pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,37 +20,53 @@ __all__ = ['AuthBackendConfigArgs', 'AuthBackendConfig']
19
20
  @pulumi.input_type
20
21
  class AuthBackendConfigArgs:
21
22
  def __init__(__self__, *,
22
- resource: pulumi.Input[str],
23
- tenant_id: pulumi.Input[str],
24
- backend: Optional[pulumi.Input[str]] = None,
25
- client_id: Optional[pulumi.Input[str]] = None,
26
- client_secret: Optional[pulumi.Input[str]] = None,
27
- environment: Optional[pulumi.Input[str]] = None,
28
- identity_token_audience: Optional[pulumi.Input[str]] = None,
29
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
30
- namespace: Optional[pulumi.Input[str]] = None):
23
+ resource: pulumi.Input[builtins.str],
24
+ tenant_id: pulumi.Input[builtins.str],
25
+ backend: Optional[pulumi.Input[builtins.str]] = None,
26
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
27
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
28
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
29
+ environment: Optional[pulumi.Input[builtins.str]] = None,
30
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
31
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
32
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
33
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
34
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
35
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None):
31
36
  """
32
37
  The set of arguments for constructing a AuthBackendConfig resource.
33
- :param pulumi.Input[str] resource: The configured URL for the application registered in
38
+ :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
34
39
  Azure Active Directory.
35
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
40
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
36
41
  organization.
37
- :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
42
+ :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
38
43
  mounted at. Defaults to `azure`.
39
- :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
44
+ :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
40
45
  Currently read permissions to query compute resources are required.
41
- :param pulumi.Input[str] client_secret: The client secret for credentials to query the
46
+ :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
42
47
  Azure APIs.
43
- :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
48
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
49
+ *Available only for Vault Enterprise*
50
+ :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
44
51
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
45
52
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
46
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
53
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
47
54
  *Available only for Vault Enterprise*
48
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
49
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
55
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
56
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
50
57
  The value should not contain leading or trailing forward slashes.
51
58
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
52
59
  *Available only for Vault Enterprise*.
60
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
61
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
62
+ *Available only for Vault Enterprise*
63
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
64
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
65
+ *Available only for Vault Enterprise*
66
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
67
+ a rotation when a scheduled token rotation occurs. The default rotation window is
68
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
69
+ *Available only for Vault Enterprise*
53
70
  """
54
71
  pulumi.set(__self__, "resource", resource)
55
72
  pulumi.set(__self__, "tenant_id", tenant_id)
@@ -59,6 +76,8 @@ class AuthBackendConfigArgs:
59
76
  pulumi.set(__self__, "client_id", client_id)
60
77
  if client_secret is not None:
61
78
  pulumi.set(__self__, "client_secret", client_secret)
79
+ if disable_automated_rotation is not None:
80
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
62
81
  if environment is not None:
63
82
  pulumi.set(__self__, "environment", environment)
64
83
  if identity_token_audience is not None:
@@ -67,10 +86,16 @@ class AuthBackendConfigArgs:
67
86
  pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
68
87
  if namespace is not None:
69
88
  pulumi.set(__self__, "namespace", namespace)
89
+ if rotation_period is not None:
90
+ pulumi.set(__self__, "rotation_period", rotation_period)
91
+ if rotation_schedule is not None:
92
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
93
+ if rotation_window is not None:
94
+ pulumi.set(__self__, "rotation_window", rotation_window)
70
95
 
71
96
  @property
72
97
  @pulumi.getter
73
- def resource(self) -> pulumi.Input[str]:
98
+ def resource(self) -> pulumi.Input[builtins.str]:
74
99
  """
75
100
  The configured URL for the application registered in
76
101
  Azure Active Directory.
@@ -78,12 +103,12 @@ class AuthBackendConfigArgs:
78
103
  return pulumi.get(self, "resource")
79
104
 
80
105
  @resource.setter
81
- def resource(self, value: pulumi.Input[str]):
106
+ def resource(self, value: pulumi.Input[builtins.str]):
82
107
  pulumi.set(self, "resource", value)
83
108
 
84
109
  @property
85
110
  @pulumi.getter(name="tenantId")
86
- def tenant_id(self) -> pulumi.Input[str]:
111
+ def tenant_id(self) -> pulumi.Input[builtins.str]:
87
112
  """
88
113
  The tenant id for the Azure Active Directory
89
114
  organization.
@@ -91,12 +116,12 @@ class AuthBackendConfigArgs:
91
116
  return pulumi.get(self, "tenant_id")
92
117
 
