pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,87 +20,99 @@ __all__ = ['AuthBackendArgs', 'AuthBackend']
19
20
  @pulumi.input_type
20
21
  class AuthBackendArgs:
21
22
  def __init__(__self__, *,
22
- url: pulumi.Input[str],
23
- binddn: Optional[pulumi.Input[str]] = None,
24
- bindpass: Optional[pulumi.Input[str]] = None,
25
- case_sensitive_names: Optional[pulumi.Input[bool]] = None,
26
- certificate: Optional[pulumi.Input[str]] = None,
27
- client_tls_cert: Optional[pulumi.Input[str]] = None,
28
- client_tls_key: Optional[pulumi.Input[str]] = None,
29
- connection_timeout: Optional[pulumi.Input[int]] = None,
30
- deny_null_bind: Optional[pulumi.Input[bool]] = None,
31
- description: Optional[pulumi.Input[str]] = None,
32
- disable_remount: Optional[pulumi.Input[bool]] = None,
33
- discoverdn: Optional[pulumi.Input[bool]] = None,
34
- groupattr: Optional[pulumi.Input[str]] = None,
35
- groupdn: Optional[pulumi.Input[str]] = None,
36
- groupfilter: Optional[pulumi.Input[str]] = None,
37
- insecure_tls: Optional[pulumi.Input[bool]] = None,
38
- local: Optional[pulumi.Input[bool]] = None,
39
- max_page_size: Optional[pulumi.Input[int]] = None,
40
- namespace: Optional[pulumi.Input[str]] = None,
41
- path: Optional[pulumi.Input[str]] = None,
42
- starttls: Optional[pulumi.Input[bool]] = None,
43
- tls_max_version: Optional[pulumi.Input[str]] = None,
44
- tls_min_version: Optional[pulumi.Input[str]] = None,
45
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
46
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
47
- token_max_ttl: Optional[pulumi.Input[int]] = None,
48
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
49
- token_num_uses: Optional[pulumi.Input[int]] = None,
50
- token_period: Optional[pulumi.Input[int]] = None,
51
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
52
- token_ttl: Optional[pulumi.Input[int]] = None,
53
- token_type: Optional[pulumi.Input[str]] = None,
54
- upndomain: Optional[pulumi.Input[str]] = None,
55
- use_token_groups: Optional[pulumi.Input[bool]] = None,
56
- userattr: Optional[pulumi.Input[str]] = None,
57
- userdn: Optional[pulumi.Input[str]] = None,
58
- userfilter: Optional[pulumi.Input[str]] = None,
59
- username_as_alias: Optional[pulumi.Input[bool]] = None):
23
+ url: pulumi.Input[builtins.str],
24
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
25
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
26
+ case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
27
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
28
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
29
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
30
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
31
+ deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
32
+ description: Optional[pulumi.Input[builtins.str]] = None,
33
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
34
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
35
+ discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
36
+ groupattr: Optional[pulumi.Input[builtins.str]] = None,
37
+ groupdn: Optional[pulumi.Input[builtins.str]] = None,
38
+ groupfilter: Optional[pulumi.Input[builtins.str]] = None,
39
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
40
+ local: Optional[pulumi.Input[builtins.bool]] = None,
41
+ max_page_size: Optional[pulumi.Input[builtins.int]] = None,
42
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
43
+ path: Optional[pulumi.Input[builtins.str]] = None,
44
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
45
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
46
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
47
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
48
+ tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
49
+ tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
50
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
51
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
52
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
53
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
54
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
55
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
56
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
57
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
58
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
59
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
60
+ use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
61
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
62
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
63
+ userfilter: Optional[pulumi.Input[builtins.str]] = None,
64
+ username_as_alias: Optional[pulumi.Input[builtins.bool]] = None):
60
65
  """
61
66
  The set of arguments for constructing a AuthBackend resource.
62
- :param pulumi.Input[str] url: The URL of the LDAP server
63
- :param pulumi.Input[str] binddn: DN of object to bind when performing user search
64
- :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
65
- :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
66
- :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
67
- :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
68
- :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
69
- :param pulumi.Input[str] description: Description for the LDAP auth backend mount
70
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
67
+ :param pulumi.Input[builtins.str] url: The URL of the LDAP server
68
+ :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
69
+ :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
70
+ :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
71
+ :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
72
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
73
+ :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
74
+ :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
75
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
76
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
71
77
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
72
- :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
73
- :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
74
- :param pulumi.Input[str] groupdn: Base DN under which to perform group search
75
- :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
76
- :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
77
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
78
- :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
78
+ :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
79
+ :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
80
+ :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
81
+ :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
82
+ :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
83
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
84
+ :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
79
85
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
80
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
86
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
81
87
  The value should not contain leading or trailing forward slashes.
82
88
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
83
89
  *Available only for Vault Enterprise*.
84
- :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
85
- :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
86
- :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
87
- :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
88
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
89
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
90
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
91
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
92
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
93
- :param pulumi.Input[int] token_period: Generated Token's Period
94
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
95
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
96
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
97
- :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
98
- :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
99
- :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
100
- :param pulumi.Input[str] userdn: Base DN under which to perform user search
101
- :param pulumi.Input[str] userfilter: LDAP user search filter
102
- :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
90
+ :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
91
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
92
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
93
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
94
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
95
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
96
+ a rotation when a scheduled token rotation occurs. The default rotation window is
97
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
98
+ :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
99
+ :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
100
+ :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
101
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
102
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
103
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
104
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
105
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
106
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
107
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
108
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
109
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
110
+ :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
111
+ :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
112
+ :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
113
+ :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
114
+ :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
115
+ :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
103
116
  """
104
117
  pulumi.set(__self__, "url", url)
105
118
  if binddn is not None:
@@ -120,6 +133,8 @@ class AuthBackendArgs:
120
133
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
121
134
  if description is not None:
122
135
  pulumi.set(__self__, "description", description)
136
+ if disable_automated_rotation is not None:
137
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
123
138
  if disable_remount is not None:
124
139
  pulumi.set(__self__, "disable_remount", disable_remount)
125
140
  if discoverdn is not None:
@@ -140,6 +155,12 @@ class AuthBackendArgs:
140
155
  pulumi.set(__self__, "namespace", namespace)
141
156
  if path is not None:
142
157
  pulumi.set(__self__, "path", path)
158
+ if rotation_period is not None:
159
+ pulumi.set(__self__, "rotation_period", rotation_period)
160
+ if rotation_schedule is not None:
161
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
162
+ if rotation_window is not None:
163
+ pulumi.set(__self__, "rotation_window", rotation_window)
143
164
  if starttls is not None:
144
165
  pulumi.set(__self__, "starttls", starttls)
145
166
  if tls_max_version is not None:
@@ -179,121 +200,133 @@ class AuthBackendArgs:
179
200
 
