pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,41 +20,56 @@ __all__ = ['BackendArgs', 'Backend']
19
20
  @pulumi.input_type
20
21
  class BackendArgs:
21
22
  def __init__(__self__, *,
22
- subscription_id: pulumi.Input[str],
23
- tenant_id: pulumi.Input[str],
24
- client_id: Optional[pulumi.Input[str]] = None,
25
- client_secret: Optional[pulumi.Input[str]] = None,
26
- description: Optional[pulumi.Input[str]] = None,
27
- disable_remount: Optional[pulumi.Input[bool]] = None,
28
- environment: Optional[pulumi.Input[str]] = None,
29
- identity_token_audience: Optional[pulumi.Input[str]] = None,
30
- identity_token_key: Optional[pulumi.Input[str]] = None,
31
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
32
- namespace: Optional[pulumi.Input[str]] = None,
33
- path: Optional[pulumi.Input[str]] = None,
34
- use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
23
+ subscription_id: pulumi.Input[builtins.str],
24
+ tenant_id: pulumi.Input[builtins.str],
25
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
26
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
27
+ description: Optional[pulumi.Input[builtins.str]] = None,
28
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
29
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
30
+ environment: Optional[pulumi.Input[builtins.str]] = None,
31
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
32
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
33
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
34
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
35
+ path: Optional[pulumi.Input[builtins.str]] = None,
36
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
37
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
38
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
39
+ use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None):
35
40
  """
36
41
  The set of arguments for constructing a Backend resource.
37
- :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
38
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
39
- :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
40
- :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
41
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
42
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
42
+ :param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
43
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
44
+ :param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
45
+ :param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
46
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
47
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
48
+ *Available only for Vault Enterprise*
49
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
43
50
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
44
- :param pulumi.Input[str] environment: The Azure environment.
45
- :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
51
+ :param pulumi.Input[builtins.str] environment: The Azure environment.
52
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
46
53
  *Available only for Vault Enterprise*
47
- :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
54
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
48
55
  *Available only for Vault Enterprise*
49
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
56
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
50
57
  *Available only for Vault Enterprise*
51
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
58
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
52
59
  The value should not contain leading or trailing forward slashes.
53
60
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
54
61
  *Available only for Vault Enterprise*.
55
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
56
- :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
62
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
63
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
64
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
65
+ *Available only for Vault Enterprise*
66
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
67
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
68
+ *Available only for Vault Enterprise*
69
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
70
+ a rotation when a scheduled token rotation occurs. The default rotation window is
71
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
72
+ :param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
57
73
  """
58
74
  pulumi.set(__self__, "subscription_id", subscription_id)
59
75
  pulumi.set(__self__, "tenant_id", tenant_id)
@@ -63,6 +79,8 @@ class BackendArgs:
63
79
  pulumi.set(__self__, "client_secret", client_secret)
64
80
  if description is not None:
65
81
  pulumi.set(__self__, "description", description)
82
+ if disable_automated_rotation is not None:
83
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
66
84
  if disable_remount is not None:
67
85
  pulumi.set(__self__, "disable_remount", disable_remount)
68
86
  if environment is not None:
@@ -77,6 +95,12 @@ class BackendArgs:
77
95
  pulumi.set(__self__, "namespace", namespace)
78
96
  if path is not None:
79
97
  pulumi.set(__self__, "path", path)
98
+ if rotation_period is not None:
99
+ pulumi.set(__self__, "rotation_period", rotation_period)
100
+ if rotation_schedule is not None:
101
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
102
+ if rotation_window is not None:
103
+ pulumi.set(__self__, "rotation_window", rotation_window)
80
104
  if use_microsoft_graph_api is not None:
81
105
  warnings.warn("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""", DeprecationWarning)
82
106
  pulumi.log.warn("""use_microsoft_graph_api is deprecated: This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
@@ -85,67 +109,80 @@ class BackendArgs:
85
109
 
86
110
  @property
87
111
  @pulumi.getter(name="subscriptionId")
88
- def subscription_id(self) -> pulumi.Input[str]:
112
+ def subscription_id(self) -> pulumi.Input[builtins.str]:
89
113
  """
90
114
  The subscription id for the Azure Active Directory.
91
115
  """
92
116
  return pulumi.get(self, "subscription_id")
93
117
 
94
118
  @subscription_id.setter
95
- def subscription_id(self, value: pulumi.Input[str]):
119
+ def subscription_id(self, value: pulumi.Input[builtins.str]):
96
120
  pulumi.set(self, "subscription_id", value)
97
121
 
98
122
  @property
99
123
  @pulumi.getter(name="tenantId")
100
- def tenant_id(self) -> pulumi.Input[str]:
124
+ def tenant_id(self) -> pulumi.Input[builtins.str]:
101
125
  """
102
126
  The tenant id for the Azure Active Directory.
103
127
  """
104
128
  return pulumi.get(self, "tenant_id")
105
129
 
106
130
  @tenant_id.setter
107
- def tenant_id(self, value: pulumi.Input[str]):
131
+ def tenant_id(self, value: pulumi.Input[builtins.str]):
108
132
  pulumi.set(self, "tenant_id", value)
109
133
 
110
134
  @property
111
135
  @pulumi.getter(name="clientId")
112
- def client_id(self) -> Optional[pulumi.Input[str]]:
136
+ def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
113
137
  """
114
138
  The OAuth2 client id to connect to Azure.
115
139
  """
116
140
  return pulumi.get(self, "client_id")
117
141
 
118
142
  @client_id.setter
119
- def client_id(self, value: Optional[pulumi.Input[str]]):
143
+ def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
120
144
  pulumi.set(self, "client_id", value)
121
145
 
