PyPI - pulumi-vault - Versions diffs - 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl - Mend

pulumi-vault 6.6.0a1741415971py3-none-any.whl → 6.7.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

pulumi_vault/__init__.py +9 -0
pulumi_vault/_inputs.py +583 -562
pulumi_vault/ad/__init__.py +1 -0
pulumi_vault/ad/get_access_credentials.py +20 -19
pulumi_vault/ad/secret_backend.py +477 -476
pulumi_vault/ad/secret_library.py +99 -98
pulumi_vault/ad/secret_role.py +85 -84
pulumi_vault/alicloud/__init__.py +1 -0
pulumi_vault/alicloud/auth_backend_role.py +183 -182
pulumi_vault/approle/__init__.py +1 -0
pulumi_vault/approle/auth_backend_login.py +106 -105
pulumi_vault/approle/auth_backend_role.py +239 -238
pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
pulumi_vault/audit.py +85 -84
pulumi_vault/audit_request_header.py +43 -42
pulumi_vault/auth_backend.py +106 -105
pulumi_vault/aws/__init__.py +1 -0
pulumi_vault/aws/auth_backend_cert.py +71 -70
pulumi_vault/aws/auth_backend_client.py +425 -200
pulumi_vault/aws/auth_backend_config_identity.py +85 -84
pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
pulumi_vault/aws/auth_backend_login.py +209 -208
pulumi_vault/aws/auth_backend_role.py +400 -399
pulumi_vault/aws/auth_backend_role_tag.py +127 -126
pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
pulumi_vault/aws/auth_backend_sts_role.py +71 -70
pulumi_vault/aws/get_access_credentials.py +44 -43
pulumi_vault/aws/get_static_access_credentials.py +13 -12
pulumi_vault/aws/secret_backend.py +523 -306
pulumi_vault/aws/secret_backend_role.py +211 -210
pulumi_vault/aws/secret_backend_static_role.py +288 -70
pulumi_vault/azure/__init__.py +1 -0
pulumi_vault/azure/_inputs.py +21 -20
pulumi_vault/azure/auth_backend_config.py +383 -130
pulumi_vault/azure/auth_backend_role.py +253 -252
pulumi_vault/azure/backend.py +432 -186
pulumi_vault/azure/backend_role.py +188 -140
pulumi_vault/azure/get_access_credentials.py +58 -57
pulumi_vault/azure/outputs.py +11 -10
pulumi_vault/cert_auth_backend_role.py +365 -364
pulumi_vault/config/__init__.py +1 -0
pulumi_vault/config/__init__.pyi +1 -0
pulumi_vault/config/_inputs.py +11 -10
pulumi_vault/config/outputs.py +287 -286
pulumi_vault/config/ui_custom_message.py +113 -112
pulumi_vault/config/vars.py +1 -0
pulumi_vault/consul/__init__.py +1 -0
pulumi_vault/consul/secret_backend.py +197 -196
pulumi_vault/consul/secret_backend_role.py +183 -182
pulumi_vault/database/__init__.py +1 -0
pulumi_vault/database/_inputs.py +3857 -2200
pulumi_vault/database/outputs.py +2483 -1330
pulumi_vault/database/secret_backend_connection.py +333 -112
pulumi_vault/database/secret_backend_role.py +169 -168
pulumi_vault/database/secret_backend_static_role.py +283 -140
pulumi_vault/database/secrets_mount.py +275 -266
pulumi_vault/egp_policy.py +71 -70
pulumi_vault/gcp/__init__.py +1 -0
pulumi_vault/gcp/_inputs.py +82 -81
pulumi_vault/gcp/auth_backend.py +426 -205
pulumi_vault/gcp/auth_backend_role.py +281 -280
pulumi_vault/gcp/get_auth_backend_role.py +70 -69
pulumi_vault/gcp/outputs.py +50 -49
pulumi_vault/gcp/secret_backend.py +420 -179
pulumi_vault/gcp/secret_impersonated_account.py +92 -91
pulumi_vault/gcp/secret_roleset.py +92 -91
pulumi_vault/gcp/secret_static_account.py +92 -91
pulumi_vault/generic/__init__.py +1 -0
pulumi_vault/generic/endpoint.py +113 -112
pulumi_vault/generic/get_secret.py +28 -27
pulumi_vault/generic/secret.py +78 -77
pulumi_vault/get_auth_backend.py +19 -18
pulumi_vault/get_auth_backends.py +14 -13
pulumi_vault/get_namespace.py +15 -14
pulumi_vault/get_namespaces.py +68 -18
pulumi_vault/get_nomad_access_token.py +19 -18
pulumi_vault/get_policy_document.py +6 -5
pulumi_vault/get_raft_autopilot_state.py +18 -17
pulumi_vault/github/__init__.py +1 -0
pulumi_vault/github/_inputs.py +42 -41
pulumi_vault/github/auth_backend.py +232 -231