93
118
  @tenant_id.setter
94
- def tenant_id(self, value: pulumi.Input[str]):
119
+ def tenant_id(self, value: pulumi.Input[builtins.str]):
95
120
  pulumi.set(self, "tenant_id", value)
96
121
 
97
122
  @property
98
123
  @pulumi.getter
99
- def backend(self) -> Optional[pulumi.Input[str]]:
124
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
100
125
  """
101
126
  The path the Azure auth backend being configured was
102
127
  mounted at. Defaults to `azure`.
@@ -104,12 +129,12 @@ class AuthBackendConfigArgs:
104
129
  return pulumi.get(self, "backend")
105
130
 
106
131
  @backend.setter
107
- def backend(self, value: Optional[pulumi.Input[str]]):
132
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
108
133
  pulumi.set(self, "backend", value)
109
134
 
110
135
  @property
111
136
  @pulumi.getter(name="clientId")
112
- def client_id(self) -> Optional[pulumi.Input[str]]:
137
+ def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
113
138
  """
114
139
  The client id for credentials to query the Azure APIs.
115
140
  Currently read permissions to query compute resources are required.
@@ -117,12 +142,12 @@ class AuthBackendConfigArgs:
117
142
  return pulumi.get(self, "client_id")
118
143
 
119
144
  @client_id.setter
120
- def client_id(self, value: Optional[pulumi.Input[str]]):
145
+ def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
121
146
  pulumi.set(self, "client_id", value)
122
147
 
123
148
  @property
124
149
  @pulumi.getter(name="clientSecret")
125
- def client_secret(self) -> Optional[pulumi.Input[str]]:
150
+ def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
126
151
  """
127
152
  The client secret for credentials to query the
128
153
  Azure APIs.
@@ -130,12 +155,25 @@ class AuthBackendConfigArgs:
130
155
  return pulumi.get(self, "client_secret")
131
156
 
132
157
  @client_secret.setter
133
- def client_secret(self, value: Optional[pulumi.Input[str]]):
158
+ def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
134
159
  pulumi.set(self, "client_secret", value)
135
160
 
161
+ @property
162
+ @pulumi.getter(name="disableAutomatedRotation")
163
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
164
+ """
165
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
166
+ *Available only for Vault Enterprise*
167
+ """
168
+ return pulumi.get(self, "disable_automated_rotation")
169
+
170
+ @disable_automated_rotation.setter
171
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
172
+ pulumi.set(self, "disable_automated_rotation", value)
173
+
136
174
  @property
137
175
  @pulumi.getter
138
- def environment(self) -> Optional[pulumi.Input[str]]:
176
+ def environment(self) -> Optional[pulumi.Input[builtins.str]]:
139
177
  """
140
178
  The Azure cloud environment. Valid values:
141
179
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
@@ -144,12 +182,12 @@ class AuthBackendConfigArgs:
144
182
  return pulumi.get(self, "environment")
145
183
 
146
184
  @environment.setter
147
- def environment(self, value: Optional[pulumi.Input[str]]):
185
+ def environment(self, value: Optional[pulumi.Input[builtins.str]]):
148
186
  pulumi.set(self, "environment", value)
149
187
 
150
188
  @property
151
189
  @pulumi.getter(name="identityTokenAudience")
152
- def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
190
+ def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
153
191
  """
154
192
  The audience claim value for plugin identity tokens. Requires Vault 1.17+.
155
193
  *Available only for Vault Enterprise*
@@ -157,24 +195,24 @@ class AuthBackendConfigArgs:
157
195
  return pulumi.get(self, "identity_token_audience")
158
196
 
159
197
  @identity_token_audience.setter
160
- def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
198
+ def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
161
199
  pulumi.set(self, "identity_token_audience", value)
162
200
 
163
201
  @property
164
202
  @pulumi.getter(name="identityTokenTtl")
165
- def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
203
+ def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
166
204
  """
167
205
  The TTL of generated identity tokens in seconds.
168
206
  """
169
207
  return pulumi.get(self, "identity_token_ttl")
170
208
 
171
209
  @identity_token_ttl.setter
172
- def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
210
+ def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
173
211
  pulumi.set(self, "identity_token_ttl", value)
174
212
 
175
213
  @property
176
214
  @pulumi.getter
177
- def namespace(self) -> Optional[pulumi.Input[str]]:
215
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
178
216
  """
179
217
  The namespace to provision the resource in.
180
218
  The value should not contain leading or trailing forward slashes.
@@ -184,43 +222,102 @@ class AuthBackendConfigArgs:
184
222
  return pulumi.get(self, "namespace")
185
223
 
186
224
  @namespace.setter
187
- def namespace(self, value: Optional[pulumi.Input[str]]):
225
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
188
226
  pulumi.set(self, "namespace", value)
189
227
 