122
146
  @property
123
147
  @pulumi.getter(name="clientSecret")
124
- def client_secret(self) -> Optional[pulumi.Input[str]]:
148
+ def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
125
149
  """
126
150
  The OAuth2 client secret to connect to Azure.
127
151
  """
128
152
  return pulumi.get(self, "client_secret")
129
153
 
130
154
  @client_secret.setter
131
- def client_secret(self, value: Optional[pulumi.Input[str]]):
155
+ def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
132
156
  pulumi.set(self, "client_secret", value)
133
157
 
134
158
  @property
135
159
  @pulumi.getter
136
- def description(self) -> Optional[pulumi.Input[str]]:
160
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
137
161
  """
138
162
  Human-friendly description of the mount for the backend.
139
163
  """
140
164
  return pulumi.get(self, "description")
141
165
 
142
166
  @description.setter
143
- def description(self, value: Optional[pulumi.Input[str]]):
167
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
144
168
  pulumi.set(self, "description", value)
145
169
 
170
+ @property
171
+ @pulumi.getter(name="disableAutomatedRotation")
172
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
173
+ """
174
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
175
+ *Available only for Vault Enterprise*
176
+ """
177
+ return pulumi.get(self, "disable_automated_rotation")
178
+
179
+ @disable_automated_rotation.setter
180
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
181
+ pulumi.set(self, "disable_automated_rotation", value)
182
+
146
183
  @property
147
184
  @pulumi.getter(name="disableRemount")
148
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
185
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
149
186
  """
150
187
  If set, opts out of mount migration on path updates.
151
188
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -153,24 +190,24 @@ class BackendArgs:
153
190
  return pulumi.get(self, "disable_remount")
154
191
 
155
192
  @disable_remount.setter
156
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
193
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
157
194
  pulumi.set(self, "disable_remount", value)
158
195
 
159
196
  @property
160
197
  @pulumi.getter
161
- def environment(self) -> Optional[pulumi.Input[str]]:
198
+ def environment(self) -> Optional[pulumi.Input[builtins.str]]:
162
199
  """
163
200
  The Azure environment.
164
201
  """
165
202
  return pulumi.get(self, "environment")
166
203
 
167
204
  @environment.setter
168
- def environment(self, value: Optional[pulumi.Input[str]]):
205
+ def environment(self, value: Optional[pulumi.Input[builtins.str]]):
169
206
  pulumi.set(self, "environment", value)
170
207
 
171
208
  @property
172
209
  @pulumi.getter(name="identityTokenAudience")
173
- def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
210
+ def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
174
211
  """
175
212
  The audience claim value. Requires Vault 1.17+.
176
213
  *Available only for Vault Enterprise*
@@ -178,12 +215,12 @@ class BackendArgs:
178
215
  return pulumi.get(self, "identity_token_audience")
179
216
 
180
217
  @identity_token_audience.setter
181
- def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
218
+ def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
182
219
  pulumi.set(self, "identity_token_audience", value)
183
220
 
184
221
  @property
185
222
  @pulumi.getter(name="identityTokenKey")
186
- def identity_token_key(self) -> Optional[pulumi.Input[str]]:
223
+ def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
187
224
  """
188
225
  The key to use for signing identity tokens. Requires Vault 1.17+.
189
226
  *Available only for Vault Enterprise*
@@ -191,12 +228,12 @@ class BackendArgs:
191
228
  return pulumi.get(self, "identity_token_key")
192
229
 
193
230
  @identity_token_key.setter
194
- def identity_token_key(self, value: Optional[pulumi.Input[str]]):
231
+ def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
195
232
  pulumi.set(self, "identity_token_key", value)
196
233
 
197
234
  @property
198
235
  @pulumi.getter(name="identityTokenTtl")
199
- def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
236
+ def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
200
237
  """
201
238
  The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
202
239
  *Available only for Vault Enterprise*
@@ -204,12 +241,12 @@ class BackendArgs:
204
241
  return pulumi.get(self, "identity_token_ttl")
205
242
 
206
243
  @identity_token_ttl.setter
207
- def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
244
+ def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
208
245
  pulumi.set(self, "identity_token_ttl", value)
209
246
 
210
247
  @property
211
248
  @pulumi.getter
212
- def namespace(self) -> Optional[pulumi.Input[str]]:
249
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
213
250
  """
214
251
  The namespace to provision the resource in.
215
252
  The value should not contain leading or trailing forward slashes.
@@ -219,73 +256,130 @@ class BackendArgs:
219
256
  return pulumi.get(self, "namespace")
220
257
 
221
258
  @namespace.setter
222
- def namespace(self, value: Optional[pulumi.Input[str]]):
259
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
223
260
  pulumi.set(self, "namespace", value)
224
261
 
225
262
  @property
226
263
  @pulumi.getter
227
- def path(self) -> Optional[pulumi.Input[str]]:
264
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
228
265
  """
229
266
  The unique path this backend should be mounted at. Defaults to `azure`.
230
267
  """
231
268
  return pulumi.get(self, "path")
232
269
 
233
270
  @path.setter
234
- def path(self, value: Optional[pulumi.Input[str]]):
271
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
235
272
  pulumi.set(self, "path", value)
236
273
 
