulumi.Input[bool] disable: Disables or enables CRL building.
-        :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
+        :param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
+        :param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
+        :param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
+        :param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
                augmenting the last complete CRL.  **Vault 1.12+**
-        :param pulumi.Input[str] expiry: Specifies the time until expiration.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
+        :param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
+               accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
-        :param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
+        :param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
                refresh durations. **Vault 1.12+**
-        :param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
-        :param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
+        :param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
+        :param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
                cluster-local paths. **Vault 1.13+**
         """
         pulumi.set(__self__, "backend", backend)
@@ -69,6 +73,8 @@ class SecretBackendCrlConfigArgs:
             pulumi.set(__self__, "enable_delta", enable_delta)
         if expiry is not None:
             pulumi.set(__self__, "expiry", expiry)
+        if max_crl_entries is not None:
+            pulumi.set(__self__, "max_crl_entries", max_crl_entries)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if ocsp_disable is not None:
@@ -82,79 +88,79 @@ class SecretBackendCrlConfigArgs:
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[str]:
+    def backend(self) -> pulumi.Input[builtins.str]:
         """
         The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
     @backend.setter
-    def backend(self, value: pulumi.Input[str]):
+    def backend(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "backend", value)
     @property
     @pulumi.getter(name="autoRebuild")
-    def auto_rebuild(self) -> Optional[pulumi.Input[bool]]:
+    def auto_rebuild(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
         """
         return pulumi.get(self, "auto_rebuild")
     @auto_rebuild.setter
-    def auto_rebuild(self, value: Optional[pulumi.Input[bool]]):
+    def auto_rebuild(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "auto_rebuild", value)
     @property
     @pulumi.getter(name="autoRebuildGracePeriod")
-    def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[str]]:
+    def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
         """
         return pulumi.get(self, "auto_rebuild_grace_period")
     @auto_rebuild_grace_period.setter
-    def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[str]]):
+    def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "auto_rebuild_grace_period", value)
     @property
     @pulumi.getter(name="crossClusterRevocation")
-    def cross_cluster_revocation(self) -> Optional[pulumi.Input[bool]]:
+    def cross_cluster_revocation(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enable cross-cluster revocation request queues. **Vault 1.13+**
         """
         return pulumi.get(self, "cross_cluster_revocation")
     @cross_cluster_revocation.setter
-    def cross_cluster_revocation(self, value: Optional[pulumi.Input[bool]]):
+    def cross_cluster_revocation(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "cross_cluster_revocation", value)
     @property
     @pulumi.getter(name="deltaRebuildInterval")
-    def delta_rebuild_interval(self) -> Optional[pulumi.Input[str]]:
+    def delta_rebuild_interval(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Interval to check for new revocations on, to regenerate the delta CRL.
         """
         return pulumi.get(self, "delta_rebuild_interval")
     @delta_rebuild_interval.setter
-    def delta_rebuild_interval(self, value: Optional[pulumi.Input[str]]):
+    def delta_rebuild_interval(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "delta_rebuild_interval", value)
     @property
     @pulumi.getter
-    def disable(self) -> Optional[pulumi.Input[bool]]:
+    def disable(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Disables or enables CRL building.
         """
         return pulumi.get(self, "disable")
     @disable.setter
-    def disable(self, value: Optional[pulumi.Input[bool]]):
+    def disable(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable", value)
     @property
     @pulumi.getter(name="enableDelta")
-    def enable_delta(self) -> Optional[pulumi.Input[bool]]:
+    def enable_delta(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables building of delta CRLs with up-to-date revocation information,
         augmenting the last complete CRL.  **Vault 1.12+**
@@ -162,24 +168,37 @@ class SecretBackendCrlConfigArgs:
         return pulumi.get(self, "enable_delta")
     @enable_delta.setter
-    def enable_delta(self, value: Optional[pulumi.Input[bool]]):
+    def enable_delta(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_delta", value)
     @property
     @pulumi.getter
-    def expiry(self) -> Optional[pulumi.Input[str]]:
+    def expiry(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the time until expiration.
