pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,42 +20,56 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
19
20
  @pulumi.input_type
20
21
  class SecretBackendArgs:
21
22
  def __init__(__self__, *,
22
- credentials: Optional[pulumi.Input[str]] = None,
23
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
24
- description: Optional[pulumi.Input[str]] = None,
25
- disable_remount: Optional[pulumi.Input[bool]] = None,
26
- identity_token_audience: Optional[pulumi.Input[str]] = None,
27
- identity_token_key: Optional[pulumi.Input[str]] = None,
28
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
29
- local: Optional[pulumi.Input[bool]] = None,
30
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
31
- namespace: Optional[pulumi.Input[str]] = None,
32
- path: Optional[pulumi.Input[str]] = None,
33
- service_account_email: Optional[pulumi.Input[str]] = None):
23
+ credentials: Optional[pulumi.Input[builtins.str]] = None,
24
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
25
+ description: Optional[pulumi.Input[builtins.str]] = None,
26
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
27
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
28
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
29
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
30
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
31
+ local: Optional[pulumi.Input[builtins.bool]] = None,
32
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
33
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
34
+ path: Optional[pulumi.Input[builtins.str]] = None,
35
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
36
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
37
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
38
+ service_account_email: Optional[pulumi.Input[builtins.str]] = None):
34
39
  """
35
40
  The set of arguments for constructing a SecretBackend resource.
36
- :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP
37
- :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
41
+ :param pulumi.Input[builtins.str] credentials: JSON-encoded credentials to use to connect to GCP
42
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
38
43
  issued by this backend. Defaults to '0'.
39
- :param pulumi.Input[str] description: A human-friendly description for this backend.
40
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
44
+ :param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
45
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
46
+ *Available only for Vault Enterprise*.
47
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
41
48
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
42
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
49
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
43
50
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
44
51
  Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
45
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
52
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
46
53
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
47
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
48
- :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
49
- :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
54
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
55
+ :param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
56
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
50
57
  for credentials issued by this backend. Defaults to '0'.
51
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
58
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
52
59
  The value should not contain leading or trailing forward slashes.
53
60
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
54
61
  *Available only for Vault Enterprise*.
55
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
62
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
56
63
  not begin or end with a `/`. Defaults to `gcp`.
57
- :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
64
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
65
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
66
+ *Available only for Vault Enterprise*.
67
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
68
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
69
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
70
+ a rotation when a scheduled token rotation occurs. The default rotation window is
71
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
72
+ :param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
58
73
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
59
74
  """
60
75
  if credentials is not None:
@@ -63,6 +78,8 @@ class SecretBackendArgs:
63
78
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
64
79
  if description is not None:
65
80
  pulumi.set(__self__, "description", description)
81
+ if disable_automated_rotation is not None:
82
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
66
83
  if disable_remount is not None:
67
84
  pulumi.set(__self__, "disable_remount", disable_remount)
68
85
  if identity_token_audience is not None:
@@ -79,24 +96,30 @@ class SecretBackendArgs:
79
96
  pulumi.set(__self__, "namespace", namespace)
80
97
  if path is not None:
81
98
  pulumi.set(__self__, "path", path)
99
+ if rotation_period is not None:
100
+ pulumi.set(__self__, "rotation_period", rotation_period)
101
+ if rotation_schedule is not None:
102
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
103
+ if rotation_window is not None:
104
+ pulumi.set(__self__, "rotation_window", rotation_window)
82
105
  if service_account_email is not None:
83
106
  pulumi.set(__self__, "service_account_email", service_account_email)
84
107
 
85
108
  @property
86
109
  @pulumi.getter
87
- def credentials(self) -> Optional[pulumi.Input[str]]:
110
+ def credentials(self) -> Optional[pulumi.Input[builtins.str]]:
88
111
  """
89
112
  JSON-encoded credentials to use to connect to GCP
90
113
  """
91
114
  return pulumi.get(self, "credentials")
92
115
 
93
116
  @credentials.setter
94
- def credentials(self, value: Optional[pulumi.Input[str]]):
117
+ def credentials(self, value: Optional[pulumi.Input[builtins.str]]):
95
118
  pulumi.set(self, "credentials", value)
96
119
 
97
120
  @property
98
121
  @pulumi.getter(name="defaultLeaseTtlSeconds")
99
- def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
122
+ def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
100
123
  """
101
124
  The default TTL for credentials
102
125
  issued by this backend. Defaults to '0'.
@@ -104,24 +127,37 @@ class SecretBackendArgs:
104
127
  return pulumi.get(self, "default_lease_ttl_seconds")
105
128
 
106
129
  @default_lease_ttl_seconds.setter
107
- def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
130
+ def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
108
131
  pulumi.set(self, "default_lease_ttl_seconds", value)
109
132
 
110
133
  @property
111
134
  @pulumi.getter
112
- def description(self) -> Optional[pulumi.Input[str]]:
135
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
113
136
  """
114
137
  A human-friendly description for this backend.
115
138
  """
116
139
  return pulumi.get(self, "description")
117
140
 
118
141
  @description.setter
119
- def description(self, value: Optional[pulumi.Input[str]]):
142
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
120
143
  pulumi.set(self, "description", value)
121
144
 
145
+ @property
146
+ @pulumi.getter(name="disableAutomatedRotation")
147
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
148
+ """
149
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
150
+ *Available only for Vault Enterprise*.
151
+ """
152
+ return pulumi.get(self, "disable_automated_rotation")
153
+
154
+ @disable_automated_rotation.setter
155
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
156
+ pulumi.set(self, "disable_automated_rotation", value)
157
+
122
158
  @property
123
159
  @pulumi.getter(name="disableRemount")
124
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
160
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
125
161
  """
126
162
  If set, opts out of mount migration on path updates.
127
163
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -129,12 +165,12 @@ class SecretBackendArgs:
129
165
  return pulumi.get(self, "disable_remount")
130
166
 