228
+ @property
229
+ @pulumi.getter(name="rotationPeriod")
230
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
231
+ """
232
+ The amount of time in seconds Vault should wait before rotating the root credential.
233
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
234
+ *Available only for Vault Enterprise*
235
+ """
236
+ return pulumi.get(self, "rotation_period")
237
+
238
+ @rotation_period.setter
239
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
240
+ pulumi.set(self, "rotation_period", value)
241
+
242
+ @property
243
+ @pulumi.getter(name="rotationSchedule")
244
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
245
+ """
246
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
247
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
248
+ *Available only for Vault Enterprise*
249
+ """
250
+ return pulumi.get(self, "rotation_schedule")
251
+
252
+ @rotation_schedule.setter
253
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
254
+ pulumi.set(self, "rotation_schedule", value)
255
+
256
+ @property
257
+ @pulumi.getter(name="rotationWindow")
258
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
259
+ """
260
+ The maximum amount of time in seconds allowed to complete
261
+ a rotation when a scheduled token rotation occurs. The default rotation window is
262
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
263
+ *Available only for Vault Enterprise*
264
+ """
265
+ return pulumi.get(self, "rotation_window")
266
+
267
+ @rotation_window.setter
268
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
269
+ pulumi.set(self, "rotation_window", value)
270
+
190
271
 
191
272
  @pulumi.input_type
192
273
  class _AuthBackendConfigState:
193
274
  def __init__(__self__, *,
194
- backend: Optional[pulumi.Input[str]] = None,
195
- client_id: Optional[pulumi.Input[str]] = None,
196
- client_secret: Optional[pulumi.Input[str]] = None,
197
- environment: Optional[pulumi.Input[str]] = None,
198
- identity_token_audience: Optional[pulumi.Input[str]] = None,
199
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
200
- namespace: Optional[pulumi.Input[str]] = None,
201
- resource: Optional[pulumi.Input[str]] = None,
202
- tenant_id: Optional[pulumi.Input[str]] = None):
275
+ backend: Optional[pulumi.Input[builtins.str]] = None,
276
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
277
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
278
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
279
+ environment: Optional[pulumi.Input[builtins.str]] = None,
280
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
281
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
282
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
283
+ resource: Optional[pulumi.Input[builtins.str]] = None,
284
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
285
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
286
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
287
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None):
203
288
  """
204
289
  Input properties used for looking up and filtering AuthBackendConfig resources.
205
- :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
290
+ :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
206
291
  mounted at. Defaults to `azure`.
207
- :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
292
+ :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
208
293
  Currently read permissions to query compute resources are required.
209
- :param pulumi.Input[str] client_secret: The client secret for credentials to query the
294
+ :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
210
295
  Azure APIs.
211
- :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
296
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
297
+ *Available only for Vault Enterprise*
298
+ :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
212
299
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
213
300
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
214
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
301
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
215
302
  *Available only for Vault Enterprise*
216
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
217
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
303
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
304
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
218
305
  The value should not contain leading or trailing forward slashes.
219
306
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
220
307
  *Available only for Vault Enterprise*.
221
- :param pulumi.Input[str] resource: The configured URL for the application registered in
308
+ :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
222
309
  Azure Active Directory.
223
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
310
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
311
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
312
+ *Available only for Vault Enterprise*
313
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
314
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
315
+ *Available only for Vault Enterprise*
316
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
317
+ a rotation when a scheduled token rotation occurs. The default rotation window is
318
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
319
+ *Available only for Vault Enterprise*
320
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
224
321
  organization.
225
322
  """
226
323
  if backend is not None:
@@ -229,6 +326,8 @@ class _AuthBackendConfigState:
229
326
  pulumi.set(__self__, "client_id", client_id)
230
327
  if client_secret is not None:
231
328
  pulumi.set(__self__, "client_secret", client_secret)
329
+ if disable_automated_rotation is not None:
330
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
232
331
  if environment is not None:
233
332
  pulumi.set(__self__, "environment", environment)
234
333
  if identity_token_audience is not None:
@@ -239,12 +338,18 @@ class _AuthBackendConfigState:
239
338
  pulumi.set(__self__, "namespace", namespace)
240
339
  if resource is not None:
241
340
  pulumi.set(__self__, "resource", resource)
341
+ if rotation_period is not None:
342
+ pulumi.set(__self__, "rotation_period", rotation_period)
343
+ if rotation_schedule is not None:
344
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
345
+ if rotation_window is not None:
346
+ pulumi.set(__self__, "rotation_window", rotation_window)
242
347
  if tenant_id is not None:
243
348
  pulumi.set(__self__, "tenant_id", tenant_id)
244
349
 