274
+ @property
275
+ @pulumi.getter(name="rotationPeriod")
276
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
277
+ """
278
+ The amount of time in seconds Vault should wait before rotating the root credential.
279
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
280
+ *Available only for Vault Enterprise*
281
+ """
282
+ return pulumi.get(self, "rotation_period")
283
+
284
+ @rotation_period.setter
285
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
286
+ pulumi.set(self, "rotation_period", value)
287
+
288
+ @property
289
+ @pulumi.getter(name="rotationSchedule")
290
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
291
+ """
292
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
293
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
294
+ *Available only for Vault Enterprise*
295
+ """
296
+ return pulumi.get(self, "rotation_schedule")
297
+
298
+ @rotation_schedule.setter
299
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
300
+ pulumi.set(self, "rotation_schedule", value)
301
+
302
+ @property
303
+ @pulumi.getter(name="rotationWindow")
304
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
305
+ """
306
+ The maximum amount of time in seconds allowed to complete
307
+ a rotation when a scheduled token rotation occurs. The default rotation window is
308
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
309
+ """
310
+ return pulumi.get(self, "rotation_window")
311
+
312
+ @rotation_window.setter
313
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
314
+ pulumi.set(self, "rotation_window", value)
315
+
237
316
  @property
238
317
  @pulumi.getter(name="useMicrosoftGraphApi")
239
318
  @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
240
- def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
319
+ def use_microsoft_graph_api(self) -> Optional[pulumi.Input[builtins.bool]]:
241
320
  """
242
321
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
243
322
  """
244
323
  return pulumi.get(self, "use_microsoft_graph_api")
245
324
 
246
325
  @use_microsoft_graph_api.setter
247
- def use_microsoft_graph_api(self, value: Optional[pulumi.Input[bool]]):
326
+ def use_microsoft_graph_api(self, value: Optional[pulumi.Input[builtins.bool]]):
248
327
  pulumi.set(self, "use_microsoft_graph_api", value)
249
328
 
250
329
 
251
330
  @pulumi.input_type
252
331
  class _BackendState:
253
332
  def __init__(__self__, *,
254
- client_id: Optional[pulumi.Input[str]] = None,
255
- client_secret: Optional[pulumi.Input[str]] = None,
256
- description: Optional[pulumi.Input[str]] = None,
257
- disable_remount: Optional[pulumi.Input[bool]] = None,
258
- environment: Optional[pulumi.Input[str]] = None,
259
- identity_token_audience: Optional[pulumi.Input[str]] = None,
260
- identity_token_key: Optional[pulumi.Input[str]] = None,
261
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
262
- namespace: Optional[pulumi.Input[str]] = None,
263
- path: Optional[pulumi.Input[str]] = None,
264
- subscription_id: Optional[pulumi.Input[str]] = None,
265
- tenant_id: Optional[pulumi.Input[str]] = None,
266
- use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None):
333
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
334
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
335
+ description: Optional[pulumi.Input[builtins.str]] = None,
336
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
337
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
338
+ environment: Optional[pulumi.Input[builtins.str]] = None,
339
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
340
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
341
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
342
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
343
+ path: Optional[pulumi.Input[builtins.str]] = None,
344
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
345
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
346
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
347
+ subscription_id: Optional[pulumi.Input[builtins.str]] = None,
348
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None,
349
+ use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None):
267
350
  """
268
351
  Input properties used for looking up and filtering Backend resources.
269
- :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
270
- :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
271
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
272
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
352
+ :param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
353
+ :param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
354
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
355
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
356
+ *Available only for Vault Enterprise*
357
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
273
358
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
274
- :param pulumi.Input[str] environment: The Azure environment.
275
- :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
359
+ :param pulumi.Input[builtins.str] environment: The Azure environment.
360
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
276
361
  *Available only for Vault Enterprise*
277
- :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
362
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
278
363
  *Available only for Vault Enterprise*
279
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
364
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
280
365
  *Available only for Vault Enterprise*
281
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
366
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
282
367
  The value should not contain leading or trailing forward slashes.
283
368
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
284
369
  *Available only for Vault Enterprise*.
285
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
286
- :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
287
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
288
- :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
370
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
371
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
372
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
373
+ *Available only for Vault Enterprise*
374
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
375
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
376
+ *Available only for Vault Enterprise*
377
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
378
+ a rotation when a scheduled token rotation occurs. The default rotation window is
379
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
380
+ :param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
381
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
382
+ :param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
289
383
  """
290
384
  if client_id is not None:
291
385
  pulumi.set(__self__, "client_id", client_id)
@@ -293,6 +387,8 @@ class _BackendState:
293
387
  pulumi.set(__self__, "client_secret", client_secret)
294
388
  if description is not None:
295
389
  pulumi.set(__self__, "description", description)
390
+ if disable_automated_rotation is not None:
391
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
296
392
  if disable_remount is not None:
297
393
  pulumi.set(__self__, "disable_remount", disable_remount)
298
394
  if environment is not None:
@@ -307,6 +403,12 @@ class _BackendState:
307
403
  pulumi.set(__self__, "namespace", namespace)
308
404
  if path is not None:
309
405
  pulumi.set(__self__, "path", path)
406
+ if rotation_period is not None:
407
+ pulumi.set(__self__, "rotation_period", rotation_period)
408
+ if rotation_schedule is not None:
409
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
410
+ if rotation_window is not None:
411
+ pulumi.set(__self__, "rotation_window", rotation_window)
310
412
  if subscription_id is not None:
311
413
  pulumi.set(__self__, "subscription_id", subscription_id)
312
414
  if tenant_id is not None:
@@ -319,43 +421,56 @@ class _BackendState:
319
421
 
320
422
  @property
321
423
  @pulumi.getter(name="clientId")
322
- def client_id(self) -> Optional[pulumi.Input[str]]:
424
+ def client_id(self) -> Optional[pulumi.Input[builtins.str]]:
323
425
  """
324
426
  The OAuth2 client id to connect to Azure.
325
427
  """
326
428
  return pulumi.get(self, "client_id")
327
429
 
328
430
  @client_id.setter
329
- def client_id(self, value: Optional[pulumi.Input[str]]):
431
+ def client_id(self, value: Optional[pulumi.Input[builtins.str]]):
330
432
  pulumi.set(self, "client_id", value)
331
433
 