131
167
  @disable_remount.setter
132
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
168
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
133
169
  pulumi.set(self, "disable_remount", value)
134
170
 
135
171
  @property
136
172
  @pulumi.getter(name="identityTokenAudience")
137
- def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
173
+ def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
138
174
  """
139
175
  The audience claim value for plugin identity
140
176
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
@@ -143,12 +179,12 @@ class SecretBackendArgs:
143
179
  return pulumi.get(self, "identity_token_audience")
144
180
 
145
181
  @identity_token_audience.setter
146
- def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
182
+ def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
147
183
  pulumi.set(self, "identity_token_audience", value)
148
184
 
149
185
  @property
150
186
  @pulumi.getter(name="identityTokenKey")
151
- def identity_token_key(self) -> Optional[pulumi.Input[str]]:
187
+ def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
152
188
  """
153
189
  The key to use for signing plugin identity
154
190
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
@@ -156,36 +192,36 @@ class SecretBackendArgs:
156
192
  return pulumi.get(self, "identity_token_key")
157
193
 
158
194
  @identity_token_key.setter
159
- def identity_token_key(self, value: Optional[pulumi.Input[str]]):
195
+ def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
160
196
  pulumi.set(self, "identity_token_key", value)
161
197
 
162
198
  @property
163
199
  @pulumi.getter(name="identityTokenTtl")
164
- def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
200
+ def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
165
201
  """
166
202
  The TTL of generated tokens.
167
203
  """
168
204
  return pulumi.get(self, "identity_token_ttl")
169
205
 
170
206
  @identity_token_ttl.setter
171
- def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
207
+ def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
172
208
  pulumi.set(self, "identity_token_ttl", value)
173
209
 
174
210
  @property
175
211
  @pulumi.getter
176
- def local(self) -> Optional[pulumi.Input[bool]]:
212
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
177
213
  """
178
214
  Boolean flag that can be explicitly set to true to enforce local mount in HA environment
179
215
  """
180
216
  return pulumi.get(self, "local")
181
217
 
182
218
  @local.setter
183
- def local(self, value: Optional[pulumi.Input[bool]]):
219
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
184
220
  pulumi.set(self, "local", value)
185
221
 
186
222
  @property
187
223
  @pulumi.getter(name="maxLeaseTtlSeconds")
188
- def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
224
+ def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
189
225
  """
190
226
  The maximum TTL that can be requested
191
227
  for credentials issued by this backend. Defaults to '0'.
@@ -193,12 +229,12 @@ class SecretBackendArgs:
193
229
  return pulumi.get(self, "max_lease_ttl_seconds")
194
230
 
195
231
  @max_lease_ttl_seconds.setter
196
- def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
232
+ def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
197
233
  pulumi.set(self, "max_lease_ttl_seconds", value)
198
234
 
199
235
  @property
200
236
  @pulumi.getter
201
- def namespace(self) -> Optional[pulumi.Input[str]]:
237
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
202
238
  """
203
239
  The namespace to provision the resource in.
204
240
  The value should not contain leading or trailing forward slashes.
@@ -208,12 +244,12 @@ class SecretBackendArgs:
208
244
  return pulumi.get(self, "namespace")
209
245
 
210
246
  @namespace.setter
211
- def namespace(self, value: Optional[pulumi.Input[str]]):
247
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
212
248
  pulumi.set(self, "namespace", value)
213
249
 
214
250
  @property
215
251
  @pulumi.getter
216
- def path(self) -> Optional[pulumi.Input[str]]:
252
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
217
253
  """
218
254
  The unique path this backend should be mounted at. Must
219
255
  not begin or end with a `/`. Defaults to `gcp`.
@@ -221,12 +257,53 @@ class SecretBackendArgs:
221
257
  return pulumi.get(self, "path")
222
258
 
223
259
  @path.setter
224
- def path(self, value: Optional[pulumi.Input[str]]):
260
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
225
261
  pulumi.set(self, "path", value)
226
262
 
263
+ @property
264
+ @pulumi.getter(name="rotationPeriod")
265
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
266
+ """
267
+ The amount of time in seconds Vault should wait before rotating the root credential.
268
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
269
+ *Available only for Vault Enterprise*.
270
+ """
271
+ return pulumi.get(self, "rotation_period")
272
+
273
+ @rotation_period.setter
274
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
275
+ pulumi.set(self, "rotation_period", value)
276
+
277
+ @property
278
+ @pulumi.getter(name="rotationSchedule")
279
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
280
+ """
281
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
282
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
283
+ """
284
+ return pulumi.get(self, "rotation_schedule")
285
+
286
+ @rotation_schedule.setter
287
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
288
+ pulumi.set(self, "rotation_schedule", value)
289
+
290
+ @property
291
+ @pulumi.getter(name="rotationWindow")
292
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
293
+ """
294
+ The maximum amount of time in seconds allowed to complete
295
+ a rotation when a scheduled token rotation occurs. The default rotation window is
296
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
297
+ """
298
+ return pulumi.get(self, "rotation_window")
299
+
300
+ @rotation_window.setter
301
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
302
+ pulumi.set(self, "rotation_window", value)
303
+
227
304
  @property
228
305
  @pulumi.getter(name="serviceAccountEmail")
229
- def service_account_email(self) -> Optional[pulumi.Input[str]]:
306
+ def service_account_email(self) -> Optional[pulumi.Input[builtins.str]]:
230
307
  """
231
308
  Service Account to impersonate for plugin workload identity federation.
232
309
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
@@ -234,51 +311,65 @@ class SecretBackendArgs:
234
311
  return pulumi.get(self, "service_account_email")
235
312
 