180
201
  @property
181
202
  @pulumi.getter
182
- def url(self) -> pulumi.Input[str]:
203
+ def url(self) -> pulumi.Input[builtins.str]:
183
204
  """
184
205
  The URL of the LDAP server
185
206
  """
186
207
  return pulumi.get(self, "url")
187
208
 
188
209
  @url.setter
189
- def url(self, value: pulumi.Input[str]):
210
+ def url(self, value: pulumi.Input[builtins.str]):
190
211
  pulumi.set(self, "url", value)
191
212
 
192
213
  @property
193
214
  @pulumi.getter
194
- def binddn(self) -> Optional[pulumi.Input[str]]:
215
+ def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
195
216
  """
196
217
  DN of object to bind when performing user search
197
218
  """
198
219
  return pulumi.get(self, "binddn")
199
220
 
200
221
  @binddn.setter
201
- def binddn(self, value: Optional[pulumi.Input[str]]):
222
+ def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
202
223
  pulumi.set(self, "binddn", value)
203
224
 
204
225
  @property
205
226
  @pulumi.getter
206
- def bindpass(self) -> Optional[pulumi.Input[str]]:
227
+ def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
207
228
  """
208
229
  Password to use with `binddn` when performing user search
209
230
  """
210
231
  return pulumi.get(self, "bindpass")
211
232
 
212
233
  @bindpass.setter
213
- def bindpass(self, value: Optional[pulumi.Input[str]]):
234
+ def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
214
235
  pulumi.set(self, "bindpass", value)
215
236
 
216
237
  @property
217
238
  @pulumi.getter(name="caseSensitiveNames")
218
- def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
239
+ def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
219
240
  """
220
241
  Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
221
242
  """
222
243
  return pulumi.get(self, "case_sensitive_names")
223
244
 
224
245
  @case_sensitive_names.setter
225
- def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
246
+ def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
226
247
  pulumi.set(self, "case_sensitive_names", value)
227
248
 
228
249
  @property
229
250
  @pulumi.getter
230
- def certificate(self) -> Optional[pulumi.Input[str]]:
251
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
231
252
  """
232
253
  Trusted CA to validate TLS certificate
233
254
  """
234
255
  return pulumi.get(self, "certificate")
235
256
 
236
257
  @certificate.setter
237
- def certificate(self, value: Optional[pulumi.Input[str]]):
258
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
238
259
  pulumi.set(self, "certificate", value)
239
260
 
240
261
  @property
241
262
  @pulumi.getter(name="clientTlsCert")
242
- def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
263
+ def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
243
264
  return pulumi.get(self, "client_tls_cert")
244
265
 
245
266
  @client_tls_cert.setter
246
- def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
267
+ def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
247
268
  pulumi.set(self, "client_tls_cert", value)
248
269
 
249
270
  @property
250
271
  @pulumi.getter(name="clientTlsKey")
251
- def client_tls_key(self) -> Optional[pulumi.Input[str]]:
272
+ def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
252
273
  return pulumi.get(self, "client_tls_key")
253
274
 
254
275
  @client_tls_key.setter
255
- def client_tls_key(self, value: Optional[pulumi.Input[str]]):
276
+ def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
256
277
  pulumi.set(self, "client_tls_key", value)
257
278
 
258
279
  @property
259
280
  @pulumi.getter(name="connectionTimeout")
260
- def connection_timeout(self) -> Optional[pulumi.Input[int]]:
281
+ def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
261
282
  """
262
283
  Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
263
284
  """
264
285
  return pulumi.get(self, "connection_timeout")
265
286
 
266
287
  @connection_timeout.setter
267
- def connection_timeout(self, value: Optional[pulumi.Input[int]]):
288
+ def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
268
289
  pulumi.set(self, "connection_timeout", value)
269
290
 
270
291
  @property
271
292
  @pulumi.getter(name="denyNullBind")
272
- def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
293
+ def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
273
294
  """
274
295
  Prevents users from bypassing authentication when providing an empty password.
275
296
  """
276
297
  return pulumi.get(self, "deny_null_bind")
277
298
 
278
299
  @deny_null_bind.setter
279
- def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
300
+ def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
280
301
  pulumi.set(self, "deny_null_bind", value)
281
302
 
282
303
  @property
283
304
  @pulumi.getter
284
- def description(self) -> Optional[pulumi.Input[str]]:
305
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
285
306
  """
286
307
  Description for the LDAP auth backend mount
287
308
  """
288
309
  return pulumi.get(self, "description")
289
310
 
290
311
  @description.setter
291
- def description(self, value: Optional[pulumi.Input[str]]):
312
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
292
313
  pulumi.set(self, "description", value)
293
314
 
315
+ @property
316
+ @pulumi.getter(name="disableAutomatedRotation")
317
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
318
+ """
319
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
320
+ """
321
+ return pulumi.get(self, "disable_automated_rotation")
322
+
323
+ @disable_automated_rotation.setter
324
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
325
+ pulumi.set(self, "disable_automated_rotation", value)
326
+
294
327
  @property
295
328
  @pulumi.getter(name="disableRemount")
296
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
329
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
297
330
  """
298
331
  If set, opts out of mount migration on path updates.
299
332
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -301,84 +334,84 @@ class AuthBackendArgs:
301
334
  return pulumi.get(self, "disable_remount")
302
335
 
303
336
  @disable_remount.setter
304
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
337
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
305
338
  pulumi.set(self, "disable_remount", value)
306
339
 
307
340
  @property
308
341
  @pulumi.getter
309
- def discoverdn(self) -> Optional[pulumi.Input[bool]]:
342
+ def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
310
343
  """
311
344
  Use anonymous bind to discover the bind DN of a user.
312
345
  """
313
346
  return pulumi.get(self, "discoverdn")
314
347
 
315
348
  @discoverdn.setter
316
- def discoverdn(self, value: Optional[pulumi.Input[bool]]):
349
+ def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
317
350
  pulumi.set(self, "discoverdn", value)
318
351
 
319
352
  @property
320
353
  @pulumi.getter
321
- def groupattr(self) -> Optional[pulumi.Input[str]]:
354
+ def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
322
355
  """
323
356
  LDAP attribute to follow on objects returned by groupfilter
324
357
  """
325
358
  return pulumi.get(self, "groupattr")
326
359
 
327
360
  @groupattr.setter
328
- def groupattr(self, value: Optional[pulumi.Input[str]]):
361
+ def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
329
362
  pulumi.set(self, "groupattr", value)
330
363
 