245
350
  @property
246
351
  @pulumi.getter
247
- def backend(self) -> Optional[pulumi.Input[str]]:
352
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
248
353
  """
249
354
  The path the Azure auth backend being configured was
250
355
  mounted at. Defaults to `azure`.
@@ -252,12 +357,12 @@ class _AuthBackendConfigState:
252
357
  return pulumi.get(self, "backend")
253
358
 
254
359
  @backend.setter
255
- def backend(self, value: Optional[pulumi.Input[str]]):
360
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
256
361
  pulumi.set(self, "backend", value)
257
362
 
258
363
  @property
259
364
  @pulumi.getter(name="clientId")
260
- def client_id(self) -> Optional[pulumi.Input[str]]:
365
+ def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
261
366
  """
262
367
  The client id for credentials to query the Azure APIs.
263
368
  Currently read permissions to query compute resources are required.
@@ -265,12 +370,12 @@ class _AuthBackendConfigState:
265
370
  return pulumi.get(self, "client_id")
266
371
 
267
372
  @client_id.setter
268
- def client_id(self, value: Optional[pulumi.Input[str]]):
373
+ def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
269
374
  pulumi.set(self, "client_id", value)
270
375
 
271
376
  @property
272
377
  @pulumi.getter(name="clientSecret")
273
- def client_secret(self) -> Optional[pulumi.Input[str]]:
378
+ def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
274
379
  """
275
380
  The client secret for credentials to query the
276
381
  Azure APIs.
@@ -278,12 +383,25 @@ class _AuthBackendConfigState:
278
383
  return pulumi.get(self, "client_secret")
279
384
 
280
385
  @client_secret.setter
281
- def client_secret(self, value: Optional[pulumi.Input[str]]):
386
+ def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
282
387
  pulumi.set(self, "client_secret", value)
283
388
 
389
+ @property
390
+ @pulumi.getter(name="disableAutomatedRotation")
391
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
392
+ """
393
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
394
+ *Available only for Vault Enterprise*
395
+ """
396
+ return pulumi.get(self, "disable_automated_rotation")
397
+
398
+ @disable_automated_rotation.setter
399
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
400
+ pulumi.set(self, "disable_automated_rotation", value)
401
+
284
402
  @property
285
403
  @pulumi.getter
286
- def environment(self) -> Optional[pulumi.Input[str]]:
404
+ def environment(self) -> Optional[pulumi.Input[builtins.str]]:
287
405
  """
288
406
  The Azure cloud environment. Valid values:
289
407
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
@@ -292,12 +410,12 @@ class _AuthBackendConfigState:
292
410
  return pulumi.get(self, "environment")
293
411
 
294
412
  @environment.setter
295
- def environment(self, value: Optional[pulumi.Input[str]]):
413
+ def environment(self, value: Optional[pulumi.Input[builtins.str]]):
296
414
  pulumi.set(self, "environment", value)
297
415
 
298
416
  @property
299
417
  @pulumi.getter(name="identityTokenAudience")
300
- def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
418
+ def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
301
419
  """
302
420
  The audience claim value for plugin identity tokens. Requires Vault 1.17+.
303
421
  *Available only for Vault Enterprise*
@@ -305,24 +423,24 @@ class _AuthBackendConfigState:
305
423
  return pulumi.get(self, "identity_token_audience")
306
424
 
307
425
  @identity_token_audience.setter
308
- def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
426
+ def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
309
427
  pulumi.set(self, "identity_token_audience", value)
310
428
 
311
429
  @property
312
430
  @pulumi.getter(name="identityTokenTtl")
313
- def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
431
+ def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
314
432
  """
315
433
  The TTL of generated identity tokens in seconds.
316
434
  """
317
435
  return pulumi.get(self, "identity_token_ttl")
318
436
 
319
437
  @identity_token_ttl.setter
320
- def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
438
+ def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
321
439
  pulumi.set(self, "identity_token_ttl", value)
322
440
 
323
441
  @property
324
442
  @pulumi.getter
325
- def namespace(self) -> Optional[pulumi.Input[str]]:
443
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
326
444
  """
327
445
  The namespace to provision the resource in.
328
446
  The value should not contain leading or trailing forward slashes.
@@ -332,12 +450,12 @@ class _AuthBackendConfigState:
332
450
  return pulumi.get(self, "namespace")
333
451
 
334
452
  @namespace.setter
335
- def namespace(self, value: Optional[pulumi.Input[str]]):
453
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
336
454
  pulumi.set(self, "namespace", value)
337
455
 