236
313
  @service_account_email.setter
237
- def service_account_email(self, value: Optional[pulumi.Input[str]]):
314
+ def service_account_email(self, value: Optional[pulumi.Input[builtins.str]]):
238
315
  pulumi.set(self, "service_account_email", value)
239
316
 
240
317
 
241
318
  @pulumi.input_type
242
319
  class _SecretBackendState:
243
320
  def __init__(__self__, *,
244
- accessor: Optional[pulumi.Input[str]] = None,
245
- credentials: Optional[pulumi.Input[str]] = None,
246
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
247
- description: Optional[pulumi.Input[str]] = None,
248
- disable_remount: Optional[pulumi.Input[bool]] = None,
249
- identity_token_audience: Optional[pulumi.Input[str]] = None,
250
- identity_token_key: Optional[pulumi.Input[str]] = None,
251
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
252
- local: Optional[pulumi.Input[bool]] = None,
253
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
254
- namespace: Optional[pulumi.Input[str]] = None,
255
- path: Optional[pulumi.Input[str]] = None,
256
- service_account_email: Optional[pulumi.Input[str]] = None):
321
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
322
+ credentials: Optional[pulumi.Input[builtins.str]] = None,
323
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
324
+ description: Optional[pulumi.Input[builtins.str]] = None,
325
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
326
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
327
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
328
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
329
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
330
+ local: Optional[pulumi.Input[builtins.bool]] = None,
331
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
332
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
333
+ path: Optional[pulumi.Input[builtins.str]] = None,
334
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
335
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
336
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
337
+ service_account_email: Optional[pulumi.Input[builtins.str]] = None):
257
338
  """
258
339
  Input properties used for looking up and filtering SecretBackend resources.
259
- :param pulumi.Input[str] accessor: The accessor of the created GCP mount.
260
- :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP
261
- :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
340
+ :param pulumi.Input[builtins.str] accessor: The accessor of the created GCP mount.
341
+ :param pulumi.Input[builtins.str] credentials: JSON-encoded credentials to use to connect to GCP
342
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
262
343
  issued by this backend. Defaults to '0'.
263
- :param pulumi.Input[str] description: A human-friendly description for this backend.
264
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
344
+ :param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
345
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
346
+ *Available only for Vault Enterprise*.
347
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
265
348
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
266
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
349
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
267
350
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
268
351
  Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
269
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
352
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
270
353
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
271
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
272
- :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
273
- :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
354
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
355
+ :param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
356
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
274
357
  for credentials issued by this backend. Defaults to '0'.
275
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
358
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
276
359
  The value should not contain leading or trailing forward slashes.
277
360
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
278
361
  *Available only for Vault Enterprise*.
279
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
362
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
280
363
  not begin or end with a `/`. Defaults to `gcp`.
281
- :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
364
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
365
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
366
+ *Available only for Vault Enterprise*.
367
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
368
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
369
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
370
+ a rotation when a scheduled token rotation occurs. The default rotation window is
371
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
372
+ :param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
282
373
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
283
374
  """
284
375
  if accessor is not None:
@@ -289,6 +380,8 @@ class _SecretBackendState:
289
380
  pulumi.set(__self__, "default_lease_ttl_seconds", default_lease_ttl_seconds)
290
381
  if description is not None:
291
382
  pulumi.set(__self__, "description", description)
383
+ if disable_automated_rotation is not None:
384
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
292
385
  if disable_remount is not None:
293
386
  pulumi.set(__self__, "disable_remount", disable_remount)
294
387
  if identity_token_audience is not None:
@@ -305,36 +398,42 @@ class _SecretBackendState:
305
398
  pulumi.set(__self__, "namespace", namespace)
306
399
  if path is not None:
307
400
  pulumi.set(__self__, "path", path)
401
+ if rotation_period is not None:
402
+ pulumi.set(__self__, "rotation_period", rotation_period)
403
+ if rotation_schedule is not None:
404
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
405
+ if rotation_window is not None:
406
+ pulumi.set(__self__, "rotation_window", rotation_window)
308
407
  if service_account_email is not None:
309
408
  pulumi.set(__self__, "service_account_email", service_account_email)
310
409
 
311
410
  @property
312
411
  @pulumi.getter
313
- def accessor(self) -> Optional[pulumi.Input[str]]:
412
+ def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
314
413
  """
315
414
  The accessor of the created GCP mount.
316
415
  """
317
416
  return pulumi.get(self, "accessor")
318
417
 
319
418
  @accessor.setter
320
- def accessor(self, value: Optional[pulumi.Input[str]]):
419
+ def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
321
420
  pulumi.set(self, "accessor", value)
322
421
 
323
422
  @property
324
423
  @pulumi.getter
325
- def credentials(self) -> Optional[pulumi.Input[str]]:
424
+ def credentials(self) -> Optional[pulumi.Input[builtins.str]]:
326
425
  """
327
426
  JSON-encoded credentials to use to connect to GCP
328
427
  """
329
428
  return pulumi.get(self, "credentials")
330
429
 
331
430
  @credentials.setter
332
- def credentials(self, value: Optional[pulumi.Input[str]]):
431
+ def credentials(self, value: Optional[pulumi.Input[builtins.str]]):
333
432
  pulumi.set(self, "credentials", value)
334
433
 