         """
         return pulumi.get(self, "expiry")
     @expiry.setter
-    def expiry(self, value: Optional[pulumi.Input[str]]):
+    def expiry(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "expiry", value)
+    @property
+    @pulumi.getter(name="maxCrlEntries")
+    def max_crl_entries(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum number of entries a CRL can contain. This option exists to prevent
+        accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        """
+        return pulumi.get(self, "max_crl_entries")
+    @max_crl_entries.setter
+    def max_crl_entries(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "max_crl_entries", value)
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -189,24 +208,24 @@ class SecretBackendCrlConfigArgs:
         return pulumi.get(self, "namespace")
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
     @property
     @pulumi.getter(name="ocspDisable")
-    def ocsp_disable(self) -> Optional[pulumi.Input[bool]]:
+    def ocsp_disable(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Disables the OCSP responder in Vault. **Vault 1.12+**
         """
         return pulumi.get(self, "ocsp_disable")
     @ocsp_disable.setter
-    def ocsp_disable(self, value: Optional[pulumi.Input[bool]]):
+    def ocsp_disable(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "ocsp_disable", value)
     @property
     @pulumi.getter(name="ocspExpiry")
-    def ocsp_expiry(self) -> Optional[pulumi.Input[str]]:
+    def ocsp_expiry(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The amount of time an OCSP response can be cached for, useful for OCSP stapling
         refresh durations. **Vault 1.12+**
@@ -214,24 +233,24 @@ class SecretBackendCrlConfigArgs:
         return pulumi.get(self, "ocsp_expiry")
     @ocsp_expiry.setter
-    def ocsp_expiry(self, value: Optional[pulumi.Input[str]]):
+    def ocsp_expiry(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "ocsp_expiry", value)
     @property
     @pulumi.getter(name="unifiedCrl")
-    def unified_crl(self) -> Optional[pulumi.Input[bool]]:
+    def unified_crl(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables unified CRL and OCSP building. **Vault 1.13+**
         """
         return pulumi.get(self, "unified_crl")
     @unified_crl.setter
-    def unified_crl(self, value: Optional[pulumi.Input[bool]]):
+    def unified_crl(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "unified_crl", value)
     @property
     @pulumi.getter(name="unifiedCrlOnExistingPaths")
-    def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[bool]]:
+    def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables serving the unified CRL and OCSP on the existing, previously
         cluster-local paths. **Vault 1.13+**
@@ -239,46 +258,49 @@ class SecretBackendCrlConfigArgs:
         return pulumi.get(self, "unified_crl_on_existing_paths")
     @unified_crl_on_existing_paths.setter
-    def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[bool]]):
+    def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "unified_crl_on_existing_paths", value)
 @pulumi.input_type
 class _SecretBackendCrlConfigState:
     def __init__(__self__, *,
-                 auto_rebuild: Optional[pulumi.Input[bool]] = None,
-                 auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
-                 delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
-                 disable: Optional[pulumi.Input[bool]] = None,
-                 enable_delta: Optional[pulumi.Input[bool]] = None,
-                 expiry: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_disable: Optional[pulumi.Input[bool]] = None,
-                 ocsp_expiry: Optional[pulumi.Input[str]] = None,
-                 unified_crl: Optional[pulumi.Input[bool]] = None,
-                 unified_crl_on_existing_paths: Optional[pulumi.Input[bool]] = None):
+                 auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
+                 auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
+                 delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
+                 disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
+                 expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
+                 unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None):
         """
         Input properties used for looking up and filtering SecretBackendCrlConfig resources.
-        :param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
-        :param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
-        :param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
-        :param pulumi.Input[bool] disable: Disables or enables CRL building.