338
456
  @property
339
457
  @pulumi.getter
340
- def resource(self) -> Optional[pulumi.Input[str]]:
458
+ def resource(self) -> Optional[pulumi.Input[builtins.str]]:
341
459
  """
342
460
  The configured URL for the application registered in
343
461
  Azure Active Directory.
@@ -345,12 +463,55 @@ class _AuthBackendConfigState:
345
463
  return pulumi.get(self, "resource")
346
464
 
347
465
  @resource.setter
348
- def resource(self, value: Optional[pulumi.Input[str]]):
466
+ def resource(self, value: Optional[pulumi.Input[builtins.str]]):
349
467
  pulumi.set(self, "resource", value)
350
468
 
469
+ @property
470
+ @pulumi.getter(name="rotationPeriod")
471
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
472
+ """
473
+ The amount of time in seconds Vault should wait before rotating the root credential.
474
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
475
+ *Available only for Vault Enterprise*
476
+ """
477
+ return pulumi.get(self, "rotation_period")
478
+
479
+ @rotation_period.setter
480
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
481
+ pulumi.set(self, "rotation_period", value)
482
+
483
+ @property
484
+ @pulumi.getter(name="rotationSchedule")
485
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
486
+ """
487
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
488
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
489
+ *Available only for Vault Enterprise*
490
+ """
491
+ return pulumi.get(self, "rotation_schedule")
492
+
493
+ @rotation_schedule.setter
494
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
495
+ pulumi.set(self, "rotation_schedule", value)
496
+
497
+ @property
498
+ @pulumi.getter(name="rotationWindow")
499
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
500
+ """
501
+ The maximum amount of time in seconds allowed to complete
502
+ a rotation when a scheduled token rotation occurs. The default rotation window is
503
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
504
+ *Available only for Vault Enterprise*
505
+ """
506
+ return pulumi.get(self, "rotation_window")
507
+
508
+ @rotation_window.setter
509
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
510
+ pulumi.set(self, "rotation_window", value)
511
+
351
512
  @property
352
513
  @pulumi.getter(name="tenantId")
353
- def tenant_id(self) -> Optional[pulumi.Input[str]]:
514
+ def tenant_id(self) -> Optional[pulumi.Input[builtins.str]]:
354
515
  """
355
516
  The tenant id for the Azure Active Directory
356
517
  organization.
@@ -358,7 +519,7 @@ class _AuthBackendConfigState:
358
519
  return pulumi.get(self, "tenant_id")
359
520
 
360
521
  @tenant_id.setter
361
- def tenant_id(self, value: Optional[pulumi.Input[str]]):
522
+ def tenant_id(self, value: Optional[pulumi.Input[builtins.str]]):
362
523
  pulumi.set(self, "tenant_id", value)
363
524
 