335
434
  @property
336
435
  @pulumi.getter(name="defaultLeaseTtlSeconds")
337
- def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
436
+ def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
338
437
  """
339
438
  The default TTL for credentials
340
439
  issued by this backend. Defaults to '0'.
@@ -342,24 +441,37 @@ class _SecretBackendState:
342
441
  return pulumi.get(self, "default_lease_ttl_seconds")
343
442
 
344
443
  @default_lease_ttl_seconds.setter
345
- def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
444
+ def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
346
445
  pulumi.set(self, "default_lease_ttl_seconds", value)
347
446
 
348
447
  @property
349
448
  @pulumi.getter
350
- def description(self) -> Optional[pulumi.Input[str]]:
449
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
351
450
  """
352
451
  A human-friendly description for this backend.
353
452
  """
354
453
  return pulumi.get(self, "description")
355
454
 
356
455
  @description.setter
357
- def description(self, value: Optional[pulumi.Input[str]]):
456
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
358
457
  pulumi.set(self, "description", value)
359
458
 
459
+ @property
460
+ @pulumi.getter(name="disableAutomatedRotation")
461
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
462
+ """
463
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
464
+ *Available only for Vault Enterprise*.
465
+ """
466
+ return pulumi.get(self, "disable_automated_rotation")
467
+
468
+ @disable_automated_rotation.setter
469
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
470
+ pulumi.set(self, "disable_automated_rotation", value)
471
+
360
472
  @property
361
473
  @pulumi.getter(name="disableRemount")
362
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
474
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
363
475
  """
364
476
  If set, opts out of mount migration on path updates.
365
477
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -367,12 +479,12 @@ class _SecretBackendState:
367
479
  return pulumi.get(self, "disable_remount")
368
480
 
369
481
  @disable_remount.setter
370
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
482
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
371
483
  pulumi.set(self, "disable_remount", value)
372
484
 
373
485
  @property
374
486
  @pulumi.getter(name="identityTokenAudience")
375
- def identity_token_audience(self) -> Optional[pulumi.Input[str]]:
487
+ def identity_token_audience(self) -> Optional[pulumi.Input[builtins.str]]:
376
488
  """
377
489
  The audience claim value for plugin identity
378
490
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
@@ -381,12 +493,12 @@ class _SecretBackendState:
381
493
  return pulumi.get(self, "identity_token_audience")
382
494
 
383
495
  @identity_token_audience.setter
384
- def identity_token_audience(self, value: Optional[pulumi.Input[str]]):
496
+ def identity_token_audience(self, value: Optional[pulumi.Input[builtins.str]]):
385
497
  pulumi.set(self, "identity_token_audience", value)
386
498
 
387
499
  @property
388
500
  @pulumi.getter(name="identityTokenKey")
389
- def identity_token_key(self) -> Optional[pulumi.Input[str]]:
501
+ def identity_token_key(self) -> Optional[pulumi.Input[builtins.str]]:
390
502
  """
391
503
  The key to use for signing plugin identity
392
504
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
@@ -394,36 +506,36 @@ class _SecretBackendState:
394
506
  return pulumi.get(self, "identity_token_key")
395
507
 
396
508
  @identity_token_key.setter
397
- def identity_token_key(self, value: Optional[pulumi.Input[str]]):
509
+ def identity_token_key(self, value: Optional[pulumi.Input[builtins.str]]):
398
510
  pulumi.set(self, "identity_token_key", value)
399
511
 
400
512
  @property
401
513
  @pulumi.getter(name="identityTokenTtl")
402
- def identity_token_ttl(self) -> Optional[pulumi.Input[int]]:
514
+ def identity_token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
403
515
  """
404
516
  The TTL of generated tokens.
405
517
  """
406
518
  return pulumi.get(self, "identity_token_ttl")
407
519
 
408
520
  @identity_token_ttl.setter
409
- def identity_token_ttl(self, value: Optional[pulumi.Input[int]]):
521
+ def identity_token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
410
522
  pulumi.set(self, "identity_token_ttl", value)
411
523
 
412
524
  @property
413
525
  @pulumi.getter
414
- def local(self) -> Optional[pulumi.Input[bool]]:
526
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
415
527
  """
416
528
  Boolean flag that can be explicitly set to true to enforce local mount in HA environment
417
529
  """
418
530
  return pulumi.get(self, "local")
419
531
 
420
532
  @local.setter
421
- def local(self, value: Optional[pulumi.Input[bool]]):
533
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
422
534
  pulumi.set(self, "local", value)
423
535
 
424
536
  @property
425
537
  @pulumi.getter(name="maxLeaseTtlSeconds")
426
- def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
538
+ def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
427
539
  """
428
540
  The maximum TTL that can be requested
429
541
  for credentials issued by this backend. Defaults to '0'.
@@ -431,12 +543,12 @@ class _SecretBackendState:
431
543
  return pulumi.get(self, "max_lease_ttl_seconds")
432
544
 
433
545
  @max_lease_ttl_seconds.setter
434
- def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
546
+ def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
435
547
  pulumi.set(self, "max_lease_ttl_seconds", value)
436
548
 
437
549
  @property
438
550
  @pulumi.getter
439
- def namespace(self) -> Optional[pulumi.Input[str]]:
551
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
440
552
  """
441
553
  The namespace to provision the resource in.
442
554
  The value should not contain leading or trailing forward slashes.
@@ -446,12 +558,12 @@ class _SecretBackendState:
446
558
  return pulumi.get(self, "namespace")
447
559
 
448
560
  @namespace.setter
449
- def namespace(self, value: Optional[pulumi.Input[str]]):
561
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
450
562
  pulumi.set(self, "namespace", value)
451
563
 