-        :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
+        :param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
+        :param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
+        :param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
+        :param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
                augmenting the last complete CRL.  **Vault 1.12+**
-        :param pulumi.Input[str] expiry: Specifies the time until expiration.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
+        :param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
+               accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
-        :param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
+        :param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
                refresh durations. **Vault 1.12+**
-        :param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
-        :param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
+        :param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
+        :param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
                cluster-local paths. **Vault 1.13+**
         """
         if auto_rebuild is not None:
@@ -297,6 +319,8 @@ class _SecretBackendCrlConfigState:
             pulumi.set(__self__, "enable_delta", enable_delta)
         if expiry is not None:
             pulumi.set(__self__, "expiry", expiry)
+        if max_crl_entries is not None:
+            pulumi.set(__self__, "max_crl_entries", max_crl_entries)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
         if ocsp_disable is not None:
@@ -310,79 +334,79 @@ class _SecretBackendCrlConfigState:
     @property
     @pulumi.getter(name="autoRebuild")
-    def auto_rebuild(self) -> Optional[pulumi.Input[bool]]:
+    def auto_rebuild(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
         """
         return pulumi.get(self, "auto_rebuild")
     @auto_rebuild.setter
-    def auto_rebuild(self, value: Optional[pulumi.Input[bool]]):
+    def auto_rebuild(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "auto_rebuild", value)
     @property
     @pulumi.getter(name="autoRebuildGracePeriod")
-    def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[str]]:
+    def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
         """
         return pulumi.get(self, "auto_rebuild_grace_period")
     @auto_rebuild_grace_period.setter
-    def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[str]]):
+    def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "auto_rebuild_grace_period", value)
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
     @property
     @pulumi.getter(name="crossClusterRevocation")
-    def cross_cluster_revocation(self) -> Optional[pulumi.Input[bool]]:
+    def cross_cluster_revocation(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enable cross-cluster revocation request queues. **Vault 1.13+**
         """
         return pulumi.get(self, "cross_cluster_revocation")
     @cross_cluster_revocation.setter
-    def cross_cluster_revocation(self, value: Optional[pulumi.Input[bool]]):
+    def cross_cluster_revocation(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "cross_cluster_revocation", value)
     @property
     @pulumi.getter(name="deltaRebuildInterval")
-    def delta_rebuild_interval(self) -> Optional[pulumi.Input[str]]:
+    def delta_rebuild_interval(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Interval to check for new revocations on, to regenerate the delta CRL.
         """
         return pulumi.get(self, "delta_rebuild_interval")
     @delta_rebuild_interval.setter
-    def delta_rebuild_interval(self, value: Optional[pulumi.Input[str]]):
+    def delta_rebuild_interval(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "delta_rebuild_interval", value)
     @property
     @pulumi.getter
-    def disable(self) -> Optional[pulumi.Input[bool]]:
+    def disable(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Disables or enables CRL building.
         """
         return pulumi.get(self, "disable")
     @disable.setter
-    def disable(self, value: Optional[pulumi.Input[bool]]):
+    def disable(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable", value)
     @property
     @pulumi.getter(name="enableDelta")
-    def enable_delta(self) -> Optional[pulumi.Input[bool]]:
+    def enable_delta(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables building of delta CRLs with up-to-date revocation information,
         augmenting the last complete CRL.  **Vault 1.12+**
@@ -390,24 +414,37 @@ class _SecretBackendCrlConfigState:
         return pulumi.get(self, "enable_delta")
     @enable_delta.setter
-    def enable_delta(self, value: Optional[pulumi.Input[bool]]):
+    def enable_delta(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_delta", value)
     @property
     @pulumi.getter
-    def expiry(self) -> Optional[pulumi.Input[str]]:
+    def expiry(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Specifies the time until expiration.
         """
         return pulumi.get(self, "expiry")
     @expiry.setter
-    def expiry(self, value: Optional[pulumi.Input[str]]):
+    def expiry(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "expiry", value)
+    @property
+    @pulumi.getter(name="maxCrlEntries")
+    def max_crl_entries(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum number of entries a CRL can contain. This option exists to prevent
+        accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        """
+        return pulumi.get(self, "max_crl_entries")
+    @max_crl_entries.setter
+    def max_crl_entries(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "max_crl_entries", value)
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -417,24 +454,24 @@ class _SecretBackendCrlConfigState:
         return pulumi.get(self, "namespace")
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
     @property
     @pulumi.getter(name="ocspDisable")
-    def ocsp_disable(self) -> Optional[pulumi.Input[bool]]:
+    def ocsp_disable(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Disables the OCSP responder in Vault. **Vault 1.12+**
         """
         return pulumi.get(self, "ocsp_disable")
     @ocsp_disable.setter
-    def ocsp_disable(self, value: Optional[pulumi.Input[bool]]):
+    def ocsp_disable(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "ocsp_disable", value)
     @property
     @pulumi.getter(name="ocspExpiry")
-    def ocsp_expiry(self) -> Optional[pulumi.Input[str]]:
+    def ocsp_expiry(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The amount of time an OCSP response can be cached for, useful for OCSP stapling
         refresh durations. **Vault 1.12+**
@@ -442,24 +479,24 @@ class _SecretBackendCrlConfigState:
         return pulumi.get(self, "ocsp_expiry")
     @ocsp_expiry.setter
-    def ocsp_expiry(self, value: Optional[pulumi.Input[str]]):
+    def ocsp_expiry(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "ocsp_expiry", value)
     @property
     @pulumi.getter(name="unifiedCrl")
-    def unified_crl(self) -> Optional[pulumi.Input[bool]]:
+    def unified_crl(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables unified CRL and OCSP building. **Vault 1.13+**
         """
         return pulumi.get(self, "unified_crl")
     @unified_crl.setter
-    def unified_crl(self, value: Optional[pulumi.Input[bool]]):
+    def unified_crl(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "unified_crl", value)