pulumi_vault/github/outputs.py +26 -25
pulumi_vault/github/team.py +57 -56
pulumi_vault/github/user.py +57 -56
pulumi_vault/identity/__init__.py +1 -0
pulumi_vault/identity/entity.py +85 -84
pulumi_vault/identity/entity_alias.py +71 -70
pulumi_vault/identity/entity_policies.py +64 -63
pulumi_vault/identity/get_entity.py +43 -42
pulumi_vault/identity/get_group.py +50 -49
pulumi_vault/identity/get_oidc_client_creds.py +14 -13
pulumi_vault/identity/get_oidc_openid_config.py +24 -23
pulumi_vault/identity/get_oidc_public_keys.py +13 -12
pulumi_vault/identity/group.py +141 -140
pulumi_vault/identity/group_alias.py +57 -56
pulumi_vault/identity/group_member_entity_ids.py +57 -56
pulumi_vault/identity/group_member_group_ids.py +57 -56
pulumi_vault/identity/group_policies.py +64 -63
pulumi_vault/identity/mfa_duo.py +148 -147
pulumi_vault/identity/mfa_login_enforcement.py +120 -119
pulumi_vault/identity/mfa_okta.py +134 -133
pulumi_vault/identity/mfa_pingid.py +127 -126
pulumi_vault/identity/mfa_totp.py +176 -175
pulumi_vault/identity/oidc.py +29 -28
pulumi_vault/identity/oidc_assignment.py +57 -56
pulumi_vault/identity/oidc_client.py +127 -126
pulumi_vault/identity/oidc_key.py +85 -84
pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
pulumi_vault/identity/oidc_provider.py +92 -91
pulumi_vault/identity/oidc_role.py +85 -84
pulumi_vault/identity/oidc_scope.py +57 -56
pulumi_vault/identity/outputs.py +32 -31
pulumi_vault/jwt/__init__.py +1 -0
pulumi_vault/jwt/_inputs.py +42 -41
pulumi_vault/jwt/auth_backend.py +288 -287
pulumi_vault/jwt/auth_backend_role.py +407 -406
pulumi_vault/jwt/outputs.py +26 -25
pulumi_vault/kmip/__init__.py +1 -0
pulumi_vault/kmip/secret_backend.py +183 -182
pulumi_vault/kmip/secret_role.py +295 -294
pulumi_vault/kmip/secret_scope.py +57 -56
pulumi_vault/kubernetes/__init__.py +1 -0
pulumi_vault/kubernetes/auth_backend_config.py +141 -140
pulumi_vault/kubernetes/auth_backend_role.py +225 -224
pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
pulumi_vault/kubernetes/get_service_account_token.py +38 -37
pulumi_vault/kubernetes/secret_backend.py +316 -315
pulumi_vault/kubernetes/secret_backend_role.py +197 -196
pulumi_vault/kv/__init__.py +1 -0
pulumi_vault/kv/_inputs.py +21 -20
pulumi_vault/kv/get_secret.py +17 -16
pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
pulumi_vault/kv/get_secret_v2.py +29 -28
pulumi_vault/kv/get_secrets_list.py +13 -12
pulumi_vault/kv/get_secrets_list_v2.py +19 -18
pulumi_vault/kv/outputs.py +13 -12
pulumi_vault/kv/secret.py +50 -49
pulumi_vault/kv/secret_backend_v2.py +71 -70
pulumi_vault/kv/secret_v2.py +134 -133
pulumi_vault/ldap/__init__.py +1 -0
pulumi_vault/ldap/auth_backend.py +754 -533
pulumi_vault/ldap/auth_backend_group.py +57 -56
pulumi_vault/ldap/auth_backend_user.py +71 -70
pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
pulumi_vault/ldap/get_static_credentials.py +18 -17
pulumi_vault/ldap/secret_backend.py +720 -499
pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
pulumi_vault/ldap/secret_backend_library_set.py +99 -98
pulumi_vault/ldap/secret_backend_static_role.py +99 -98
pulumi_vault/managed/__init__.py +1 -0
pulumi_vault/managed/_inputs.py +229 -228
pulumi_vault/managed/keys.py +15 -14
pulumi_vault/managed/outputs.py +139 -138
pulumi_vault/mfa_duo.py +113 -112
pulumi_vault/mfa_okta.py +113 -112
pulumi_vault/mfa_pingid.py +120 -119
pulumi_vault/mfa_totp.py +127 -126
pulumi_vault/mongodbatlas/__init__.py +1 -0
pulumi_vault/mongodbatlas/secret_backend.py +64 -63
pulumi_vault/mongodbatlas/secret_role.py +155 -154
pulumi_vault/mount.py +274 -273
pulumi_vault/namespace.py +64 -63
pulumi_vault/nomad_secret_backend.py +211 -210
pulumi_vault/nomad_secret_role.py +85 -84
pulumi_vault/okta/__init__.py +1 -0
pulumi_vault/okta/_inputs.py +26 -25
pulumi_vault/okta/auth_backend.py +274 -273