364
525
 
@@ -367,15 +528,19 @@ class AuthBackendConfig(pulumi.CustomResource):
367
528
  def __init__(__self__,
368
529
  resource_name: str,
369
530
  opts: Optional[pulumi.ResourceOptions] = None,
370
- backend: Optional[pulumi.Input[str]] = None,
371
- client_id: Optional[pulumi.Input[str]] = None,
372
- client_secret: Optional[pulumi.Input[str]] = None,
373
- environment: Optional[pulumi.Input[str]] = None,
374
- identity_token_audience: Optional[pulumi.Input[str]] = None,
375
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
376
- namespace: Optional[pulumi.Input[str]] = None,
377
- resource: Optional[pulumi.Input[str]] = None,
378
- tenant_id: Optional[pulumi.Input[str]] = None,
531
+ backend: Optional[pulumi.Input[builtins.str]] = None,
532
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
533
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
534
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
535
+ environment: Optional[pulumi.Input[builtins.str]] = None,
536
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
537
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
538
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
539
+ resource: Optional[pulumi.Input[builtins.str]] = None,
540
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
541
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
542
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
543
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None,
379
544
  __props__=None):
380
545
  """
381
546
  ## Example Usage
@@ -393,7 +558,9 @@ class AuthBackendConfig(pulumi.CustomResource):
393
558
  tenant_id="11111111-2222-3333-4444-555555555555",
394
559
  client_id="11111111-2222-3333-4444-555555555555",
395
560
  identity_token_audience="<TOKEN_AUDIENCE>",
396
- identity_token_ttl="<TOKEN_TTL>")
561
+ identity_token_ttl="<TOKEN_TTL>",
562
+ rotation_schedule="0 * * * SAT",
563
+ rotation_window=3600)
397
564
  ```
398
565
 
399
566
  ```python
@@ -406,7 +573,9 @@ class AuthBackendConfig(pulumi.CustomResource):
406
573
  tenant_id="11111111-2222-3333-4444-555555555555",
407
574
  client_id="11111111-2222-3333-4444-555555555555",
408
575
  client_secret="01234567890123456789",
409
- resource="https://vault.hashicorp.com")
576
+ resource="https://vault.hashicorp.com",
577
+ rotation_schedule="0 * * * SAT",
578
+ rotation_window=3600)
410
579
  ```
411
580
 
412
581
  ## Import
@@ -419,25 +588,37 @@ class AuthBackendConfig(pulumi.CustomResource):
419
588
 
420
589
  :param str resource_name: The name of the resource.
421
590
  :param pulumi.ResourceOptions opts: Options for the resource.
422
- :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
591
+ :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
423
592
  mounted at. Defaults to `azure`.
424
- :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
593
+ :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
425
594
  Currently read permissions to query compute resources are required.
426
- :param pulumi.Input[str] client_secret: The client secret for credentials to query the
595
+ :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
427
596
  Azure APIs.
428
- :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
597
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
598
+ *Available only for Vault Enterprise*
599
+ :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
429
600
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
430
601
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
431
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
602
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
432
603
  *Available only for Vault Enterprise*
433
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
434
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
604
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
605
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
435
606
  The value should not contain leading or trailing forward slashes.
436
607
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
437
608
  *Available only for Vault Enterprise*.
438
- :param pulumi.Input[str] resource: The configured URL for the application registered in
609
+ :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
439
610
  Azure Active Directory.
440
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
611
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
612
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
613
+ *Available only for Vault Enterprise*
614
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
615
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
616
+ *Available only for Vault Enterprise*
617
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
618
+ a rotation when a scheduled token rotation occurs. The default rotation window is
619
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
620
+ *Available only for Vault Enterprise*
621
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
441
622
  organization.
442
623
  """
443
624
  ...
@@ -462,7 +643,9 @@ class AuthBackendConfig(pulumi.CustomResource):
462
643
  tenant_id="11111111-2222-3333-4444-555555555555",
463
644
  client_id="11111111-2222-3333-4444-555555555555",
464
645
  identity_token_audience="<TOKEN_AUDIENCE>",
465
- identity_token_ttl="<TOKEN_TTL>")
646
+ identity_token_ttl="<TOKEN_TTL>",
647
+ rotation_schedule="0 * * * SAT",
648
+ rotation_window=3600)
466
649
  ```
467
650
 
468
651
  ```python
@@ -475,7 +658,9 @@ class AuthBackendConfig(pulumi.CustomResource):
475
658
  tenant_id="11111111-2222-3333-4444-555555555555",
476
659
  client_id="11111111-2222-3333-4444-555555555555",
477
660
  client_secret="01234567890123456789",
478
- resource="https://vault.hashicorp.com")
661
+ resource="https://vault.hashicorp.com",
662
+ rotation_schedule="0 * * * SAT",
663
+ rotation_window=3600)
479
664
  ```
480
665
 