332
434
  @property
333
435
  @pulumi.getter(name="clientSecret")
334
- def client_secret(self) -> Optional[pulumi.Input[str]]:
436
+ def client_secret(self) -> Optional[pulumi.Input[builtins.str]]:
335
437
  """
336
438
  The OAuth2 client secret to connect to Azure.
337
439
  """
338
440
  return pulumi.get(self, "client_secret")
339
441
 
340
442
  @client_secret.setter
341
- def client_secret(self, value: Optional[pulumi.Input[str]]):
443
+ def client_secret(self, value: Optional[pulumi.Input[builtins.str]]):
342
444
  pulumi.set(self, "client_secret", value)
343
445
 
344
446
  @property
345
447
  @pulumi.getter
346
- def description(self) -> Optional[pulumi.Input[str]]:
448
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
347
449
  """
348
450
  Human-friendly description of the mount for the backend.
349
451
  """
350
452
  return pulumi.get(self, "description")
351
453
 
352
454
  @description.setter
353
- def description(self, value: Optional[pulumi.Input[str]]):
455
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
354
456
  pulumi.set(self, "description", value)
355
457
 
458
+ @property
459
+ @pulumi.getter(name="disableAutomatedRotation")
460
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
461
+ """
462
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
463
+ *Available only for Vault Enterprise*
464
+ """
465
+ return pulumi.get(self, "disable_automated_rotation")
466
+
467
+ @disable_automated_rotation.setter
468
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
469
+ pulumi.set(self, "disable_automated_rotation", value)
470
+
356
471
  @property
357
472
  @pulumi.getter(name="disableRemount")
358
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
473
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
359
474
  """
360
475
  If set, opts out of mount migration on path updates.
361
476
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -363,24 +478,24 @@ class _BackendState:
363
478
  return pulumi.get(self, "disable_remount")
364
479
 
365
480
  @disable_remount.setter
366
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
481
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
367
482
  pulumi.set(self, "disable_remount", value)
368
483
 
369
484
  @property
370
485
  @pulumi.getter
371
- def environment(self) -> Optional[pulumi.Input[str]]:
486
+ def environment(self) -> Optional[pulumi.Input[builtins.str]]:
372
487
  """
373
488
  The Azure environment.
374
489
  """
375
490
  return pulumi.get(self, "environment")
376
491
 
377
492
  @environment.setter
378
- def environment(self, value: Optional[pulumi.Input[str]]):
493
+ def environment(self, value: Optional[pulumi.Input[builtins.str]]):
379
494
  pulumi.set(self, "environment", value)
380
495
 
381
496
  @property
382
497
  @pulumi.getter(name="identityTokenAudience")
383
- def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
498
+ def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
384
499
  """
385
500
  The audience claim value. Requires Vault 1.17+.
386
501
  *Available only for Vault Enterprise*
@@ -388,12 +503,12 @@ class _BackendState:
388
503
  return pulumi.get(self, "identity_token_audience")
389
504
 
390
505
  @identity_token_audience.setter
391
- def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
506
+ def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
392
507
  pulumi.set(self, "identity_token_audience", value)
393
508
 
394
509
  @property
395
510
  @pulumi.getter(name="identityTokenKey")
396
- def identity_token_key(self) -> Optional[pulumi.Input[str]]:
511
+ def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
397
512
  """
398
513
  The key to use for signing identity tokens. Requires Vault 1.17+.
399
514
  *Available only for Vault Enterprise*
@@ -401,12 +516,12 @@ class _BackendState:
401
516
  return pulumi.get(self, "identity_token_key")
402
517
 
403
518
  @identity_token_key.setter
404
- def identity_token_key(self, value: Optional[pulumi.Input[str]]):
519
+ def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
405
520
  pulumi.set(self, "identity_token_key", value)
406
521
 
407
522
  @property
408
523
  @pulumi.getter(name="identityTokenTtl")
409
- def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
524
+ def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
410
525
  """
411
526
  The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
412
527
  *Available only for Vault Enterprise*
@@ -414,12 +529,12 @@ class _BackendState:
414
529
  return pulumi.get(self, "identity_token_ttl")
415
530
 
416
531
  @identity_token_ttl.setter
417
- def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
532
+ def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
418
533
  pulumi.set(self, "identity_token_ttl", value)
419
534
 
420
535
  @property
421
536
  @pulumi.getter
422
- def namespace(self) -> Optional[pulumi.Input[str]]:
537
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
423
538
  """
424
539
  The namespace to provision the resource in.
425
540
  The value should not contain leading or trailing forward slashes.
@@ -429,56 +544,98 @@ class _BackendState:
429
544
  return pulumi.get(self, "namespace")
430
545
 
431
546
  @namespace.setter
432
- def namespace(self, value: Optional[pulumi.Input[str]]):
547
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
433
548
  pulumi.set(self, "namespace", value)
434
549
 
435
550
  @property
436
551
  @pulumi.getter
437
- def path(self) -> Optional[pulumi.Input[str]]:
552
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
438
553
  """
439
554
  The unique path this backend should be mounted at. Defaults to `azure`.
440
555
  """
441
556
  return pulumi.get(self, "path")
442
557
 
443
558
  @path.setter
444
- def path(self, value: Optional[pulumi.Input[str]]):
559
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
445
560
  pulumi.set(self, "path", value)
446
561
 