452
564
  @property
453
565
  @pulumi.getter
454
- def path(self) -> Optional[pulumi.Input[str]]:
566
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
455
567
  """
456
568
  The unique path this backend should be mounted at. Must
457
569
  not begin or end with a `/`. Defaults to `gcp`.
@@ -459,12 +571,53 @@ class _SecretBackendState:
459
571
  return pulumi.get(self, "path")
460
572
 
461
573
  @path.setter
462
- def path(self, value: Optional[pulumi.Input[str]]):
574
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
463
575
  pulumi.set(self, "path", value)
464
576
 
577
+ @property
578
+ @pulumi.getter(name="rotationPeriod")
579
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
580
+ """
581
+ The amount of time in seconds Vault should wait before rotating the root credential.
582
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
583
+ *Available only for Vault Enterprise*.
584
+ """
585
+ return pulumi.get(self, "rotation_period")
586
+
587
+ @rotation_period.setter
588
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
589
+ pulumi.set(self, "rotation_period", value)
590
+
591
+ @property
592
+ @pulumi.getter(name="rotationSchedule")
593
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
594
+ """
595
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
596
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
597
+ """
598
+ return pulumi.get(self, "rotation_schedule")
599
+
600
+ @rotation_schedule.setter
601
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
602
+ pulumi.set(self, "rotation_schedule", value)
603
+
604
+ @property
605
+ @pulumi.getter(name="rotationWindow")
606
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
607
+ """
608
+ The maximum amount of time in seconds allowed to complete
609
+ a rotation when a scheduled token rotation occurs. The default rotation window is
610
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
611
+ """
612
+ return pulumi.get(self, "rotation_window")
613
+
614
+ @rotation_window.setter
615
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
616
+ pulumi.set(self, "rotation_window", value)
617
+
465
618
  @property
466
619
  @pulumi.getter(name="serviceAccountEmail")
467
- def service_account_email(self) -> Optional[pulumi.Input[str]]:
620
+ def service_account_email(self) -> Optional[pulumi.Input[builtins.str]]:
468
621
  """
469
622
  Service Account to impersonate for plugin workload identity federation.
470
623
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
@@ -472,7 +625,7 @@ class _SecretBackendState:
472
625
  return pulumi.get(self, "service_account_email")
473
626
 
474
627
  @service_account_email.setter
475
- def service_account_email(self, value: Optional[pulumi.Input[str]]):
628
+ def service_account_email(self, value: Optional[pulumi.Input[builtins.str]]):
476
629
  pulumi.set(self, "service_account_email", value)
477
630
 
478
631
 
@@ -481,18 +634,22 @@ class SecretBackend(pulumi.CustomResource):
481
634
  def __init__(__self__,
482
635
  resource_name: str,
483
636
  opts: Optional[pulumi.ResourceOptions] = None,
484
- credentials: Optional[pulumi.Input[str]] = None,
485
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
486
- description: Optional[pulumi.Input[str]] = None,
487
- disable_remount: Optional[pulumi.Input[bool]] = None,
488
- identity_token_audience: Optional[pulumi.Input[str]] = None,
489
- identity_token_key: Optional[pulumi.Input[str]] = None,
490
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
491
- local: Optional[pulumi.Input[bool]] = None,
492
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
493
- namespace: Optional[pulumi.Input[str]] = None,
494
- path: Optional[pulumi.Input[str]] = None,
495
- service_account_email: Optional[pulumi.Input[str]] = None,
637
+ credentials: Optional[pulumi.Input[builtins.str]] = None,
638
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
639
+ description: Optional[pulumi.Input[builtins.str]] = None,
640
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
641
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
642
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
643
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
644
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
645
+ local: Optional[pulumi.Input[builtins.bool]] = None,
646
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
647
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
648
+ path: Optional[pulumi.Input[builtins.str]] = None,
649
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
650
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
651
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
652
+ service_account_email: Optional[pulumi.Input[builtins.str]] = None,
496
653
  __props__=None):
497
654
  """
498
655
  ## Example Usage
@@ -506,7 +663,9 @@ class SecretBackend(pulumi.CustomResource):
506
663
  identity_token_key="example-key",
507
664
  identity_token_ttl=1800,
508
665
  identity_token_audience="<TOKEN_AUDIENCE>",
509
- service_account_email="<SERVICE_ACCOUNT_EMAIL>")
666
+ service_account_email="<SERVICE_ACCOUNT_EMAIL>",
667
+ rotation_schedule="0 * * * SAT",
668
+ rotation_window=3600)
510
669
  ```
511
670
 
512
671
  ```python
@@ -514,33 +673,46 @@ class SecretBackend(pulumi.CustomResource):
514
673
  import pulumi_std as std
515
674
  import pulumi_vault as vault
516
675
 