331
364
  @property
332
365
  @pulumi.getter
333
- def groupdn(self) -> Optional[pulumi.Input[str]]:
366
+ def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
334
367
  """
335
368
  Base DN under which to perform group search
336
369
  """
337
370
  return pulumi.get(self, "groupdn")
338
371
 
339
372
  @groupdn.setter
340
- def groupdn(self, value: Optional[pulumi.Input[str]]):
373
+ def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
341
374
  pulumi.set(self, "groupdn", value)
342
375
 
343
376
  @property
344
377
  @pulumi.getter
345
- def groupfilter(self) -> Optional[pulumi.Input[str]]:
378
+ def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
346
379
  """
347
380
  Go template used to construct group membership query
348
381
  """
349
382
  return pulumi.get(self, "groupfilter")
350
383
 
351
384
  @groupfilter.setter
352
- def groupfilter(self, value: Optional[pulumi.Input[str]]):
385
+ def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
353
386
  pulumi.set(self, "groupfilter", value)
354
387
 
355
388
  @property
356
389
  @pulumi.getter(name="insecureTls")
357
- def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
390
+ def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
358
391
  """
359
392
  Control whether or TLS certificates must be validated
360
393
  """
361
394
  return pulumi.get(self, "insecure_tls")
362
395
 
363
396
  @insecure_tls.setter
364
- def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
397
+ def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
365
398
  pulumi.set(self, "insecure_tls", value)
366
399
 
367
400
  @property
368
401
  @pulumi.getter
369
- def local(self) -> Optional[pulumi.Input[bool]]:
402
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
370
403
  """
371
404
  Specifies if the auth method is local only.
372
405
  """
373
406
  return pulumi.get(self, "local")
374
407
 
375
408
  @local.setter
376
- def local(self, value: Optional[pulumi.Input[bool]]):
409
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
377
410
  pulumi.set(self, "local", value)
378
411
 
379
412
  @property
380
413
  @pulumi.getter(name="maxPageSize")
381
- def max_page_size(self) -> Optional[pulumi.Input[int]]:
414
+ def max_page_size(self) -> Optional[pulumi.Input[builtins.int]]:
382
415
  """
383
416
  Sets the max page size for LDAP lookups, by default it's set to -1.
384
417
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
@@ -386,12 +419,12 @@ class AuthBackendArgs:
386
419
  return pulumi.get(self, "max_page_size")
387
420
 
388
421
  @max_page_size.setter
389
- def max_page_size(self, value: Optional[pulumi.Input[int]]):
422
+ def max_page_size(self, value: Optional[pulumi.Input[builtins.int]]):
390
423
  pulumi.set(self, "max_page_size", value)
391
424
 
392
425
  @property
393
426
  @pulumi.getter
394
- def namespace(self) -> Optional[pulumi.Input[str]]:
427
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
395
428
  """
396
429
  The namespace to provision the resource in.
397
430
  The value should not contain leading or trailing forward slashes.
@@ -401,324 +434,376 @@ class AuthBackendArgs:
401
434
  return pulumi.get(self, "namespace")
402
435
 
403
436
  @namespace.setter
404
- def namespace(self, value: Optional[pulumi.Input[str]]):
437
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
405
438
  pulumi.set(self, "namespace", value)
406
439
 
407
440
  @property
408
441
  @pulumi.getter
409
- def path(self) -> Optional[pulumi.Input[str]]:
442
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
410
443
  """
411
444
  Path to mount the LDAP auth backend under
412
445
  """
413
446
  return pulumi.get(self, "path")
414
447
 
415
448
  @path.setter
416
- def path(self, value: Optional[pulumi.Input[str]]):
449
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
417
450
  pulumi.set(self, "path", value)
418
451
 
452
+ @property
453
+ @pulumi.getter(name="rotationPeriod")
454
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
455
+ """
456
+ The amount of time in seconds Vault should wait before rotating the root credential.
457
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
458
+ """
459
+ return pulumi.get(self, "rotation_period")
460
+
461
+ @rotation_period.setter
462
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
463
+ pulumi.set(self, "rotation_period", value)
464
+
465
+ @property
466
+ @pulumi.getter(name="rotationSchedule")
467
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
468
+ """
469
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
470
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
471
+ """
472
+ return pulumi.get(self, "rotation_schedule")
473
+
474
+ @rotation_schedule.setter
475
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
476
+ pulumi.set(self, "rotation_schedule", value)
477
+
478
+ @property
479
+ @pulumi.getter(name="rotationWindow")
480
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
481
+ """
482
+ The maximum amount of time in seconds allowed to complete
483
+ a rotation when a scheduled token rotation occurs. The default rotation window is
484
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
485
+ """
486
+ return pulumi.get(self, "rotation_window")
487
+
488
+ @rotation_window.setter
489
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
490
+ pulumi.set(self, "rotation_window", value)
491
+
419
492
  @property
420
493
  @pulumi.getter
421
- def starttls(self) -> Optional[pulumi.Input[bool]]:
494
+ def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
422
495
  """
423
496
  Control use of TLS when conecting to LDAP
424
497
  """
425
498
  return pulumi.get(self, "starttls")
426
499
 
427
500
  @starttls.setter
428
- def starttls(self, value: Optional[pulumi.Input[bool]]):
501
+ def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
429
502
  pulumi.set(self, "starttls", value)
430
503
 
431
504
  @property
432
505
  @pulumi.getter(name="tlsMaxVersion")
433
- def tls_max_version(self) -> Optional[pulumi.Input[str]]:
506
+ def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
434
507
  """
435
508
  Maximum acceptable version of TLS
436
509
  """
437
510
  return pulumi.get(self, "tls_max_version")
438
511
 
439
512
  @tls_max_version.setter
440
- def tls_max_version(self, value: Optional[pulumi.Input[str]]):
513
+ def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
441
514
  pulumi.set(self, "tls_max_version", value)
442
515
 
443
516
  @property
444
517
  @pulumi.getter(name="tlsMinVersion")
445
- def tls_min_version(self) -> Optional[pulumi.Input[str]]:
518
+ def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
446
519
  """
447
520
  Minimum acceptable version of TLS
448
521
  """
449
522
  return pulumi.get(self, "tls_min_version")
450
523
 
451
524
  @tls_min_version.setter
452
- def tls_min_version(self, value: Optional[pulumi.Input[str]]):
525
+ def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
453
526
  pulumi.set(self, "tls_min_version", value)
454
527
 
455
528
  @property
456
529
  @pulumi.getter(name="tokenBoundCidrs")
457
- def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
530
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
458
531
  """
459
532
  Specifies the blocks of IP addresses which are allowed to use the generated token
460
533
  """
461
534
  return pulumi.get(self, "token_bound_cidrs")
462
535
 