pulumi_vault/okta/auth_backend_group.py +57 -56
pulumi_vault/okta/auth_backend_user.py +71 -70
pulumi_vault/okta/outputs.py +16 -15
pulumi_vault/outputs.py +73 -60
pulumi_vault/password_policy.py +43 -42
pulumi_vault/pkisecret/__init__.py +3 -0
pulumi_vault/pkisecret/_inputs.py +31 -36
pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
pulumi_vault/pkisecret/backend_config_acme.py +174 -126
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
pulumi_vault/pkisecret/backend_config_est.py +120 -119
pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
pulumi_vault/pkisecret/get_backend_key.py +20 -19
pulumi_vault/pkisecret/get_backend_keys.py +15 -14
pulumi_vault/pkisecret/outputs.py +28 -31
pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
pulumi_vault/pkisecret/secret_backend_key.py +120 -119
pulumi_vault/pkisecret/secret_backend_role.py +894 -644
pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
pulumi_vault/plugin.py +127 -126
pulumi_vault/plugin_pinned_version.py +43 -42
pulumi_vault/policy.py +43 -42
pulumi_vault/provider.py +120 -119
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/quota_lease_count.py +85 -84
pulumi_vault/quota_rate_limit.py +113 -112
pulumi_vault/rabbitmq/__init__.py +1 -0
pulumi_vault/rabbitmq/_inputs.py +41 -40
pulumi_vault/rabbitmq/outputs.py +25 -24
pulumi_vault/rabbitmq/secret_backend.py +169 -168
pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
pulumi_vault/raft_autopilot.py +113 -112
pulumi_vault/raft_snapshot_agent_config.py +393 -392
pulumi_vault/rgp_policy.py +57 -56
pulumi_vault/saml/__init__.py +1 -0
pulumi_vault/saml/auth_backend.py +155 -154
pulumi_vault/saml/auth_backend_role.py +239 -238
pulumi_vault/secrets/__init__.py +1 -0
pulumi_vault/secrets/_inputs.py +16 -15
pulumi_vault/secrets/outputs.py +10 -9
pulumi_vault/secrets/sync_association.py +71 -70
pulumi_vault/secrets/sync_aws_destination.py +148 -147
pulumi_vault/secrets/sync_azure_destination.py +148 -147
pulumi_vault/secrets/sync_config.py +43 -42
pulumi_vault/secrets/sync_gcp_destination.py +106 -105
pulumi_vault/secrets/sync_gh_destination.py +134 -133
pulumi_vault/secrets/sync_github_apps.py +64 -63
pulumi_vault/secrets/sync_vercel_destination.py +120 -119
pulumi_vault/ssh/__init__.py +2 -0
pulumi_vault/ssh/_inputs.py +11 -10
pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
pulumi_vault/ssh/outputs.py +7 -6
pulumi_vault/ssh/secret_backend_ca.py +99 -98
pulumi_vault/ssh/secret_backend_role.py +365 -364
pulumi_vault/terraformcloud/__init__.py +1 -0
pulumi_vault/terraformcloud/secret_backend.py +111 -110
pulumi_vault/terraformcloud/secret_creds.py +74 -73
pulumi_vault/terraformcloud/secret_role.py +96 -95
pulumi_vault/token.py +246 -245
pulumi_vault/tokenauth/__init__.py +1 -0
pulumi_vault/tokenauth/auth_backend_role.py +267 -266
pulumi_vault/transform/__init__.py +1 -0
pulumi_vault/transform/alphabet.py +57 -56
pulumi_vault/transform/get_decode.py +47 -46
pulumi_vault/transform/get_encode.py +47 -46
pulumi_vault/transform/role.py +57 -56
pulumi_vault/transform/template.py +113 -112
pulumi_vault/transform/transformation.py +141 -140
pulumi_vault/transit/__init__.py +3 -0
pulumi_vault/transit/get_decrypt.py +18 -17
pulumi_vault/transit/get_encrypt.py +21 -20
pulumi_vault/transit/get_sign.py +325 -0
pulumi_vault/transit/get_verify.py +355 -0
pulumi_vault/transit/secret_backend_key.py +394 -231
pulumi_vault/transit/secret_cache_config.py +43 -42
{pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
pulumi_vault-6.7.0.dist-info/RECORD +265 -0
{pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
{pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0

pulumi_vault/azure/auth_backend_config.py CHANGED Viewed

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins
 import copy
 import warnings
 import sys