517
- gcp = vault.gcp.SecretBackend("gcp", credentials=std.file(input="credentials.json").result)
676
+ gcp = vault.gcp.SecretBackend("gcp",
677
+ credentials=std.file(input="credentials.json").result,
678
+ rotation_schedule="0 * * * SAT",
679
+ rotation_window=3600)
518
680
  ```
519
681
 
520
682
  :param str resource_name: The name of the resource.
521
683
  :param pulumi.ResourceOptions opts: Options for the resource.
522
- :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP
523
- :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
684
+ :param pulumi.Input[builtins.str] credentials: JSON-encoded credentials to use to connect to GCP
685
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
524
686
  issued by this backend. Defaults to '0'.
525
- :param pulumi.Input[str] description: A human-friendly description for this backend.
526
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
687
+ :param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
688
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
689
+ *Available only for Vault Enterprise*.
690
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
527
691
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
528
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
692
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
529
693
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
530
694
  Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
531
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
695
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
532
696
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
533
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
534
- :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
535
- :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
697
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
698
+ :param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
699
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
536
700
  for credentials issued by this backend. Defaults to '0'.
537
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
701
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
538
702
  The value should not contain leading or trailing forward slashes.
539
703
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
540
704
  *Available only for Vault Enterprise*.
541
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
705
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
542
706
  not begin or end with a `/`. Defaults to `gcp`.
543
- :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
707
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
708
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
709
+ *Available only for Vault Enterprise*.
710
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
711
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
712
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
713
+ a rotation when a scheduled token rotation occurs. The default rotation window is
714
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
715
+ :param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
544
716
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
545
717
  """
546
718
  ...
@@ -561,7 +733,9 @@ class SecretBackend(pulumi.CustomResource):
561
733
  identity_token_key="example-key",
562
734
  identity_token_ttl=1800,
563
735
  identity_token_audience="<TOKEN_AUDIENCE>",
564
- service_account_email="<SERVICE_ACCOUNT_EMAIL>")
736
+ service_account_email="<SERVICE_ACCOUNT_EMAIL>",
737
+ rotation_schedule="0 * * * SAT",
738
+ rotation_window=3600)
565
739
  ```
566
740
 
567
741
  ```python
@@ -569,7 +743,10 @@ class SecretBackend(pulumi.CustomResource):
569
743
  import pulumi_std as std
570
744
  import pulumi_vault as vault
571
745
 
572
- gcp = vault.gcp.SecretBackend("gcp", credentials=std.file(input="credentials.json").result)
746
+ gcp = vault.gcp.SecretBackend("gcp",
747
+ credentials=std.file(input="credentials.json").result,
748
+ rotation_schedule="0 * * * SAT",
749
+ rotation_window=3600)
573
750
  ```
574
751
 