463
536
  @token_bound_cidrs.setter
464
- def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
537
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
465
538
  pulumi.set(self, "token_bound_cidrs", value)
466
539
 
467
540
  @property
468
541
  @pulumi.getter(name="tokenExplicitMaxTtl")
469
- def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
542
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
470
543
  """
471
544
  Generated Token's Explicit Maximum TTL in seconds
472
545
  """
473
546
  return pulumi.get(self, "token_explicit_max_ttl")
474
547
 
475
548
  @token_explicit_max_ttl.setter
476
- def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
549
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
477
550
  pulumi.set(self, "token_explicit_max_ttl", value)
478
551
 
479
552
  @property
480
553
  @pulumi.getter(name="tokenMaxTtl")
481
- def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
554
+ def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
482
555
  """
483
556
  The maximum lifetime of the generated token
484
557
  """
485
558
  return pulumi.get(self, "token_max_ttl")
486
559
 
487
560
  @token_max_ttl.setter
488
- def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
561
+ def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
489
562
  pulumi.set(self, "token_max_ttl", value)
490
563
 
491
564
  @property
492
565
  @pulumi.getter(name="tokenNoDefaultPolicy")
493
- def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
566
+ def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
494
567
  """
495
568
  If true, the 'default' policy will not automatically be added to generated tokens
496
569
  """
497
570
  return pulumi.get(self, "token_no_default_policy")
498
571
 
499
572
  @token_no_default_policy.setter
500
- def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
573
+ def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
501
574
  pulumi.set(self, "token_no_default_policy", value)
502
575
 
503
576
  @property
504
577
  @pulumi.getter(name="tokenNumUses")
505
- def token_num_uses(self) -> Optional[pulumi.Input[int]]:
578
+ def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
506
579
  """
507
580
  The maximum number of times a token may be used, a value of zero means unlimited
508
581
  """
509
582
  return pulumi.get(self, "token_num_uses")
510
583
 
511
584
  @token_num_uses.setter
512
- def token_num_uses(self, value: Optional[pulumi.Input[int]]):
585
+ def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
513
586
  pulumi.set(self, "token_num_uses", value)
514
587
 
515
588
  @property
516
589
  @pulumi.getter(name="tokenPeriod")
517
- def token_period(self) -> Optional[pulumi.Input[int]]:
590
+ def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
518
591
  """
519
592
  Generated Token's Period
520
593
  """
521
594
  return pulumi.get(self, "token_period")
522
595
 
523
596
  @token_period.setter
524
- def token_period(self, value: Optional[pulumi.Input[int]]):
597
+ def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
525
598
  pulumi.set(self, "token_period", value)
526
599
 
527
600
  @property
528
601
  @pulumi.getter(name="tokenPolicies")
529
- def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
602
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
530
603
  """
531
604
  Generated Token's Policies
532
605
  """
533
606
  return pulumi.get(self, "token_policies")
534
607
 
535
608
  @token_policies.setter
536
- def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
609
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
537
610
  pulumi.set(self, "token_policies", value)
538
611
 
539
612
  @property
540
613
  @pulumi.getter(name="tokenTtl")
541
- def token_ttl(self) -> Optional[pulumi.Input[int]]:
614
+ def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
542
615
  """
543
616
  The initial ttl of the token to generate in seconds
544
617
  """
545
618
  return pulumi.get(self, "token_ttl")
546
619
 
547
620
  @token_ttl.setter
548
- def token_ttl(self, value: Optional[pulumi.Input[int]]):
621
+ def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
549
622
  pulumi.set(self, "token_ttl", value)
550
623
 
551
624
  @property
552
625
  @pulumi.getter(name="tokenType")
553
- def token_type(self) -> Optional[pulumi.Input[str]]:
626
+ def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
554
627
  """
555
628
  The type of token to generate, service or batch
556
629
  """
557
630
  return pulumi.get(self, "token_type")
558
631
 
559
632
  @token_type.setter
560
- def token_type(self, value: Optional[pulumi.Input[str]]):
633
+ def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
561
634
  pulumi.set(self, "token_type", value)
562
635
 
563
636
  @property
564
637
  @pulumi.getter
565
- def upndomain(self) -> Optional[pulumi.Input[str]]:
638
+ def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
566
639
  """
567
640
  The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
568
641
  """
569
642
  return pulumi.get(self, "upndomain")
570
643
 
571
644
  @upndomain.setter
572
- def upndomain(self, value: Optional[pulumi.Input[str]]):
645
+ def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
573
646
  pulumi.set(self, "upndomain", value)
574
647
 
575
648
  @property
576
649
  @pulumi.getter(name="useTokenGroups")
577
- def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
650
+ def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
578
651
  """
579
652
  Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
580
653
  """
581
654
  return pulumi.get(self, "use_token_groups")
582
655
 
583
656
  @use_token_groups.setter
584
- def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
657
+ def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
585
658
  pulumi.set(self, "use_token_groups", value)
586
659
 
587
660
  @property
588
661
  @pulumi.getter
589
- def userattr(self) -> Optional[pulumi.Input[str]]:
662
+ def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
590
663
  """
591
664
  Attribute on user object matching username passed in
592
665
  """
593
666
  return pulumi.get(self, "userattr")
594
667
 
595
668
  @userattr.setter
596
- def userattr(self, value: Optional[pulumi.Input[str]]):
669
+ def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
597
670
  pulumi.set(self, "userattr", value)
598
671
 
599
672
  @property
600
673
  @pulumi.getter
601
- def userdn(self) -> Optional[pulumi.Input[str]]:
674
+ def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
602
675
  """
603
676
  Base DN under which to perform user search
604
677
  """
605
678
  return pulumi.get(self, "userdn")
606
679
 
607
680
  @userdn.setter
608
- def userdn(self, value: Optional[pulumi.Input[str]]):
681
+ def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
609
682
  pulumi.set(self, "userdn", value)
610
683
 
611
684
  @property
612
685
  @pulumi.getter
613
- def userfilter(self) -> Optional[pulumi.Input[str]]:
686
+ def userfilter(self) -> Optional[pulumi.Input[builtins.str]]:
614
687
  """
615
688
  LDAP user search filter
616
689
  """
617
690
  return pulumi.get(self, "userfilter")
618
691
 
619
692
  @userfilter.setter
620
- def userfilter(self, value: Optional[pulumi.Input[str]]):
693
+ def userfilter(self, value: Optional[pulumi.Input[builtins.str]]):
621
694
  pulumi.set(self, "userfilter", value)
622
695
 