@@ -19,37 +20,53 @@ __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
 @pulumi.input_type
 class AuthBackendConfigArgs:
     def __init__(__self__, *,
-                 resource: pulumi.Input[str],
-                 tenant_id: pulumi.Input[str],
-                 backend: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 client_secret: Optional[pulumi.Input[str]] = None,
-                 environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None):
+                 resource: pulumi.Input[builtins.str],
+                 tenant_id: pulumi.Input[builtins.str],
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 client_id: Optional[pulumi.Input[builtins.str]] = None,
+                 client_secret: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 environment: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None):
         """
         The set of arguments for constructing a AuthBackendConfig resource.
-        :param pulumi.Input[str] resource: The configured URL for the application registered in
+        :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
                Azure Active Directory.
-        :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
+        :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
                organization.
-        :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
+        :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
                mounted at.  Defaults to `azure`.
-        :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
+        :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
                Currently read permissions to query compute resources are required.
-        :param pulumi.Input[str] client_secret: The client secret for credentials to query the
+        :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
                Azure APIs.
-        :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
                *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
         """
         pulumi.set(__self__, "resource", resource)
         pulumi.set(__self__, "tenant_id", tenant_id)
@@ -59,6 +76,8 @@ class AuthBackendConfigArgs:
             pulumi.set(__self__, "client_id", client_id)
         if client_secret is not None:
             pulumi.set(__self__, "client_secret", client_secret)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
         if identity_token_audience is not None:
@@ -67,10 +86,16 @@ class AuthBackendConfigArgs:
             pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
         if namespace is not None:
             pulumi.set(__self__, "namespace", namespace)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
     @property
     @pulumi.getter
-    def resource(self) -> pulumi.Input[str]:
+    def resource(self) -> pulumi.Input[builtins.str]:
         """
         The configured URL for the application registered in
         Azure Active Directory.
@@ -78,12 +103,12 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "resource")
     @resource.setter
-    def resource(self, value: pulumi.Input[str]):
+    def resource(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "resource", value)
     @property
     @pulumi.getter(name="tenantId")
-    def tenant_id(self) -> pulumi.Input[str]:
+    def tenant_id(self) -> pulumi.Input[builtins.str]:
         """
         The tenant id for the Azure Active Directory
         organization.
@@ -91,12 +116,12 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "tenant_id")
     @tenant_id.setter
-    def tenant_id(self, value: pulumi.Input[str]):
+    def tenant_id(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "tenant_id", value)
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The path the Azure auth backend being configured was
         mounted at.  Defaults to `azure`.