562
+ @property
563
+ @pulumi.getter(name="rotationPeriod")
564
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
565
+ """
566
+ The amount of time in seconds Vault should wait before rotating the root credential.
567
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
568
+ *Available only for Vault Enterprise*
569
+ """
570
+ return pulumi.get(self, "rotation_period")
571
+
572
+ @rotation_period.setter
573
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
574
+ pulumi.set(self, "rotation_period", value)
575
+
576
+ @property
577
+ @pulumi.getter(name="rotationSchedule")
578
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
579
+ """
580
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
581
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
582
+ *Available only for Vault Enterprise*
583
+ """
584
+ return pulumi.get(self, "rotation_schedule")
585
+
586
+ @rotation_schedule.setter
587
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
588
+ pulumi.set(self, "rotation_schedule", value)
589
+
590
+ @property
591
+ @pulumi.getter(name="rotationWindow")
592
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
593
+ """
594
+ The maximum amount of time in seconds allowed to complete
595
+ a rotation when a scheduled token rotation occurs. The default rotation window is
596
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
597
+ """
598
+ return pulumi.get(self, "rotation_window")
599
+
600
+ @rotation_window.setter
601
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
602
+ pulumi.set(self, "rotation_window", value)
603
+
447
604
  @property
448
605
  @pulumi.getter(name="subscriptionId")
449
- def subscription_id(self) -> Optional[pulumi.Input[str]]:
606
+ def subscription_id(self) -> Optional[pulumi.Input[builtins.str]]:
450
607
  """
451
608
  The subscription id for the Azure Active Directory.
452
609
  """
453
610
  return pulumi.get(self, "subscription_id")
454
611
 
455
612
  @subscription_id.setter
456
- def subscription_id(self, value: Optional[pulumi.Input[str]]):
613
+ def subscription_id(self, value: Optional[pulumi.Input[builtins.str]]):
457
614
  pulumi.set(self, "subscription_id", value)
458
615
 
459
616
  @property
460
617
  @pulumi.getter(name="tenantId")
461
- def tenant_id(self) -> Optional[pulumi.Input[str]]:
618
+ def tenant_id(self) -> Optional[pulumi.Input[builtins.str]]:
462
619
  """
463
620
  The tenant id for the Azure Active Directory.
464
621
  """
465
622
  return pulumi.get(self, "tenant_id")
466
623
 
467
624
  @tenant_id.setter
468
- def tenant_id(self, value: Optional[pulumi.Input[str]]):
625
+ def tenant_id(self, value: Optional[pulumi.Input[builtins.str]]):
469
626
  pulumi.set(self, "tenant_id", value)
470
627
 
471
628
  @property
472
629
  @pulumi.getter(name="useMicrosoftGraphApi")
473
630
  @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
474
- def use_microsoft_graph_api(self) -> Optional[pulumi.Input[bool]]:
631
+ def use_microsoft_graph_api(self) -> Optional[pulumi.Input[builtins.bool]]:
475
632
  """
476
633
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
477
634
  """
478
635
  return pulumi.get(self, "use_microsoft_graph_api")
479
636
 
480
637
  @use_microsoft_graph_api.setter
481
- def use_microsoft_graph_api(self, value: Optional[pulumi.Input[bool]]):
638
+ def use_microsoft_graph_api(self, value: Optional[pulumi.Input[builtins.bool]]):
482
639
  pulumi.set(self, "use_microsoft_graph_api", value)
483
640
 
484
641
 
@@ -487,19 +644,23 @@ class Backend(pulumi.CustomResource):
487
644
  def __init__(__self__,
488
645
  resource_name: str,
489
646
  opts: Optional[pulumi.ResourceOptions] = None,
490
- client_id: Optional[pulumi.Input[str]] = None,
491
- client_secret: Optional[pulumi.Input[str]] = None,
492
- description: Optional[pulumi.Input[str]] = None,
493
- disable_remount: Optional[pulumi.Input[bool]] = None,
494
- environment: Optional[pulumi.Input[str]] = None,
495
- identity_token_audience: Optional[pulumi.Input[str]] = None,
496
- identity_token_key: Optional[pulumi.Input[str]] = None,
497
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
498
- namespace: Optional[pulumi.Input[str]] = None,
499
- path: Optional[pulumi.Input[str]] = None,
500
- subscription_id: Optional[pulumi.Input[str]] = None,
501
- tenant_id: Optional[pulumi.Input[str]] = None,
502
- use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None,
647
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
648
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
649
+ description: Optional[pulumi.Input[builtins.str]] = None,
650
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
651
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
652
+ environment: Optional[pulumi.Input[builtins.str]] = None,
653
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
654
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
655
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
656
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
657
+ path: Optional[pulumi.Input[builtins.str]] = None,
658
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
659
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
660
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
661
+ subscription_id: Optional[pulumi.Input[builtins.str]] = None,
662
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None,
663
+ use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None,
503
664
  __props__=None):
504
665
  """
505
666
  ## Example Usage
@@ -516,7 +677,9 @@ class Backend(pulumi.CustomResource):
516
677
  tenant_id="11111111-2222-3333-4444-222222222222",
517
678
  client_id="11111111-2222-3333-4444-333333333333",
518
679
  identity_token_audience="<TOKEN_AUDIENCE>",
519
- identity_token_ttl="<TOKEN_TTL>")
680
+ identity_token_ttl="<TOKEN_TTL>",
681
+ rotation_schedule="0 * * * SAT",
682
+ rotation_window=3600)
520
683
  ```
521
684
 
522
685
  ```python
@@ -529,7 +692,9 @@ class Backend(pulumi.CustomResource):
529
692
  tenant_id="11111111-2222-3333-4444-222222222222",
530
693
  client_id="11111111-2222-3333-4444-333333333333",
531
694
  client_secret="12345678901234567890",
532
- environment="AzurePublicCloud")
695
+ environment="AzurePublicCloud",
696
+ rotation_schedule="0 * * * SAT",
697
+ rotation_window=3600)
533
698
  ```
534
699
 
535
700
  ### *Vault-1.8 And Below*
@@ -549,26 +714,37 @@ class Backend(pulumi.CustomResource):
549
714
 
550
715
  :param str resource_name: The name of the resource.
551
716
  :param pulumi.ResourceOptions opts: Options for the resource.
552
- :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
553
- :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
554
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
555
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
717
+ :param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
718
+ :param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
719
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
720
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
721
+ *Available only for Vault Enterprise*
722
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
556
723
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
557
- :param pulumi.Input[str] environment: The Azure environment.
558
- :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
724
+ :param pulumi.Input[builtins.str] environment: The Azure environment.
725
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
559
726
  *Available only for Vault Enterprise*
560
- :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
727
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
561
728
  *Available only for Vault Enterprise*
562
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
729
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
563
730
  *Available only for Vault Enterprise*
564
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
731
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
565
732
  The value should not contain leading or trailing forward slashes.
566
733
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
567
734
  *Available only for Vault Enterprise*.
568
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
569
- :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
570
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
571
- :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
735
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
736
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
737
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
738
+ *Available only for Vault Enterprise*
739
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
740
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
741
+ *Available only for Vault Enterprise*
742
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
743
+ a rotation when a scheduled token rotation occurs. The default rotation window is
744
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
745
+ :param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
746
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
747
+ :param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
572
748
  """
573
749
  ...
574
750
  @overload
@@ -591,7 +767,9 @@ class Backend(pulumi.CustomResource):
591
767
  tenant_id="11111111-2222-3333-4444-222222222222",
592
768
  client_id="11111111-2222-3333-4444-333333333333",
593
769
  identity_token_audience="<TOKEN_AUDIENCE>",
594
- identity_token_ttl="<TOKEN_TTL>")
770
+ identity_token_ttl="<TOKEN_TTL>",
771
+ rotation_schedule="0 * * * SAT",
772
+ rotation_window=3600)
595
773
  ```
596
774
 