623
696
  @property
624
697
  @pulumi.getter(name="usernameAsAlias")
625
- def username_as_alias(self) -> Optional[pulumi.Input[bool]]:
698
+ def username_as_alias(self) -> Optional[pulumi.Input[builtins.bool]]:
626
699
  """
627
700
  Force the auth method to use the username passed by the user as the alias name.
628
701
  """
629
702
  return pulumi.get(self, "username_as_alias")
630
703
 
631
704
  @username_as_alias.setter
632
- def username_as_alias(self, value: Optional[pulumi.Input[bool]]):
705
+ def username_as_alias(self, value: Optional[pulumi.Input[builtins.bool]]):
633
706
  pulumi.set(self, "username_as_alias", value)
634
707
 
635
708
 
636
709
  @pulumi.input_type
637
710
  class _AuthBackendState:
638
711
  def __init__(__self__, *,
639
- accessor: Optional[pulumi.Input[str]] = None,
640
- binddn: Optional[pulumi.Input[str]] = None,
641
- bindpass: Optional[pulumi.Input[str]] = None,
642
- case_sensitive_names: Optional[pulumi.Input[bool]] = None,
643
- certificate: Optional[pulumi.Input[str]] = None,
644
- client_tls_cert: Optional[pulumi.Input[str]] = None,
645
- client_tls_key: Optional[pulumi.Input[str]] = None,
646
- connection_timeout: Optional[pulumi.Input[int]] = None,
647
- deny_null_bind: Optional[pulumi.Input[bool]] = None,
648
- description: Optional[pulumi.Input[str]] = None,
649
- disable_remount: Optional[pulumi.Input[bool]] = None,
650
- discoverdn: Optional[pulumi.Input[bool]] = None,
651
- groupattr: Optional[pulumi.Input[str]] = None,
652
- groupdn: Optional[pulumi.Input[str]] = None,
653
- groupfilter: Optional[pulumi.Input[str]] = None,
654
- insecure_tls: Optional[pulumi.Input[bool]] = None,
655
- local: Optional[pulumi.Input[bool]] = None,
656
- max_page_size: Optional[pulumi.Input[int]] = None,
657
- namespace: Optional[pulumi.Input[str]] = None,
658
- path: Optional[pulumi.Input[str]] = None,
659
- starttls: Optional[pulumi.Input[bool]] = None,
660
- tls_max_version: Optional[pulumi.Input[str]] = None,
661
- tls_min_version: Optional[pulumi.Input[str]] = None,
662
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
663
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
664
- token_max_ttl: Optional[pulumi.Input[int]] = None,
665
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
666
- token_num_uses: Optional[pulumi.Input[int]] = None,
667
- token_period: Optional[pulumi.Input[int]] = None,
668
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
669
- token_ttl: Optional[pulumi.Input[int]] = None,
670
- token_type: Optional[pulumi.Input[str]] = None,
671
- upndomain: Optional[pulumi.Input[str]] = None,
672
- url: Optional[pulumi.Input[str]] = None,
673
- use_token_groups: Optional[pulumi.Input[bool]] = None,
674
- userattr: Optional[pulumi.Input[str]] = None,
675
- userdn: Optional[pulumi.Input[str]] = None,
676
- userfilter: Optional[pulumi.Input[str]] = None,
677
- username_as_alias: Optional[pulumi.Input[bool]] = None):
712
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
713
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
714
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
715
+ case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
716
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
717
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
718
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
719
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
720
+ deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
721
+ description: Optional[pulumi.Input[builtins.str]] = None,
722
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
723
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
724
+ discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
725
+ groupattr: Optional[pulumi.Input[builtins.str]] = None,
726
+ groupdn: Optional[pulumi.Input[builtins.str]] = None,
727
+ groupfilter: Optional[pulumi.Input[builtins.str]] = None,
728
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
729
+ local: Optional[pulumi.Input[builtins.bool]] = None,
730
+ max_page_size: Optional[pulumi.Input[builtins.int]] = None,
731
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
732
+ path: Optional[pulumi.Input[builtins.str]] = None,
733
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
734
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
735
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
736
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
737
+ tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
738
+ tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
739
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
740
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
741
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
742
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
743
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
744
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
745
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
746
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
747
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
748
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
749
+ url: Optional[pulumi.Input[builtins.str]] = None,
750
+ use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
751
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
752
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
753
+ userfilter: Optional[pulumi.Input[builtins.str]] = None,
754
+ username_as_alias: Optional[pulumi.Input[builtins.bool]] = None):
678
755
  """
679
756
  Input properties used for looking up and filtering AuthBackend resources.
680
- :param pulumi.Input[str] accessor: The accessor for this auth mount.
681
- :param pulumi.Input[str] binddn: DN of object to bind when performing user search
682
- :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
683
- :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
684
- :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
685
- :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
686
- :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
687
- :param pulumi.Input[str] description: Description for the LDAP auth backend mount
688
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
757
+ :param pulumi.Input[builtins.str] accessor: The accessor for this auth mount.
758
+ :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
759
+ :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
760
+ :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
761
+ :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
762
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
763
+ :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
764
+ :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
765
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
766
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
689
767
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
690
- :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
691
- :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
692
- :param pulumi.Input[str] groupdn: Base DN under which to perform group search
693
- :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
694
- :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
695
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
696
- :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
768
+ :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
769
+ :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
770
+ :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
771
+ :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
772
+ :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
773
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
774
+ :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
697
775
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
698
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
776
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
699
777
  The value should not contain leading or trailing forward slashes.
700
778
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
701
779
  *Available only for Vault Enterprise*.
702
- :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
703
- :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
704
- :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
705
- :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
706
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
707
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
708
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
709
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
710
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
711
- :param pulumi.Input[int] token_period: Generated Token's Period
712
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
713
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
714
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
715
- :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
716
- :param pulumi.Input[str] url: The URL of the LDAP server
717
- :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
718
- :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
719
- :param pulumi.Input[str] userdn: Base DN under which to perform user search
720
- :param pulumi.Input[str] userfilter: LDAP user search filter
721
- :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
780
+ :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
781
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
782
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
783
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
784
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
785
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
786
+ a rotation when a scheduled token rotation occurs. The default rotation window is
787
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
788
+ :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
789
+ :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
790
+ :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
791
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
792
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
793
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
794
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
795
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
796
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
797
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
798
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
799
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
800
+ :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
801
+ :param pulumi.Input[builtins.str] url: The URL of the LDAP server
802
+ :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
803
+ :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
804
+ :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
805
+ :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
806
+ :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
722
807
  """
723
808
  if accessor is not None:
724
809
  pulumi.set(__self__, "accessor", accessor)
@@ -740,6 +825,8 @@ class _AuthBackendState:
740
825
  pulumi.set(__self__, "deny_null_bind", deny_null_bind)
741
826
  if description is not None:
742
827
  pulumi.set(__self__, "description", description)
828
+ if disable_automated_rotation is not None:
829
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
743
830
  if disable_remount is not None:
744
831
  pulumi.set(__self__, "disable_remount", disable_remount)
745
832
  if discoverdn is not None:
@@ -760,6 +847,12 @@ class _AuthBackendState:
760
847
  pulumi.set(__self__, "namespace", namespace)
761
848
  if path is not None:
762
849
  pulumi.set(__self__, "path", path)
850
+ if rotation_period is not None:
851
+ pulumi.set(__self__, "rotation_period", rotation_period)
852
+ if rotation_schedule is not None:
853
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
854
+ if rotation_window is not None:
855
+ pulumi.set(__self__, "rotation_window", rotation_window)
763
856
  if starttls is not None:
764
857
  pulumi.set(__self__, "starttls", starttls)
765
858
  if tls_max_version is not None:
@@ -801,121 +894,133 @@ class _AuthBackendState:
801
894
 