@@ -104,12 +129,12 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "backend")
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
     @property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> Optional[pulumi.Input[str]]:
+    def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The client id for credentials to query the Azure APIs.
         Currently read permissions to query compute resources are required.
@@ -117,12 +142,12 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "client_id")
     @client_id.setter
-    def client_id(self, value: Optional[pulumi.Input[str]]):
+    def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_id", value)
     @property
     @pulumi.getter(name="clientSecret")
-    def client_secret(self) -> Optional[pulumi.Input[str]]:
+    def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The client secret for credentials to query the
         Azure APIs.
@@ -130,12 +155,25 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "client_secret")
     @client_secret.setter
-    def client_secret(self, value: Optional[pulumi.Input[str]]):
+    def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_secret", value)
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
     @property
     @pulumi.getter
-    def environment(self) -> Optional[pulumi.Input[str]]:
+    def environment(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The Azure cloud environment. Valid values:
         AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
@@ -144,12 +182,12 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "environment")
     @environment.setter
-    def environment(self, value: Optional[pulumi.Input[str]]):
+    def environment(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "environment", value)
     @property
     @pulumi.getter(name="identityTokenAudience")
-    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
+    def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The audience claim value for plugin identity tokens. Requires Vault 1.17+.
         *Available only for Vault Enterprise*
@@ -157,24 +195,24 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "identity_token_audience")
     @identity_token_audience.setter
-    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
+    def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "identity_token_audience", value)
     @property
     @pulumi.getter(name="identityTokenTtl")
-    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
+    def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The TTL of generated identity tokens in seconds.
         """
         return pulumi.get(self, "identity_token_ttl")
     @identity_token_ttl.setter
-    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
+    def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "identity_token_ttl", value)
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -184,43 +222,102 @@ class AuthBackendConfigArgs:
         return pulumi.get(self, "namespace")
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_period")
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_period", value)
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_schedule")
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "rotation_schedule", value)
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_window")
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_window", value)
 @pulumi.input_type
 class _AuthBackendConfigState:
     def __init__(__self__, *,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 client_secret: Optional[pulumi.Input[str]] = None,
-                 environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 resource: Optional[pulumi.Input[str]] = None,
-                 tenant_id: Optional[pulumi.Input[str]] = None):
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 client_id: Optional[pulumi.Input[builtins.str]] = None,
+                 client_secret: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 environment: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 resource: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 tenant_id: Optional[pulumi.Input[builtins.str]] = None):
         """
         Input properties used for looking up and filtering AuthBackendConfig resources.
-        :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
+        :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
                mounted at.  Defaults to `azure`.
-        :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
+        :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
                Currently read permissions to query compute resources are required.
-        :param pulumi.Input[str] client_secret: The client secret for credentials to query the
+        :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
                Azure APIs.
-        :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
                *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] resource: The configured URL for the application registered in
+        :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
                Azure Active Directory.
-        :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
                organization.
         """
         if backend is not None:
@@ -229,6 +326,8 @@ class _AuthBackendConfigState:
             pulumi.set(__self__, "client_id", client_id)
         if client_secret is not None:
             pulumi.set(__self__, "client_secret", client_secret)
+        if disable_automated_rotation is not None:
+            pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
         if environment is not None:
             pulumi.set(__self__, "environment", environment)
         if identity_token_audience is not None:
@@ -239,12 +338,18 @@ class _AuthBackendConfigState:
             pulumi.set(__self__, "namespace", namespace)
         if resource is not None:
             pulumi.set(__self__, "resource", resource)
+        if rotation_period is not None:
+            pulumi.set(__self__, "rotation_period", rotation_period)
+        if rotation_schedule is not None:
+            pulumi.set(__self__, "rotation_schedule", rotation_schedule)
+        if rotation_window is not None:
+            pulumi.set(__self__, "rotation_window", rotation_window)
         if tenant_id is not None:
             pulumi.set(__self__, "tenant_id", tenant_id)
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The path the Azure auth backend being configured was
         mounted at.  Defaults to `azure`.
@@ -252,12 +357,12 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "backend")
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
     @property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> Optional[pulumi.Input[str]]:
+    def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The client id for credentials to query the Azure APIs.
         Currently read permissions to query compute resources are required.