481
666
  ## Import
@@ -501,15 +686,19 @@ class AuthBackendConfig(pulumi.CustomResource):
501
686
  def _internal_init(__self__,
502
687
  resource_name: str,
503
688
  opts: Optional[pulumi.ResourceOptions] = None,
504
- backend: Optional[pulumi.Input[str]] = None,
505
- client_id: Optional[pulumi.Input[str]] = None,
506
- client_secret: Optional[pulumi.Input[str]] = None,
507
- environment: Optional[pulumi.Input[str]] = None,
508
- identity_token_audience: Optional[pulumi.Input[str]] = None,
509
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
510
- namespace: Optional[pulumi.Input[str]] = None,
511
- resource: Optional[pulumi.Input[str]] = None,
512
- tenant_id: Optional[pulumi.Input[str]] = None,
689
+ backend: Optional[pulumi.Input[builtins.str]] = None,
690
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
691
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
692
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
693
+ environment: Optional[pulumi.Input[builtins.str]] = None,
694
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
695
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
696
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
697
+ resource: Optional[pulumi.Input[builtins.str]] = None,
698
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
699
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
700
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
701
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None,
513
702
  __props__=None):
514
703
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
515
704
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -522,6 +711,7 @@ class AuthBackendConfig(pulumi.CustomResource):
522
711
  __props__.__dict__["backend"] = backend
523
712
  __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
524
713
  __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
714
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
525
715
  __props__.__dict__["environment"] = environment
526
716
  __props__.__dict__["identity_token_audience"] = identity_token_audience
527
717
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
@@ -529,6 +719,9 @@ class AuthBackendConfig(pulumi.CustomResource):
529
719
  if resource is None and not opts.urn:
530
720
  raise TypeError("Missing required property 'resource'")
531
721
  __props__.__dict__["resource"] = resource
722
+ __props__.__dict__["rotation_period"] = rotation_period
723
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
724
+ __props__.__dict__["rotation_window"] = rotation_window
532
725
  if tenant_id is None and not opts.urn:
533
726
  raise TypeError("Missing required property 'tenant_id'")
534
727
  __props__.__dict__["tenant_id"] = None if tenant_id is None else pulumi.Output.secret(tenant_id)
@@ -544,15 +737,19 @@ class AuthBackendConfig(pulumi.CustomResource):
544
737
  def get(resource_name: str,
545
738
  id: pulumi.Input[str],
546
739
  opts: Optional[pulumi.ResourceOptions] = None,
547
- backend: Optional[pulumi.Input[str]] = None,
548
- client_id: Optional[pulumi.Input[str]] = None,
549
- client_secret: Optional[pulumi.Input[str]] = None,
550
- environment: Optional[pulumi.Input[str]] = None,
551
- identity_token_audience: Optional[pulumi.Input[str]] = None,
552
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
553
- namespace: Optional[pulumi.Input[str]] = None,
554
- resource: Optional[pulumi.Input[str]] = None,
555
- tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
740
+ backend: Optional[pulumi.Input[builtins.str]] = None,
741
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
742
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
743
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
744
+ environment: Optional[pulumi.Input[builtins.str]] = None,
745
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
746
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
747
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
748
+ resource: Optional[pulumi.Input[builtins.str]] = None,
749
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
750
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
751
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
752
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None) -> 'AuthBackendConfig':
556
753
  """
557
754
  Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
558
755
  properties used to qualify the lookup.
@@ -560,25 +757,37 @@ class AuthBackendConfig(pulumi.CustomResource):
560
757
  :param str resource_name: The unique name of the resulting resource.
561
758
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
562
759
  :param pulumi.ResourceOptions opts: Options for the resource.
563
- :param pulumi.Input[str] backend: The path the Azure auth backend being configured was
760
+ :param pulumi.Input[builtins.str] backend: The path the Azure auth backend being configured was
564
761
  mounted at. Defaults to `azure`.
565
- :param pulumi.Input[str] client_id: The client id for credentials to query the Azure APIs.
762
+ :param pulumi.Input[builtins.str] client_id: The client id for credentials to query the Azure APIs.
566
763
  Currently read permissions to query compute resources are required.
567
- :param pulumi.Input[str] client_secret: The client secret for credentials to query the
764
+ :param pulumi.Input[builtins.str] client_secret: The client secret for credentials to query the
568
765
  Azure APIs.
569
- :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
766
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
767
+ *Available only for Vault Enterprise*
768
+ :param pulumi.Input[builtins.str] environment: The Azure cloud environment. Valid values:
570
769
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
571
770
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
572
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
771
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity tokens. Requires Vault 1.17+.
573
772
  *Available only for Vault Enterprise*
574
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds.
575
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
773
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds.
774
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
576
775
  The value should not contain leading or trailing forward slashes.
577
776
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
578
777
  *Available only for Vault Enterprise*.
579
- :param pulumi.Input[str] resource: The configured URL for the application registered in
778
+ :param pulumi.Input[builtins.str] resource: The configured URL for the application registered in
580
779
  Azure Active Directory.
581
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
780
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
781
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
782
+ *Available only for Vault Enterprise*
783
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
784
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
785
+ *Available only for Vault Enterprise*
786
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
787
+ a rotation when a scheduled token rotation occurs. The default rotation window is
788
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
789
+ *Available only for Vault Enterprise*
790
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory
582
791
  organization.
583
792
  """
584
793
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -588,17 +797,21 @@ class AuthBackendConfig(pulumi.CustomResource):
588
797
  __props__.__dict__["backend"] = backend
589
798
  __props__.__dict__["client_id"] = client_id
590
799
  __props__.__dict__["client_secret"] = client_secret
800
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
591
801
  __props__.__dict__["environment"] = environment
592
802
  __props__.__dict__["identity_token_audience"] = identity_token_audience
593
803
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
594
804
  __props__.__dict__["namespace"] = namespace
595
805
  __props__.__dict__["resource"] = resource
806
+ __props__.__dict__["rotation_period"] = rotation_period
807
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
808
+ __props__.__dict__["rotation_window"] = rotation_window
596
809
  __props__.__dict__["tenant_id"] = tenant_id
597
810
  return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
598
811
 