802
895
  @property
803
896
  @pulumi.getter
804
- def accessor(self) -> Optional[pulumi.Input[str]]:
897
+ def accessor(self) -> Optional[pulumi.Input[builtins.str]]:
805
898
  """
806
899
  The accessor for this auth mount.
807
900
  """
808
901
  return pulumi.get(self, "accessor")
809
902
 
810
903
  @accessor.setter
811
- def accessor(self, value: Optional[pulumi.Input[str]]):
904
+ def accessor(self, value: Optional[pulumi.Input[builtins.str]]):
812
905
  pulumi.set(self, "accessor", value)
813
906
 
814
907
  @property
815
908
  @pulumi.getter
816
- def binddn(self) -> Optional[pulumi.Input[str]]:
909
+ def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
817
910
  """
818
911
  DN of object to bind when performing user search
819
912
  """
820
913
  return pulumi.get(self, "binddn")
821
914
 
822
915
  @binddn.setter
823
- def binddn(self, value: Optional[pulumi.Input[str]]):
916
+ def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
824
917
  pulumi.set(self, "binddn", value)
825
918
 
826
919
  @property
827
920
  @pulumi.getter
828
- def bindpass(self) -> Optional[pulumi.Input[str]]:
921
+ def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
829
922
  """
830
923
  Password to use with `binddn` when performing user search
831
924
  """
832
925
  return pulumi.get(self, "bindpass")
833
926
 
834
927
  @bindpass.setter
835
- def bindpass(self, value: Optional[pulumi.Input[str]]):
928
+ def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
836
929
  pulumi.set(self, "bindpass", value)
837
930
 
838
931
  @property
839
932
  @pulumi.getter(name="caseSensitiveNames")
840
- def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
933
+ def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
841
934
  """
842
935
  Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
843
936
  """
844
937
  return pulumi.get(self, "case_sensitive_names")
845
938
 
846
939
  @case_sensitive_names.setter
847
- def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
940
+ def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
848
941
  pulumi.set(self, "case_sensitive_names", value)
849
942
 
850
943
  @property
851
944
  @pulumi.getter
852
- def certificate(self) -> Optional[pulumi.Input[str]]:
945
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
853
946
  """
854
947
  Trusted CA to validate TLS certificate
855
948
  """
856
949
  return pulumi.get(self, "certificate")
857
950
 
858
951
  @certificate.setter
859
- def certificate(self, value: Optional[pulumi.Input[str]]):
952
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
860
953
  pulumi.set(self, "certificate", value)
861
954
 
862
955
  @property
863
956
  @pulumi.getter(name="clientTlsCert")
864
- def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
957
+ def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
865
958
  return pulumi.get(self, "client_tls_cert")
866
959
 
867
960
  @client_tls_cert.setter
868
- def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
961
+ def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
869
962
  pulumi.set(self, "client_tls_cert", value)
870
963
 
871
964
  @property
872
965
  @pulumi.getter(name="clientTlsKey")
873
- def client_tls_key(self) -> Optional[pulumi.Input[str]]:
966
+ def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
874
967
  return pulumi.get(self, "client_tls_key")
875
968
 
876
969
  @client_tls_key.setter
877
- def client_tls_key(self, value: Optional[pulumi.Input[str]]):
970
+ def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
878
971
  pulumi.set(self, "client_tls_key", value)
879
972
 
880
973
  @property
881
974
  @pulumi.getter(name="connectionTimeout")
882
- def connection_timeout(self) -> Optional[pulumi.Input[int]]:
975
+ def connection_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
883
976
  """
884
977
  Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
885
978
  """
886
979
  return pulumi.get(self, "connection_timeout")
887
980
 
888
981
  @connection_timeout.setter
889
- def connection_timeout(self, value: Optional[pulumi.Input[int]]):
982
+ def connection_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
890
983
  pulumi.set(self, "connection_timeout", value)
891
984
 
892
985
  @property
893
986
  @pulumi.getter(name="denyNullBind")
894
- def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
987
+ def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
895
988
  """
896
989
  Prevents users from bypassing authentication when providing an empty password.
897
990
  """
898
991
  return pulumi.get(self, "deny_null_bind")
899
992
 
900
993
  @deny_null_bind.setter
901
- def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
994
+ def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
902
995
  pulumi.set(self, "deny_null_bind", value)
903
996
 
904
997
  @property
905
998
  @pulumi.getter
906
- def description(self) -> Optional[pulumi.Input[str]]:
999
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
907
1000
  """
908
1001
  Description for the LDAP auth backend mount
909
1002
  """
910
1003
  return pulumi.get(self, "description")
911
1004
 
912
1005
  @description.setter
913
- def description(self, value: Optional[pulumi.Input[str]]):
1006
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
914
1007
  pulumi.set(self, "description", value)
915
1008
 
1009
+ @property
1010
+ @pulumi.getter(name="disableAutomatedRotation")
1011
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[builtins.bool]]:
1012
+ """
1013
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1014
+ """
1015
+ return pulumi.get(self, "disable_automated_rotation")
1016
+
1017
+ @disable_automated_rotation.setter
1018
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[builtins.bool]]):
1019
+ pulumi.set(self, "disable_automated_rotation", value)
1020
+
916
1021
  @property
917
1022
  @pulumi.getter(name="disableRemount")
918
- def disable_remount(self) -> Optional[pulumi.Input[bool]]:
1023
+ def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
919
1024
  """
920
1025
  If set, opts out of mount migration on path updates.
921
1026
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -923,84 +1028,84 @@ class _AuthBackendState:
923
1028
  return pulumi.get(self, "disable_remount")
924
1029
 