@@ -265,12 +370,12 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "client_id")
     @client_id.setter
-    def client_id(self, value: Optional[pulumi.Input[str]]):
+    def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_id", value)
     @property
     @pulumi.getter(name="clientSecret")
-    def client_secret(self) -> Optional[pulumi.Input[str]]:
+    def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The client secret for credentials to query the
         Azure APIs.
@@ -278,12 +383,25 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "client_secret")
     @client_secret.setter
-    def client_secret(self, value: Optional[pulumi.Input[str]]):
+    def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_secret", value)
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "disable_automated_rotation")
+    @disable_automated_rotation.setter
+    def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_automated_rotation", value)
     @property
     @pulumi.getter
-    def environment(self) -> Optional[pulumi.Input[str]]:
+    def environment(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The Azure cloud environment. Valid values:
         AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
@@ -292,12 +410,12 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "environment")
     @environment.setter
-    def environment(self, value: Optional[pulumi.Input[str]]):
+    def environment(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "environment", value)
     @property
     @pulumi.getter(name="identityTokenAudience")
-    def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
+    def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The audience claim value for plugin identity tokens. Requires Vault 1.17+.
         *Available only for Vault Enterprise*
@@ -305,24 +423,24 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "identity_token_audience")
     @identity_token_audience.setter
-    def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
+    def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "identity_token_audience", value)
     @property
     @pulumi.getter(name="identityTokenTtl")
-    def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
+    def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The TTL of generated identity tokens in seconds.
         """
         return pulumi.get(self, "identity_token_ttl")
     @identity_token_ttl.setter
-    def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
+    def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "identity_token_ttl", value)
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -332,12 +450,12 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "namespace")
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
     @property
     @pulumi.getter
-    def resource(self) -> Optional[pulumi.Input[str]]:
+    def resource(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The configured URL for the application registered in
         Azure Active Directory.
@@ -345,12 +463,55 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "resource")
     @resource.setter
-    def resource(self, value: Optional[pulumi.Input[str]]):
+    def resource(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "resource", value)
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_period")
+    @rotation_period.setter
+    def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_period", value)
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_schedule")
+    @rotation_schedule.setter
+    def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "rotation_schedule", value)
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_window")
+    @rotation_window.setter
+    def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
+        pulumi.set(self, "rotation_window", value)
     @property
     @pulumi.getter(name="tenantId")
-    def tenant_id(self) -> Optional[pulumi.Input[str]]:
+    def tenant_id(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The tenant id for the Azure Active Directory
         organization.
@@ -358,7 +519,7 @@ class _AuthBackendConfigState:
         return pulumi.get(self, "tenant_id")
     @tenant_id.setter
-    def tenant_id(self, value: Optional[pulumi.Input[str]]):
+    def tenant_id(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tenant_id", value)
@@ -367,15 +528,19 @@ class AuthBackendConfig(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 client_secret: Optional[pulumi.Input[str]] = None,
-                 environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 resource: Optional[pulumi.Input[str]] = None,
-                 tenant_id: Optional[pulumi.Input[str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 client_id: Optional[pulumi.Input[builtins.str]] = None,
+                 client_secret: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 environment: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 resource: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 tenant_id: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -393,7 +558,9 @@ class AuthBackendConfig(pulumi.CustomResource):
             tenant_id="11111111-2222-3333-4444-555555555555",
             client_id="11111111-2222-3333-4444-555555555555",
             identity_token_audience="<TOKEN_AUDIENCE>",
-            identity_token_ttl="<TOKEN_TTL>")
+            identity_token_ttl="<TOKEN_TTL>",
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600)
         ```
         ```python
@@ -406,7 +573,9 @@ class AuthBackendConfig(pulumi.CustomResource):
             tenant_id="11111111-2222-3333-4444-555555555555",
             client_id="11111111-2222-3333-4444-555555555555",
             client_secret="01234567890123456789",
-            resource="https://vault.hashicorp.com")
+            resource="https://vault.hashicorp.com",
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600)
         ```
         ## Import
@@ -419,25 +588,37 @@ class AuthBackendConfig(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
+        :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
                mounted at.  Defaults to `azure`.
-        :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
+        :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
                Currently read permissions to query compute resources are required.
-        :param pulumi.Input[str] client_secret: The client secret for credentials to query the
+        :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
                Azure APIs.