     @property
     @pulumi.getter(name="unifiedCrlOnExistingPaths")
-    def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[bool]]:
+    def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Enables serving the unified CRL and OCSP on the existing, previously
         cluster-local paths. **Vault 1.13+**
@@ -467,7 +504,7 @@ class _SecretBackendCrlConfigState:
         return pulumi.get(self, "unified_crl_on_existing_paths")
     @unified_crl_on_existing_paths.setter
-    def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[bool]]):
+    def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "unified_crl_on_existing_paths", value)
@@ -476,19 +513,20 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 auto_rebuild: Optional[pulumi.Input[bool]] = None,
-                 auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
-                 delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
-                 disable: Optional[pulumi.Input[bool]] = None,
-                 enable_delta: Optional[pulumi.Input[bool]] = None,
-                 expiry: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_disable: Optional[pulumi.Input[bool]] = None,
-                 ocsp_expiry: Optional[pulumi.Input[str]] = None,
-                 unified_crl: Optional[pulumi.Input[bool]] = None,
-                 unified_crl_on_existing_paths: Optional[pulumi.Input[bool]] = None,
+                 auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
+                 auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
+                 delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
+                 disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
+                 expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
+                 unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None,
                  __props__=None):
         """
         Allows setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL.
@@ -512,24 +550,26 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
-        :param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
-        :param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
-        :param pulumi.Input[bool] disable: Disables or enables CRL building.
-        :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
+        :param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
+        :param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
+        :param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
+        :param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
                augmenting the last complete CRL.  **Vault 1.12+**
-        :param pulumi.Input[str] expiry: Specifies the time until expiration.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
+        :param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
+               accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
-        :param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
+        :param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
                refresh durations. **Vault 1.12+**
-        :param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
-        :param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
+        :param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
+        :param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
                cluster-local paths. **Vault 1.13+**
         """
         ...
@@ -573,19 +613,20 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 auto_rebuild: Optional[pulumi.Input[bool]] = None,
-                 auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
-                 delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
-                 disable: Optional[pulumi.Input[bool]] = None,
-                 enable_delta: Optional[pulumi.Input[bool]] = None,
-                 expiry: Optional[pulumi.Input[str]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_disable: Optional[pulumi.Input[bool]] = None,
-                 ocsp_expiry: Optional[pulumi.Input[str]] = None,
-                 unified_crl: Optional[pulumi.Input[bool]] = None,
-                 unified_crl_on_existing_paths: Optional[pulumi.Input[bool]] = None,
+                 auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
+                 auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
+                 delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
+                 disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
+                 expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
+                 ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
+                 unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
+                 unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -605,6 +646,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
             __props__.__dict__["disable"] = disable
             __props__.__dict__["enable_delta"] = enable_delta
             __props__.__dict__["expiry"] = expiry
+            __props__.__dict__["max_crl_entries"] = max_crl_entries
             __props__.__dict__["namespace"] = namespace
             __props__.__dict__["ocsp_disable"] = ocsp_disable
             __props__.__dict__["ocsp_expiry"] = ocsp_expiry
@@ -620,19 +662,20 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            auto_rebuild: Optional[pulumi.Input[bool]] = None,
-            auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
-            backend: Optional[pulumi.Input[str]] = None,
-            cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
-            delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
-            disable: Optional[pulumi.Input[bool]] = None,
-            enable_delta: Optional[pulumi.Input[bool]] = None,
-            expiry: Optional[pulumi.Input[str]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
-            ocsp_disable: Optional[pulumi.Input[bool]] = None,
-            ocsp_expiry: Optional[pulumi.Input[str]] = None,
-            unified_crl: Optional[pulumi.Input[bool]] = None,
-            unified_crl_on_existing_paths: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendCrlConfig':
+            auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
+            auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
+            backend: Optional[pulumi.Input[builtins.str]] = None,
+            cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
+            delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
+            disable: Optional[pulumi.Input[builtins.bool]] = None,
+            enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
+            expiry: Optional[pulumi.Input[builtins.str]] = None,
+            max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
+            ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
+            ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
+            unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
+            unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendCrlConfig':
         """
         Get an existing SecretBackendCrlConfig resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -640,24 +683,26 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
-        :param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
-        :param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
-        :param pulumi.Input[bool] disable: Disables or enables CRL building.