597
775
  ```python
@@ -604,7 +782,9 @@ class Backend(pulumi.CustomResource):
604
782
  tenant_id="11111111-2222-3333-4444-222222222222",
605
783
  client_id="11111111-2222-3333-4444-333333333333",
606
784
  client_secret="12345678901234567890",
607
- environment="AzurePublicCloud")
785
+ environment="AzurePublicCloud",
786
+ rotation_schedule="0 * * * SAT",
787
+ rotation_window=3600)
608
788
  ```
609
789
 
610
790
  ### *Vault-1.8 And Below*
@@ -637,19 +817,23 @@ class Backend(pulumi.CustomResource):
637
817
  def _internal_init(__self__,
638
818
  resource_name: str,
639
819
  opts: Optional[pulumi.ResourceOptions] = None,
640
- client_id: Optional[pulumi.Input[str]] = None,
641
- client_secret: Optional[pulumi.Input[str]] = None,
642
- description: Optional[pulumi.Input[str]] = None,
643
- disable_remount: Optional[pulumi.Input[bool]] = None,
644
- environment: Optional[pulumi.Input[str]] = None,
645
- identity_token_audience: Optional[pulumi.Input[str]] = None,
646
- identity_token_key: Optional[pulumi.Input[str]] = None,
647
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
648
- namespace: Optional[pulumi.Input[str]] = None,
649
- path: Optional[pulumi.Input[str]] = None,
650
- subscription_id: Optional[pulumi.Input[str]] = None,
651
- tenant_id: Optional[pulumi.Input[str]] = None,
652
- use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None,
820
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
821
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
822
+ description: Optional[pulumi.Input[builtins.str]] = None,
823
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
824
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
825
+ environment: Optional[pulumi.Input[builtins.str]] = None,
826
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
827
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
828
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
829
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
830
+ path: Optional[pulumi.Input[builtins.str]] = None,
831
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
832
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
833
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
834
+ subscription_id: Optional[pulumi.Input[builtins.str]] = None,
835
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None,
836
+ use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None,
653
837
  __props__=None):
654
838
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
655
839
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -662,6 +846,7 @@ class Backend(pulumi.CustomResource):
662
846
  __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
663
847
  __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
664
848
  __props__.__dict__["description"] = description
849
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
665
850
  __props__.__dict__["disable_remount"] = disable_remount
666
851
  __props__.__dict__["environment"] = environment
667
852
  __props__.__dict__["identity_token_audience"] = identity_token_audience
@@ -669,6 +854,9 @@ class Backend(pulumi.CustomResource):
669
854
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
670
855
  __props__.__dict__["namespace"] = namespace
671
856
  __props__.__dict__["path"] = path
857
+ __props__.__dict__["rotation_period"] = rotation_period
858
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
859
+ __props__.__dict__["rotation_window"] = rotation_window
672
860
  if subscription_id is None and not opts.urn:
673
861
  raise TypeError("Missing required property 'subscription_id'")
674
862
  __props__.__dict__["subscription_id"] = None if subscription_id is None else pulumi.Output.secret(subscription_id)
@@ -688,19 +876,23 @@ class Backend(pulumi.CustomResource):
688
876
  def get(resource_name: str,
689
877
  id: pulumi.Input[str],
690
878
  opts: Optional[pulumi.ResourceOptions] = None,
691
- client_id: Optional[pulumi.Input[str]] = None,
692
- client_secret: Optional[pulumi.Input[str]] = None,
693
- description: Optional[pulumi.Input[str]] = None,
694
- disable_remount: Optional[pulumi.Input[bool]] = None,
695
- environment: Optional[pulumi.Input[str]] = None,
696
- identity_token_audience: Optional[pulumi.Input[str]] = None,
697
- identity_token_key: Optional[pulumi.Input[str]] = None,
698
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
699
- namespace: Optional[pulumi.Input[str]] = None,
700
- path: Optional[pulumi.Input[str]] = None,
701
- subscription_id: Optional[pulumi.Input[str]] = None,
702
- tenant_id: Optional[pulumi.Input[str]] = None,
703
- use_microsoft_graph_api: Optional[pulumi.Input[bool]] = None) -> 'Backend':
879
+ client_id: Optional[pulumi.Input[builtins.str]] = None,
880
+ client_secret: Optional[pulumi.Input[builtins.str]] = None,
881
+ description: Optional[pulumi.Input[builtins.str]] = None,
882
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
883
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
884
+ environment: Optional[pulumi.Input[builtins.str]] = None,
885
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
886
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
887
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
888
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
889
+ path: Optional[pulumi.Input[builtins.str]] = None,
890
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
891
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
892
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
893
+ subscription_id: Optional[pulumi.Input[builtins.str]] = None,
894