-        :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
                *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] resource: The configured URL for the application registered in
+        :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
                Azure Active Directory.
-        :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
                organization.
         """
         ...
@@ -462,7 +643,9 @@ class AuthBackendConfig(pulumi.CustomResource):
             tenant_id="11111111-2222-3333-4444-555555555555",
             client_id="11111111-2222-3333-4444-555555555555",
             identity_token_audience="<TOKEN_AUDIENCE>",
-            identity_token_ttl="<TOKEN_TTL>")
+            identity_token_ttl="<TOKEN_TTL>",
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600)
         ```
         ```python
@@ -475,7 +658,9 @@ class AuthBackendConfig(pulumi.CustomResource):
             tenant_id="11111111-2222-3333-4444-555555555555",
             client_id="11111111-2222-3333-4444-555555555555",
             client_secret="01234567890123456789",
-            resource="https://vault.hashicorp.com")
+            resource="https://vault.hashicorp.com",
+            rotation_schedule="0 * * * SAT",
+            rotation_window=3600)
         ```
         ## Import
@@ -501,15 +686,19 @@ class AuthBackendConfig(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 client_id: Optional[pulumi.Input[str]] = None,
-                 client_secret: Optional[pulumi.Input[str]] = None,
-                 environment: Optional[pulumi.Input[str]] = None,
-                 identity_token_audience: Optional[pulumi.Input[str]] = None,
-                 identity_token_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 resource: Optional[pulumi.Input[str]] = None,
-                 tenant_id: Optional[pulumi.Input[str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 client_id: Optional[pulumi.Input[builtins.str]] = None,
+                 client_secret: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+                 environment: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
+                 identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 resource: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+                 rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+                 rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+                 tenant_id: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -522,6 +711,7 @@ class AuthBackendConfig(pulumi.CustomResource):
             __props__.__dict__["backend"] = backend
             __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
             __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
+            __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
             __props__.__dict__["environment"] = environment
             __props__.__dict__["identity_token_audience"] = identity_token_audience
             __props__.__dict__["identity_token_ttl"] = identity_token_ttl
@@ -529,6 +719,9 @@ class AuthBackendConfig(pulumi.CustomResource):
             if resource is None and not opts.urn:
                 raise TypeError("Missing required property 'resource'")
             __props__.__dict__["resource"] = resource
+            __props__.__dict__["rotation_period"] = rotation_period
+            __props__.__dict__["rotation_schedule"] = rotation_schedule
+            __props__.__dict__["rotation_window"] = rotation_window
             if tenant_id is None and not opts.urn:
                 raise TypeError("Missing required property 'tenant_id'")
             __props__.__dict__["tenant_id"] = None if tenant_id is None else pulumi.Output.secret(tenant_id)
@@ -544,15 +737,19 @@ class AuthBackendConfig(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            backend: Optional[pulumi.Input[str]] = None,
-            client_id: Optional[pulumi.Input[str]] = None,
-            client_secret: Optional[pulumi.Input[str]] = None,
-            environment: Optional[pulumi.Input[str]] = None,
-            identity_token_audience: Optional[pulumi.Input[str]] = None,
-            identity_token_ttl: Optional[pulumi.Input[int]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
-            resource: Optional[pulumi.Input[str]] = None,
-            tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
+            backend: Optional[pulumi.Input[builtins.str]] = None,
+            client_id: Optional[pulumi.Input[builtins.str]] = None,
+            client_secret: Optional[pulumi.Input[builtins.str]] = None,
+            disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
+            environment: Optional[pulumi.Input[builtins.str]] = None,
+            identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
+            identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
+            resource: Optional[pulumi.Input[builtins.str]] = None,
+            rotation_period: Optional[pulumi.Input[builtins.int]] = None,
+            rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
+            rotation_window: Optional[pulumi.Input[builtins.int]] = None,
+            tenant_id: Optional[pulumi.Input[builtins.str]] = None) -> 'AuthBackendConfig':
         """
         Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -560,25 +757,37 @@ class AuthBackendConfig(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
+        :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
                mounted at.  Defaults to `azure`.
-        :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
+        :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
                Currently read permissions to query compute resources are required.