925
1030
  @disable_remount.setter
926
- def disable_remount(self, value: Optional[pulumi.Input[bool]]):
1031
+ def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
927
1032
  pulumi.set(self, "disable_remount", value)
928
1033
 
929
1034
  @property
930
1035
  @pulumi.getter
931
- def discoverdn(self) -> Optional[pulumi.Input[bool]]:
1036
+ def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
932
1037
  """
933
1038
  Use anonymous bind to discover the bind DN of a user.
934
1039
  """
935
1040
  return pulumi.get(self, "discoverdn")
936
1041
 
937
1042
  @discoverdn.setter
938
- def discoverdn(self, value: Optional[pulumi.Input[bool]]):
1043
+ def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
939
1044
  pulumi.set(self, "discoverdn", value)
940
1045
 
941
1046
  @property
942
1047
  @pulumi.getter
943
- def groupattr(self) -> Optional[pulumi.Input[str]]:
1048
+ def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
944
1049
  """
945
1050
  LDAP attribute to follow on objects returned by groupfilter
946
1051
  """
947
1052
  return pulumi.get(self, "groupattr")
948
1053
 
949
1054
  @groupattr.setter
950
- def groupattr(self, value: Optional[pulumi.Input[str]]):
1055
+ def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
951
1056
  pulumi.set(self, "groupattr", value)
952
1057
 
953
1058
  @property
954
1059
  @pulumi.getter
955
- def groupdn(self) -> Optional[pulumi.Input[str]]:
1060
+ def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
956
1061
  """
957
1062
  Base DN under which to perform group search
958
1063
  """
959
1064
  return pulumi.get(self, "groupdn")
960
1065
 
961
1066
  @groupdn.setter
962
- def groupdn(self, value: Optional[pulumi.Input[str]]):
1067
+ def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
963
1068
  pulumi.set(self, "groupdn", value)
964
1069
 
965
1070
  @property
966
1071
  @pulumi.getter
967
- def groupfilter(self) -> Optional[pulumi.Input[str]]:
1072
+ def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
968
1073
  """
969
1074
  Go template used to construct group membership query
970
1075
  """
971
1076
  return pulumi.get(self, "groupfilter")
972
1077
 
973
1078
  @groupfilter.setter
974
- def groupfilter(self, value: Optional[pulumi.Input[str]]):
1079
+ def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
975
1080
  pulumi.set(self, "groupfilter", value)
976
1081
 
977
1082
  @property
978
1083
  @pulumi.getter(name="insecureTls")
979
- def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
1084
+ def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
980
1085
  """
981
1086
  Control whether or TLS certificates must be validated
982
1087
  """
983
1088
  return pulumi.get(self, "insecure_tls")
984
1089
 
985
1090
  @insecure_tls.setter
986
- def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
1091
+ def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
987
1092
  pulumi.set(self, "insecure_tls", value)
988
1093
 
989
1094
  @property
990
1095
  @pulumi.getter
991
- def local(self) -> Optional[pulumi.Input[bool]]:
1096
+ def local(self) -> Optional[pulumi.Input[builtins.bool]]:
992
1097
  """
993
1098
  Specifies if the auth method is local only.
994
1099
  """
995
1100
  return pulumi.get(self, "local")
996
1101
 
997
1102
  @local.setter
998
- def local(self, value: Optional[pulumi.Input[bool]]):
1103
+ def local(self, value: Optional[pulumi.Input[builtins.bool]]):
999
1104
  pulumi.set(self, "local", value)
1000
1105
 
1001
1106
  @property
1002
1107
  @pulumi.getter(name="maxPageSize")
1003
- def max_page_size(self) -> Optional[pulumi.Input[int]]:
1108
+ def max_page_size(self) -> Optional[pulumi.Input[builtins.int]]:
1004
1109
  """
1005
1110
  Sets the max page size for LDAP lookups, by default it's set to -1.
1006
1111
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
@@ -1008,12 +1113,12 @@ class _AuthBackendState:
1008
1113
  return pulumi.get(self, "max_page_size")
1009
1114
 
1010
1115
  @max_page_size.setter
1011
- def max_page_size(self, value: Optional[pulumi.Input[int]]):
1116
+ def max_page_size(self, value: Optional[pulumi.Input[builtins.int]]):
1012
1117
  pulumi.set(self, "max_page_size", value)
1013
1118
 
1014
1119
  @property
1015
1120
  @pulumi.getter
1016
- def namespace(self) -> Optional[pulumi.Input[str]]:
1121
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
1017
1122
  """
1018
1123
  The namespace to provision the resource in.
1019
1124
  The value should not contain leading or trailing forward slashes.
@@ -1023,247 +1128,287 @@ class _AuthBackendState:
1023
1128
  return pulumi.get(self, "namespace")
1024
1129
 
1025
1130
  @namespace.setter
1026
- def namespace(self, value: Optional[pulumi.Input[str]]):
1131
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
1027
1132
  pulumi.set(self, "namespace", value)
1028
1133
 
1029
1134
  @property
1030
1135
  @pulumi.getter
1031
- def path(self) -> Optional[pulumi.Input[str]]:
1136
+ def path(self) -> Optional[pulumi.Input[builtins.str]]:
1032
1137
  """
1033
1138
  Path to mount the LDAP auth backend under
1034
1139
  """
1035
1140
  return pulumi.get(self, "path")
1036
1141
 
1037
1142
  @path.setter
1038
- def path(self, value: Optional[pulumi.Input[str]]):
1143
+ def path(self, value: Optional[pulumi.Input[builtins.str]]):
1039
1144
  pulumi.set(self, "path", value)
1040
1145
 