+ tenant_id: Optional[pulumi.Input[builtins.str]] = None,
895
+ use_microsoft_graph_api: Optional[pulumi.Input[builtins.bool]] = None) -> 'Backend':
704
896
  """
705
897
  Get an existing Backend resource's state with the given name, id, and optional extra
706
898
  properties used to qualify the lookup.
@@ -708,26 +900,37 @@ class Backend(pulumi.CustomResource):
708
900
  :param str resource_name: The unique name of the resulting resource.
709
901
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
710
902
  :param pulumi.ResourceOptions opts: Options for the resource.
711
- :param pulumi.Input[str] client_id: The OAuth2 client id to connect to Azure.
712
- :param pulumi.Input[str] client_secret: The OAuth2 client secret to connect to Azure.
713
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
714
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
903
+ :param pulumi.Input[builtins.str] client_id: The OAuth2 client id to connect to Azure.
904
+ :param pulumi.Input[builtins.str] client_secret: The OAuth2 client secret to connect to Azure.
905
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
906
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
907
+ *Available only for Vault Enterprise*
908
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
715
909
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
716
- :param pulumi.Input[str] environment: The Azure environment.
717
- :param pulumi.Input[str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
910
+ :param pulumi.Input[builtins.str] environment: The Azure environment.
911
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value. Requires Vault 1.17+.
718
912
  *Available only for Vault Enterprise*
719
- :param pulumi.Input[str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
913
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing identity tokens. Requires Vault 1.17+.
720
914
  *Available only for Vault Enterprise*
721
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
915
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
722
916
  *Available only for Vault Enterprise*
723
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
917
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
724
918
  The value should not contain leading or trailing forward slashes.
725
919
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
726
920
  *Available only for Vault Enterprise*.
727
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Defaults to `azure`.
728
- :param pulumi.Input[str] subscription_id: The subscription id for the Azure Active Directory.
729
- :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory.
730
- :param pulumi.Input[bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
921
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Defaults to `azure`.
922
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
923
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
924
+ *Available only for Vault Enterprise*
925
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
926
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
927
+ *Available only for Vault Enterprise*
928
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
929
+ a rotation when a scheduled token rotation occurs. The default rotation window is
930
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
931
+ :param pulumi.Input[builtins.str] subscription_id: The subscription id for the Azure Active Directory.
932
+ :param pulumi.Input[builtins.str] tenant_id: The tenant id for the Azure Active Directory.
933
+ :param pulumi.Input[builtins.bool] use_microsoft_graph_api: Use the Microsoft Graph API. Should be set to true on vault-1.10+
731
934
  """
732
935
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
733
936
 
@@ -736,6 +939,7 @@ class Backend(pulumi.CustomResource):
736
939
  __props__.__dict__["client_id"] = client_id
737
940
  __props__.__dict__["client_secret"] = client_secret
738
941
  __props__.__dict__["description"] = description
942
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
739
943
  __props__.__dict__["disable_remount"] = disable_remount
740
944
  __props__.__dict__["environment"] = environment
741
945
  __props__.__dict__["identity_token_audience"] = identity_token_audience
@@ -743,6 +947,9 @@ class Backend(pulumi.CustomResource):
743
947
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
744
948
  __props__.__dict__["namespace"] = namespace
745
949
  __props__.__dict__["path"] = path
950
+ __props__.__dict__["rotation_period"] = rotation_period
951
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
952
+ __props__.__dict__["rotation_window"] = rotation_window
746
953
  __props__.__dict__["subscription_id"] = subscription_id
747
954
  __props__.__dict__["tenant_id"] = tenant_id
748
955
  __props__.__dict__["use_microsoft_graph_api"] = use_microsoft_graph_api
@@ -750,7 +957,7 @@ class Backend(pulumi.CustomResource):
750
957
 
751
958
  @property
752
959
  @pulumi.getter(name="clientId")
753
- def client_id(self) -> pulumi.Output[Optional[str]]:
960
+ def client_id(self) -> pulumi.Output[Optional[builtins.str]]:
754
961
  """
755
962
  The OAuth2 client id to connect to Azure.
756
963
  """
@@ -758,7 +965,7 @@ class Backend(pulumi.CustomResource):
758
965
 
759
966
  @property
760
967
  @pulumi.getter(name="clientSecret")
761
- def client_secret(self) -> pulumi.Output[Optional[str]]:
968
+ def client_secret(self) -> pulumi.Output[Optional[builtins.str]]:
762
969
  """
763
970
  The OAuth2 client secret to connect to Azure.
764
971
  """
@@ -766,15 +973,24 @@ class Backend(pulumi.CustomResource):
766
973
 