-        :param pulumi.Input[str] client_secret: The client secret for credentials to query the
+        :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
                Azure APIs.
-        :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
+        :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
                AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
                AzureGermanCloud.  Defaults to `AzurePublicCloud`.
-        :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
+        :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
                *Available only for Vault Enterprise*
-        :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] resource: The configured URL for the application registered in
+        :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
                Azure Active Directory.
-        :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
+        :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
+               A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+               defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
+               a rotation when a scheduled token rotation occurs. The default rotation window is
+               unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+               *Available only for Vault Enterprise*
+        :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
                organization.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -588,17 +797,21 @@ class AuthBackendConfig(pulumi.CustomResource):
         __props__.__dict__["backend"] = backend
         __props__.__dict__["client_id"] = client_id
         __props__.__dict__["client_secret"] = client_secret
+        __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
         __props__.__dict__["environment"] = environment
         __props__.__dict__["identity_token_audience"] = identity_token_audience
         __props__.__dict__["identity_token_ttl"] = identity_token_ttl
         __props__.__dict__["namespace"] = namespace
         __props__.__dict__["resource"] = resource
+        __props__.__dict__["rotation_period"] = rotation_period
+        __props__.__dict__["rotation_schedule"] = rotation_schedule
+        __props__.__dict__["rotation_window"] = rotation_window
         __props__.__dict__["tenant_id"] = tenant_id
         return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[Optional[str]]:
+    def backend(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The path the Azure auth backend being configured was
         mounted at.  Defaults to `azure`.
@@ -607,7 +820,7 @@ class AuthBackendConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="clientId")
-    def client_id(self) -> pulumi.Output[Optional[str]]:
+    def client_id(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The client id for credentials to query the Azure APIs.
         Currently read permissions to query compute resources are required.
@@ -616,16 +829,25 @@ class AuthBackendConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="clientSecret")
-    def client_secret(self) -> pulumi.Output[Optional[str]]:
+    def client_secret(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The client secret for credentials to query the
         Azure APIs.
         """
         return pulumi.get(self, "client_secret")
+    @property
+    @pulumi.getter(name="disableAutomatedRotation")
+    def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "disable_automated_rotation")
     @property
     @pulumi.getter
-    def environment(self) -> pulumi.Output[Optional[str]]:
+    def environment(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The Azure cloud environment. Valid values:
         AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
@@ -635,7 +857,7 @@ class AuthBackendConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="identityTokenAudience")
-    def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
+    def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The audience claim value for plugin identity tokens. Requires Vault 1.17+.
         *Available only for Vault Enterprise*
@@ -644,7 +866,7 @@ class AuthBackendConfig(pulumi.CustomResource):
     @property
     @pulumi.getter(name="identityTokenTtl")
-    def identity_token_ttl(self) -> pulumi.Output[int]:
+    def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
         """
         The TTL of generated identity tokens in seconds.
         """
@@ -652,7 +874,7 @@ class AuthBackendConfig(pulumi.CustomResource):
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -663,16 +885,47 @@ class AuthBackendConfig(pulumi.CustomResource):
     @property
     @pulumi.getter
-    def resource(self) -> pulumi.Output[str]:
+    def resource(self) -> pulumi.Output[builtins.str]:
         """
         The configured URL for the application registered in
         Azure Active Directory.
         """
         return pulumi.get(self, "resource")
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
+        """
+        The amount of time in seconds Vault should wait before rotating the root credential.
+        A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_period")
+    @property
+    @pulumi.getter(name="rotationSchedule")
+    def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
+        """
+        The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
+        defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_schedule")
+    @property
+    @pulumi.getter(name="rotationWindow")
+    def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
+        """
+        The maximum amount of time in seconds allowed to complete
+        a rotation when a scheduled token rotation occurs. The default rotation window is
+        unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
+        *Available only for Vault Enterprise*
+        """
+        return pulumi.get(self, "rotation_window")
     @property
     @pulumi.getter(name="tenantId")
-    def tenant_id(self) -> pulumi.Output[str]:
+    def tenant_id(self) -> pulumi.Output[builtins.str]:
         """
         The tenant id for the Azure Active Directory
         organization.

pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi-vault 6.6.0a1741415971py3-none-any.whl → 6.7.0py3-none-any.whl