599
812
  @property
600
813
  @pulumi.getter
601
- def backend(self) -> pulumi.Output[Optional[str]]:
814
+ def backend(self) -> pulumi.Output[Optional[builtins.str]]:
602
815
  """
603
816
  The path the Azure auth backend being configured was
604
817
  mounted at. Defaults to `azure`.
@@ -607,7 +820,7 @@ class AuthBackendConfig(pulumi.CustomResource):
607
820
 
608
821
  @property
609
822
  @pulumi.getter(name="clientId")
610
- def client_id(self) -> pulumi.Output[Optional[str]]:
823
+ def client_id(self) -> pulumi.Output[Optional[builtins.str]]:
611
824
  """
612
825
  The client id for credentials to query the Azure APIs.
613
826
  Currently read permissions to query compute resources are required.
@@ -616,16 +829,25 @@ class AuthBackendConfig(pulumi.CustomResource):
616
829
 
617
830
  @property
618
831
  @pulumi.getter(name="clientSecret")
619
- def client_secret(self) -> pulumi.Output[Optional[str]]:
832
+ def client_secret(self) -> pulumi.Output[Optional[builtins.str]]:
620
833
  """
621
834
  The client secret for credentials to query the
622
835
  Azure APIs.
623
836
  """
624
837
  return pulumi.get(self, "client_secret")
625
838
 
839
+ @property
840
+ @pulumi.getter(name="disableAutomatedRotation")
841
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
842
+ """
843
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
844
+ *Available only for Vault Enterprise*
845
+ """
846
+ return pulumi.get(self, "disable_automated_rotation")
847
+
626
848
  @property
627
849
  @pulumi.getter
628
- def environment(self) -> pulumi.Output[Optional[str]]:
850
+ def environment(self) -> pulumi.Output[Optional[builtins.str]]:
629
851
  """
630
852
  The Azure cloud environment. Valid values:
631
853
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
@@ -635,7 +857,7 @@ class AuthBackendConfig(pulumi.CustomResource):
635
857
 
636
858
  @property
637
859
  @pulumi.getter(name="identityTokenAudience")
638
- def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
860
+ def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
639
861
  """
640
862
  The audience claim value for plugin identity tokens. Requires Vault 1.17+.
641
863
  *Available only for Vault Enterprise*
@@ -644,7 +866,7 @@ class AuthBackendConfig(pulumi.CustomResource):
644
866
 
645
867
  @property
646
868
  @pulumi.getter(name="identityTokenTtl")
647
- def identity_token_ttl(self) -> pulumi.Output[int]:
869
+ def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
648
870
  """
649
871
  The TTL of generated identity tokens in seconds.
650
872
  """
@@ -652,7 +874,7 @@ class AuthBackendConfig(pulumi.CustomResource):
652
874
 
653
875
  @property
654
876
  @pulumi.getter
655
- def namespace(self) -> pulumi.Output[Optional[str]]:
877
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
656
878
  """
657
879
  The namespace to provision the resource in.
658
880
  The value should not contain leading or trailing forward slashes.
@@ -663,16 +885,47 @@ class AuthBackendConfig(pulumi.CustomResource):
663
885
 
664
886
  @property
665
887
  @pulumi.getter
666
- def resource(self) -> pulumi.Output[str]:
888
+ def resource(self) -> pulumi.Output[builtins.str]:
667
889
  """
668
890
  The configured URL for the application registered in
669
891
  Azure Active Directory.
670
892
  """
671
893
  return pulumi.get(self, "resource")
672
894
 
895
+ @property
896
+ @pulumi.getter(name="rotationPeriod")
897
+ def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
898
+ """
899
+ The amount of time in seconds Vault should wait before rotating the root credential.
900
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
901
+ *Available only for Vault Enterprise*
902
+ """
903
+ return pulumi.get(self, "rotation_period")
904
+
905
+ @property
906
+ @pulumi.getter(name="rotationSchedule")
907
+ def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
908
+ """
909
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
910
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
911
+ *Available only for Vault Enterprise*
912
+ """
913
+ return pulumi.get(self, "rotation_schedule")
914
+
915
+ @property
916
+ @pulumi.getter(name="rotationWindow")
917
+ def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
918
+ """
919
+ The maximum amount of time in seconds allowed to complete
920
+ a rotation when a scheduled token rotation occurs. The default rotation window is
921
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
922
+ *Available only for Vault Enterprise*
923
+ """
924
+ return pulumi.get(self, "rotation_window")
925
+
673
926
  @property
674
927
  @pulumi.getter(name="tenantId")
675
- def tenant_id(self) -> pulumi.Output[str]:
928
+ def tenant_id(self) -> pulumi.Output[builtins.str]:
676
929
  """
677
930
  The tenant id for the Azure Active Directory
678
931
  organization.