767
974
  @property
768
975
  @pulumi.getter
769
- def description(self) -> pulumi.Output[Optional[str]]:
976
+ def description(self) -> pulumi.Output[Optional[builtins.str]]:
770
977
  """
771
978
  Human-friendly description of the mount for the backend.
772
979
  """
773
980
  return pulumi.get(self, "description")
774
981
 
982
+ @property
983
+ @pulumi.getter(name="disableAutomatedRotation")
984
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
985
+ """
986
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
987
+ *Available only for Vault Enterprise*
988
+ """
989
+ return pulumi.get(self, "disable_automated_rotation")
990
+
775
991
  @property
776
992
  @pulumi.getter(name="disableRemount")
777
- def disable_remount(self) -> pulumi.Output[Optional[bool]]:
993
+ def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
778
994
  """
779
995
  If set, opts out of mount migration on path updates.
780
996
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -783,7 +999,7 @@ class Backend(pulumi.CustomResource):
783
999
 
784
1000
  @property
785
1001
  @pulumi.getter
786
- def environment(self) -> pulumi.Output[Optional[str]]:
1002
+ def environment(self) -> pulumi.Output[Optional[builtins.str]]:
787
1003
  """
788
1004
  The Azure environment.
789
1005
  """
@@ -791,7 +1007,7 @@ class Backend(pulumi.CustomResource):
791
1007
 
792
1008
  @property
793
1009
  @pulumi.getter(name="identityTokenAudience")
794
- def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
1010
+ def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
795
1011
  """
796
1012
  The audience claim value. Requires Vault 1.17+.
797
1013
  *Available only for Vault Enterprise*
@@ -800,7 +1016,7 @@ class Backend(pulumi.CustomResource):
800
1016
 
801
1017
  @property
802
1018
  @pulumi.getter(name="identityTokenKey")
803
- def identity_token_key(self) -> pulumi.Output[Optional[str]]:
1019
+ def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
804
1020
  """
805
1021
  The key to use for signing identity tokens. Requires Vault 1.17+.
806
1022
  *Available only for Vault Enterprise*
@@ -809,7 +1025,7 @@ class Backend(pulumi.CustomResource):
809
1025
 
810
1026
  @property
811
1027
  @pulumi.getter(name="identityTokenTtl")
812
- def identity_token_ttl(self) -> pulumi.Output[int]:
1028
+ def identity_token_ttl(self) -> pulumi.Output[builtins.int]:
813
1029
  """
814
1030
  The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
815
1031
  *Available only for Vault Enterprise*
@@ -818,7 +1034,7 @@ class Backend(pulumi.CustomResource):
818
1034
 
819
1035
  @property
820
1036
  @pulumi.getter
821
- def namespace(self) -> pulumi.Output[Optional[str]]:
1037
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
822
1038
  """
823
1039
  The namespace to provision the resource in.
824
1040
  The value should not contain leading or trailing forward slashes.
@@ -829,15 +1045,45 @@ class Backend(pulumi.CustomResource):
829
1045
 
830
1046
  @property
831
1047
  @pulumi.getter
832
- def path(self) -> pulumi.Output[Optional[str]]:
1048
+ def path(self) -> pulumi.Output[Optional[builtins.str]]:
833
1049
  """
834
1050
  The unique path this backend should be mounted at. Defaults to `azure`.
835
1051
  """
836
1052
  return pulumi.get(self, "path")
837
1053
 
1054
+ @property
1055
+ @pulumi.getter(name="rotationPeriod")
1056
+ def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
1057
+ """
1058
+ The amount of time in seconds Vault should wait before rotating the root credential.
1059
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1060
+ *Available only for Vault Enterprise*
1061
+ """
1062
+ return pulumi.get(self, "rotation_period")
1063
+
1064
+ @property
1065
+ @pulumi.getter(name="rotationSchedule")
1066
+ def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
1067
+ """
1068
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1069
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1070
+ *Available only for Vault Enterprise*
1071
+ """
1072
+ return pulumi.get(self, "rotation_schedule")
1073
+
1074
+ @property
1075
+ @pulumi.getter(name="rotationWindow")
1076
+ def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
1077
+ """
1078
+ The maximum amount of time in seconds allowed to complete
1079
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1080
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*
1081
+ """
1082
+ return pulumi.get(self, "rotation_window")
1083
+
838
1084
  @property
839
1085
  @pulumi.getter(name="subscriptionId")
840
- def subscription_id(self) -> pulumi.Output[str]:
1086
+ def subscription_id(self) -> pulumi.Output[builtins.str]:
841
1087
  """
842
1088
  The subscription id for the Azure Active Directory.
843
1089
  """
@@ -845,7 +1091,7 @@ class Backend(pulumi.CustomResource):
845
1091
 
846
1092
  @property
847
1093
  @pulumi.getter(name="tenantId")
848
- def tenant_id(self) -> pulumi.Output[str]:
1094
+ def tenant_id(self) -> pulumi.Output[builtins.str]:
849
1095
  """
850
1096
  The tenant id for the Azure Active Directory.
851
1097
  """
@@ -854,7 +1100,7 @@ class Backend(pulumi.CustomResource):
854
1100
  @property
855
1101
  @pulumi.getter(name="useMicrosoftGraphApi")
856
1102
  @_utilities.deprecated("""This field is not supported in Vault-1.12+ and is the default behavior. This field will be removed in future version of the provider.""")
857
- def use_microsoft_graph_api(self) -> pulumi.Output[bool]:
1103
+ def use_microsoft_graph_api(self) -> pulumi.Output[builtins.bool]:
858
1104
  """
859
1105
  Use the Microsoft Graph API. Should be set to true on vault-1.10+
860
1106
  """