575
752
  :param str resource_name: The name of the resource.
@@ -587,18 +764,22 @@ class SecretBackend(pulumi.CustomResource):
587
764
  def _internal_init(__self__,
588
765
  resource_name: str,
589
766
  opts: Optional[pulumi.ResourceOptions] = None,
590
- credentials: Optional[pulumi.Input[str]] = None,
591
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
592
- description: Optional[pulumi.Input[str]] = None,
593
- disable_remount: Optional[pulumi.Input[bool]] = None,
594
- identity_token_audience: Optional[pulumi.Input[str]] = None,
595
- identity_token_key: Optional[pulumi.Input[str]] = None,
596
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
597
- local: Optional[pulumi.Input[bool]] = None,
598
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
599
- namespace: Optional[pulumi.Input[str]] = None,
600
- path: Optional[pulumi.Input[str]] = None,
601
- service_account_email: Optional[pulumi.Input[str]] = None,
767
+ credentials: Optional[pulumi.Input[builtins.str]] = None,
768
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
769
+ description: Optional[pulumi.Input[builtins.str]] = None,
770
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
771
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
772
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
773
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
774
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
775
+ local: Optional[pulumi.Input[builtins.bool]] = None,
776
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
777
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
778
+ path: Optional[pulumi.Input[builtins.str]] = None,
779
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
780
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
781
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
782
+ service_account_email: Optional[pulumi.Input[builtins.str]] = None,
602
783
  __props__=None):
603
784
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
604
785
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -611,6 +792,7 @@ class SecretBackend(pulumi.CustomResource):
611
792
  __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
612
793
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
613
794
  __props__.__dict__["description"] = description
795
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
614
796
  __props__.__dict__["disable_remount"] = disable_remount
615
797
  __props__.__dict__["identity_token_audience"] = identity_token_audience
616
798
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -619,6 +801,9 @@ class SecretBackend(pulumi.CustomResource):
619
801
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
620
802
  __props__.__dict__["namespace"] = namespace
621
803
  __props__.__dict__["path"] = path
804
+ __props__.__dict__["rotation_period"] = rotation_period
805
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
806
+ __props__.__dict__["rotation_window"] = rotation_window
622
807
  __props__.__dict__["service_account_email"] = service_account_email
623
808
  __props__.__dict__["accessor"] = None
624
809
  secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["credentials"])
@@ -633,19 +818,23 @@ class SecretBackend(pulumi.CustomResource):
633
818
  def get(resource_name: str,
634
819
  id: pulumi.Input[str],
635
820
  opts: Optional[pulumi.ResourceOptions] = None,
636
- accessor: Optional[pulumi.Input[str]] = None,
637
- credentials: Optional[pulumi.Input[str]] = None,
638
- default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
639
- description: Optional[pulumi.Input[str]] = None,
640
- disable_remount: Optional[pulumi.Input[bool]] = None,
641
- identity_token_audience: Optional[pulumi.Input[str]] = None,
642
- identity_token_key: Optional[pulumi.Input[str]] = None,
643
- identity_token_ttl: Optional[pulumi.Input[int]] = None,
644
- local: Optional[pulumi.Input[bool]] = None,
645
- max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
646
- namespace: Optional[pulumi.Input[str]] = None,
647
- path: Optional[pulumi.Input[str]] = None,
648
- service_account_email: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
821
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
822
+ credentials: Optional[pulumi.Input[builtins.str]] = None,
823
+ default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
824
+ description: Optional[pulumi.Input[builtins.str]] = None,
825
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
826
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
827
+ identity_token_audience: Optional[pulumi.Input[builtins.str]] = None,
828
+ identity_token_key: Optional[pulumi.Input[builtins.str]] = None,
829
+ identity_token_ttl: Optional[pulumi.Input[builtins.int]] = None,
830
+ local: Optional[pulumi.Input[builtins.bool]] = None,
831
+ max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
832
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
833
+ path: Optional[pulumi.Input[builtins.str]] = None,
834
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
835
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
836
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
837
+ service_account_email: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
649
838
  """
650
839
  Get an existing SecretBackend resource's state with the given name, id, and optional extra
651
840
  properties used to qualify the lookup.
@@ -653,29 +842,39 @@ class SecretBackend(pulumi.CustomResource):
653
842
  :param str resource_name: The unique name of the resulting resource.
654
843
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
655
844
  :param pulumi.ResourceOptions opts: Options for the resource.
656
- :param pulumi.Input[str] accessor: The accessor of the created GCP mount.
657
- :param pulumi.Input[str] credentials: JSON-encoded credentials to use to connect to GCP
658
- :param pulumi.Input[int] default_lease_ttl_seconds: The default TTL for credentials
845
+ :param pulumi.Input[builtins.str] accessor: The accessor of the created GCP mount.
846
+ :param pulumi.Input[builtins.str] credentials: JSON-encoded credentials to use to connect to GCP
847
+ :param pulumi.Input[builtins.int] default_lease_ttl_seconds: The default TTL for credentials
659
848
  issued by this backend. Defaults to '0'.
660
- :param pulumi.Input[str] description: A human-friendly description for this backend.
661
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
849
+ :param pulumi.Input[builtins.str] description: A human-friendly description for this backend.
850
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
851
+ *Available only for Vault Enterprise*.
852
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
662
853
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
663
- :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
854
+ :param pulumi.Input[builtins.str] identity_token_audience: The audience claim value for plugin identity
664
855
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
665
856
  Mutually exclusive with `credentials`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
666
- :param pulumi.Input[str] identity_token_key: The key to use for signing plugin identity
857
+ :param pulumi.Input[builtins.str] identity_token_key: The key to use for signing plugin identity
667
858
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
668
- :param pulumi.Input[int] identity_token_ttl: The TTL of generated tokens.
669
- :param pulumi.Input[bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
670
- :param pulumi.Input[int] max_lease_ttl_seconds: The maximum TTL that can be requested
859
+ :param pulumi.Input[builtins.int] identity_token_ttl: The TTL of generated tokens.
860
+ :param pulumi.Input[builtins.bool] local: Boolean flag that can be explicitly set to true to enforce local mount in HA environment
861
+ :param pulumi.Input[builtins.int] max_lease_ttl_seconds: The maximum TTL that can be requested
671
862
  for credentials issued by this backend. Defaults to '0'.
672
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
863
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
673
864
  The value should not contain leading or trailing forward slashes.
674
865
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
675
866
  *Available only for Vault Enterprise*.
676
- :param pulumi.Input[str] path: The unique path this backend should be mounted at. Must
867
+ :param pulumi.Input[builtins.str] path: The unique path this backend should be mounted at. Must
677
868
  not begin or end with a `/`. Defaults to `gcp`.
678
- :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
869
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
870
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
871
+ *Available only for Vault Enterprise*.
872
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
873
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
874
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
875
+ a rotation when a scheduled token rotation occurs. The default rotation window is
876
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
877
+ :param pulumi.Input[builtins.str] service_account_email: Service Account to impersonate for plugin workload identity federation.
679
878
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
680
879
  """
681
880
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -686,6 +885,7 @@ class SecretBackend(pulumi.CustomResource):
686
885
  __props__.__dict__["credentials"] = credentials
687
886
  __props__.__dict__["default_lease_ttl_seconds"] = default_lease_ttl_seconds
688
887
  __props__.__dict__["description"] = description
888
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
689
889
  __props__.__dict__["disable_remount"] = disable_remount
690
890
  __props__.__dict__["identity_token_audience"] = identity_token_audience
691
891
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -694,12 +894,15 @@ class SecretBackend(pulumi.CustomResource):
694
894
  __props__.__dict__["max_lease_ttl_seconds"] = max_lease_ttl_seconds
695
895
  __props__.__dict__["namespace"] = namespace
696
896
  __props__.__dict__["path"] = path
897
+ __props__.__dict__["rotation_period"] = rotation_period
898
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
899
+ __props__.__dict__["rotation_window"] = rotation_window
697
900
  __props__.__dict__["service_account_email"] = service_account_email
698
901
  return SecretBackend(resource_name, opts=opts, __props__=__props__)
699
902
 
700
903
  @property
701
904
  @pulumi.getter
702
- def accessor(self) -> pulumi.Output[str]:
905
+ def accessor(self) -> pulumi.Output[builtins.str]:
703
906
  """
704
907
  The accessor of the created GCP mount.
705
908
  """
@@ -707,7 +910,7 @@ class SecretBackend(pulumi.CustomResource):
707
910
 
708
911
  @property
709
912
  @pulumi.getter
710
- def credentials(self) -> pulumi.Output[Optional[str]]:
913
+ def credentials(self) -> pulumi.Output[Optional[builtins.str]]:
711
914
  """
712
915
  JSON-encoded credentials to use to connect to GCP
713
916
  """
@@ -715,7 +918,7 @@ class SecretBackend(pulumi.CustomResource):
715
918
 
716
919
  @property
717
920
  @pulumi.getter(name="defaultLeaseTtlSeconds")
718
- def default_lease_ttl_seconds(self) -> pulumi.Output[Optional[int]]:
921
+ def default_lease_ttl_seconds(self) -> pulumi.Output[Optional[builtins.int]]:
719
922
  """
720
923
  The default TTL for credentials
721
924
  issued by this backend. Defaults to '0'.
@@ -724,15 +927,24 @@ class SecretBackend(pulumi.CustomResource):
724
927
 