-        :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
+        :param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
+        :param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
+        :param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
+        :param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
                augmenting the last complete CRL.  **Vault 1.12+**
-        :param pulumi.Input[str] expiry: Specifies the time until expiration.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
+        :param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
+               accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
-        :param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
+        :param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
+        :param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
                refresh durations. **Vault 1.12+**
-        :param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
-        :param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
+        :param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
+        :param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
                cluster-local paths. **Vault 1.13+**
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -672,6 +717,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
         __props__.__dict__["disable"] = disable
         __props__.__dict__["enable_delta"] = enable_delta
         __props__.__dict__["expiry"] = expiry
+        __props__.__dict__["max_crl_entries"] = max_crl_entries
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["ocsp_disable"] = ocsp_disable
         __props__.__dict__["ocsp_expiry"] = ocsp_expiry
@@ -681,7 +727,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="autoRebuild")
-    def auto_rebuild(self) -> pulumi.Output[Optional[bool]]:
+    def auto_rebuild(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
         """
@@ -689,7 +735,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="autoRebuildGracePeriod")
-    def auto_rebuild_grace_period(self) -> pulumi.Output[str]:
+    def auto_rebuild_grace_period(self) -> pulumi.Output[builtins.str]:
         """
         Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
         """
@@ -697,7 +743,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[str]:
+    def backend(self) -> pulumi.Output[builtins.str]:
         """
         The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         """
@@ -705,7 +751,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="crossClusterRevocation")
-    def cross_cluster_revocation(self) -> pulumi.Output[bool]:
+    def cross_cluster_revocation(self) -> pulumi.Output[builtins.bool]:
         """
         Enable cross-cluster revocation request queues. **Vault 1.13+**
         """
@@ -713,7 +759,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="deltaRebuildInterval")
-    def delta_rebuild_interval(self) -> pulumi.Output[str]:
+    def delta_rebuild_interval(self) -> pulumi.Output[builtins.str]:
         """
         Interval to check for new revocations on, to regenerate the delta CRL.
         """
@@ -721,7 +767,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter
-    def disable(self) -> pulumi.Output[Optional[bool]]:
+    def disable(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Disables or enables CRL building.
         """
@@ -729,7 +775,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="enableDelta")
-    def enable_delta(self) -> pulumi.Output[Optional[bool]]:
+    def enable_delta(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Enables building of delta CRLs with up-to-date revocation information,
         augmenting the last complete CRL.  **Vault 1.12+**
@@ -738,15 +784,24 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter
-    def expiry(self) -> pulumi.Output[Optional[str]]:
+    def expiry(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Specifies the time until expiration.
         """
         return pulumi.get(self, "expiry")
+    @property
+    @pulumi.getter(name="maxCrlEntries")
+    def max_crl_entries(self) -> pulumi.Output[builtins.int]:
+        """
+        The maximum number of entries a CRL can contain. This option exists to prevent
+        accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
+        """
+        return pulumi.get(self, "max_crl_entries")
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -757,7 +812,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="ocspDisable")
-    def ocsp_disable(self) -> pulumi.Output[Optional[bool]]:
+    def ocsp_disable(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Disables the OCSP responder in Vault. **Vault 1.12+**
         """
@@ -765,7 +820,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="ocspExpiry")
-    def ocsp_expiry(self) -> pulumi.Output[str]:
+    def ocsp_expiry(self) -> pulumi.Output[builtins.str]:
         """
         The amount of time an OCSP response can be cached for, useful for OCSP stapling
         refresh durations. **Vault 1.12+**
@@ -774,7 +829,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="unifiedCrl")
-    def unified_crl(self) -> pulumi.Output[bool]:
+    def unified_crl(self) -> pulumi.Output[builtins.bool]:
         """
         Enables unified CRL and OCSP building. **Vault 1.13+**
         """
@@ -782,7 +837,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="unifiedCrlOnExistingPaths")
-    def unified_crl_on_existing_paths(self) -> pulumi.Output[bool]:
+    def unified_crl_on_existing_paths(self) -> pulumi.Output[builtins.bool]:
         """
         Enables serving the unified CRL and OCSP on the existing, previously
         cluster-local paths. **Vault 1.13+**

pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi-vault 6.6.0a1741415971py3-none-any.whl → 6.7.0py3-none-any.whl