725
928
  @property
726
929
  @pulumi.getter
727
- def description(self) -> pulumi.Output[Optional[str]]:
930
+ def description(self) -> pulumi.Output[Optional[builtins.str]]:
728
931
  """
729
932
  A human-friendly description for this backend.
730
933
  """
731
934
  return pulumi.get(self, "description")
732
935
 
936
+ @property
937
+ @pulumi.getter(name="disableAutomatedRotation")
938
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
939
+ """
940
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
941
+ *Available only for Vault Enterprise*.
942
+ """
943
+ return pulumi.get(self, "disable_automated_rotation")
944
+
733
945
  @property
734
946
  @pulumi.getter(name="disableRemount")
735
- def disable_remount(self) -> pulumi.Output[Optional[bool]]:
947
+ def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
736
948
  """
737
949
  If set, opts out of mount migration on path updates.
738
950
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -741,7 +953,7 @@ class SecretBackend(pulumi.CustomResource):
741
953
 
742
954
  @property
743
955
  @pulumi.getter(name="identityTokenAudience")
744
- def identity_token_audience(self) -> pulumi.Output[Optional[str]]:
956
+ def identity_token_audience(self) -> pulumi.Output[Optional[builtins.str]]:
745
957
  """
746
958
  The audience claim value for plugin identity
747
959
  tokens. Must match an allowed audience configured for the target [Workload Identity Pool](https://cloud.google.com/iam/docs/workload-identity-federation-with-other-providers#prepare).
@@ -751,7 +963,7 @@ class SecretBackend(pulumi.CustomResource):
751
963
 
752
964
  @property
753
965
  @pulumi.getter(name="identityTokenKey")
754
- def identity_token_key(self) -> pulumi.Output[Optional[str]]:
966
+ def identity_token_key(self) -> pulumi.Output[Optional[builtins.str]]:
755
967
  """
756
968
  The key to use for signing plugin identity
757
969
  tokens. Requires Vault 1.17+. *Available only for Vault Enterprise*.
@@ -760,7 +972,7 @@ class SecretBackend(pulumi.CustomResource):
760
972
 
761
973
  @property
762
974
  @pulumi.getter(name="identityTokenTtl")
763
- def identity_token_ttl(self) -> pulumi.Output[Optional[int]]:
975
+ def identity_token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
764
976
  """
765
977
  The TTL of generated tokens.
766
978
  """
@@ -768,7 +980,7 @@ class SecretBackend(pulumi.CustomResource):
768
980
 
769
981
  @property
770
982
  @pulumi.getter
771
- def local(self) -> pulumi.Output[Optional[bool]]:
983
+ def local(self) -> pulumi.Output[Optional[builtins.bool]]:
772
984
  """
773
985
  Boolean flag that can be explicitly set to true to enforce local mount in HA environment
774
986
  """
@@ -776,7 +988,7 @@ class SecretBackend(pulumi.CustomResource):
776
988
 
777
989
  @property
778
990
  @pulumi.getter(name="maxLeaseTtlSeconds")
779
- def max_lease_ttl_seconds(self) -> pulumi.Output[Optional[int]]:
991
+ def max_lease_ttl_seconds(self) -> pulumi.Output[Optional[builtins.int]]:
780
992
  """
781
993
  The maximum TTL that can be requested
782
994
  for credentials issued by this backend. Defaults to '0'.
@@ -785,7 +997,7 @@ class SecretBackend(pulumi.CustomResource):
785
997
 
786
998
  @property
787
999
  @pulumi.getter
788
- def namespace(self) -> pulumi.Output[Optional[str]]:
1000
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
789
1001
  """
790
1002
  The namespace to provision the resource in.
791
1003
  The value should not contain leading or trailing forward slashes.
@@ -796,16 +1008,45 @@ class SecretBackend(pulumi.CustomResource):
796
1008
 
797
1009
  @property
798
1010
  @pulumi.getter
799
- def path(self) -> pulumi.Output[Optional[str]]:
1011
+ def path(self) -> pulumi.Output[Optional[builtins.str]]:
800
1012
  """
801
1013
  The unique path this backend should be mounted at. Must
802
1014
  not begin or end with a `/`. Defaults to `gcp`.
803
1015
  """
804
1016
  return pulumi.get(self, "path")
805
1017
 
1018
+ @property
1019
+ @pulumi.getter(name="rotationPeriod")
1020
+ def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
1021
+ """
1022
+ The amount of time in seconds Vault should wait before rotating the root credential.
1023
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1024
+ *Available only for Vault Enterprise*.
1025
+ """
1026
+ return pulumi.get(self, "rotation_period")
1027
+
1028
+ @property
1029
+ @pulumi.getter(name="rotationSchedule")
1030
+ def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
1031
+ """
1032
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1033
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
1034
+ """
1035
+ return pulumi.get(self, "rotation_schedule")
1036
+
1037
+ @property
1038
+ @pulumi.getter(name="rotationWindow")
1039
+ def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
1040
+ """
1041
+ The maximum amount of time in seconds allowed to complete
1042
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1043
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+. *Available only for Vault Enterprise*.
1044
+ """
1045
+ return pulumi.get(self, "rotation_window")
1046
+
806
1047
  @property
807
1048
  @pulumi.getter(name="serviceAccountEmail")
808
- def service_account_email(self) -> pulumi.Output[Optional[str]]:
1049
+ def service_account_email(self) -> pulumi.Output[Optional[builtins.str]]:
809
1050
  """
810
1051
  Service Account to impersonate for plugin workload identity federation.
811
1052
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.