1146
+ @property
1147
+ @pulumi.getter(name="rotationPeriod")
1148
+ def rotation_period(self) -> Optional[pulumi.Input[builtins.int]]:
1149
+ """
1150
+ The amount of time in seconds Vault should wait before rotating the root credential.
1151
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1152
+ """
1153
+ return pulumi.get(self, "rotation_period")
1154
+
1155
+ @rotation_period.setter
1156
+ def rotation_period(self, value: Optional[pulumi.Input[builtins.int]]):
1157
+ pulumi.set(self, "rotation_period", value)
1158
+
1159
+ @property
1160
+ @pulumi.getter(name="rotationSchedule")
1161
+ def rotation_schedule(self) -> Optional[pulumi.Input[builtins.str]]:
1162
+ """
1163
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1164
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1165
+ """
1166
+ return pulumi.get(self, "rotation_schedule")
1167
+
1168
+ @rotation_schedule.setter
1169
+ def rotation_schedule(self, value: Optional[pulumi.Input[builtins.str]]):
1170
+ pulumi.set(self, "rotation_schedule", value)
1171
+
1172
+ @property
1173
+ @pulumi.getter(name="rotationWindow")
1174
+ def rotation_window(self) -> Optional[pulumi.Input[builtins.int]]:
1175
+ """
1176
+ The maximum amount of time in seconds allowed to complete
1177
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1178
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1179
+ """
1180
+ return pulumi.get(self, "rotation_window")
1181
+
1182
+ @rotation_window.setter
1183
+ def rotation_window(self, value: Optional[pulumi.Input[builtins.int]]):
1184
+ pulumi.set(self, "rotation_window", value)
1185
+
1041
1186
  @property
1042
1187
  @pulumi.getter
1043
- def starttls(self) -> Optional[pulumi.Input[bool]]:
1188
+ def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
1044
1189
  """
1045
1190
  Control use of TLS when conecting to LDAP
1046
1191
  """
1047
1192
  return pulumi.get(self, "starttls")
1048
1193
 
1049
1194
  @starttls.setter
1050
- def starttls(self, value: Optional[pulumi.Input[bool]]):
1195
+ def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
1051
1196
  pulumi.set(self, "starttls", value)
1052
1197
 
1053
1198
  @property
1054
1199
  @pulumi.getter(name="tlsMaxVersion")
1055
- def tls_max_version(self) -> Optional[pulumi.Input[str]]:
1200
+ def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
1056
1201
  """
1057
1202
  Maximum acceptable version of TLS
1058
1203
  """
1059
1204
  return pulumi.get(self, "tls_max_version")
1060
1205
 
1061
1206
  @tls_max_version.setter
1062
- def tls_max_version(self, value: Optional[pulumi.Input[str]]):
1207
+ def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
1063
1208
  pulumi.set(self, "tls_max_version", value)
1064
1209
 
1065
1210
  @property
1066
1211
  @pulumi.getter(name="tlsMinVersion")
1067
- def tls_min_version(self) -> Optional[pulumi.Input[str]]:
1212
+ def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
1068
1213
  """
1069
1214
  Minimum acceptable version of TLS
1070
1215
  """
1071
1216
  return pulumi.get(self, "tls_min_version")
1072
1217
 
1073
1218
  @tls_min_version.setter
1074
- def tls_min_version(self, value: Optional[pulumi.Input[str]]):
1219
+ def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
1075
1220
  pulumi.set(self, "tls_min_version", value)
1076
1221
 
1077
1222
  @property
1078
1223
  @pulumi.getter(name="tokenBoundCidrs")
1079
- def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1224
+ def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1080
1225
  """
1081
1226
  Specifies the blocks of IP addresses which are allowed to use the generated token
1082
1227
  """
1083
1228
  return pulumi.get(self, "token_bound_cidrs")
1084
1229
 
1085
1230
  @token_bound_cidrs.setter
1086
- def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1231
+ def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1087
1232
  pulumi.set(self, "token_bound_cidrs", value)
1088
1233
 
1089
1234
  @property
1090
1235
  @pulumi.getter(name="tokenExplicitMaxTtl")
1091
- def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
1236
+ def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
1092
1237
  """
1093
1238
  Generated Token's Explicit Maximum TTL in seconds
1094
1239
  """
1095
1240
  return pulumi.get(self, "token_explicit_max_ttl")
1096
1241
 
1097
1242
  @token_explicit_max_ttl.setter
1098
- def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
1243
+ def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
1099
1244
  pulumi.set(self, "token_explicit_max_ttl", value)
1100
1245
 
1101
1246
  @property
1102
1247
  @pulumi.getter(name="tokenMaxTtl")
1103
- def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
1248
+ def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
1104
1249
  """
1105
1250
  The maximum lifetime of the generated token
1106
1251
  """
1107
1252
  return pulumi.get(self, "token_max_ttl")
1108
1253
 
1109
1254
  @token_max_ttl.setter
1110
- def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
1255
+ def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
1111
1256
  pulumi.set(self, "token_max_ttl", value)
1112
1257
 
1113
1258
  @property
1114
1259
  @pulumi.getter(name="tokenNoDefaultPolicy")
1115
- def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
1260
+ def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
1116
1261
  """
1117
1262
  If true, the 'default' policy will not automatically be added to generated tokens
1118
1263
  """
1119
1264
  return pulumi.get(self, "token_no_default_policy")
1120
1265
 
1121
1266
  @token_no_default_policy.setter
1122
- def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
1267
+ def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
1123
1268
  pulumi.set(self, "token_no_default_policy", value)
1124
1269
 
1125
1270
  @property
1126
1271
  @pulumi.getter(name="tokenNumUses")
1127
- def token_num_uses(self) -> Optional[pulumi.Input[int]]:
1272
+ def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
1128
1273
  """
1129
1274
  The maximum number of times a token may be used, a value of zero means unlimited
1130
1275
  """
1131
1276
  return pulumi.get(self, "token_num_uses")
1132
1277
 
1133
1278
  @token_num_uses.setter
1134
- def token_num_uses(self, value: Optional[pulumi.Input[int]]):
1279
+ def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
1135
1280
  pulumi.set(self, "token_num_uses", value)
1136
1281
 
1137
1282
  @property
1138
1283
  @pulumi.getter(name="tokenPeriod")
1139
- def token_period(self) -> Optional[pulumi.Input[int]]:
1284
+ def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
1140
1285
  """
1141
1286
  Generated Token's Period
1142
1287
  """
1143
1288
  return pulumi.get(self, "token_period")
1144
1289
 
1145
1290
  @token_period.setter
1146
- def token_period(self, value: Optional[pulumi.Input[int]]):
1291
+ def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
1147
1292
  pulumi.set(self, "token_period", value)
1148
1293
 
1149
1294
  @property
1150
1295
  @pulumi.getter(name="tokenPolicies")
1151
- def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1296
+ def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1152
1297
  """
1153
1298
  Generated Token's Policies
1154
1299
  """
1155
1300
  return pulumi.get(self, "token_policies")
1156
1301
 
1157
1302
  @token_policies.setter
1158
- def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1303
+ def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1159
1304
  pulumi.set(self, "token_policies", value)
1160
1305
 
1161
1306
  @property
1162
1307
  @pulumi.getter(name="tokenTtl")
1163
- def token_ttl(self) -> Optional[pulumi.Input[int]]:
1308
+ def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
1164
1309
  """
1165
1310
  The initial ttl of the token to generate in seconds
1166
1311
  """
1167
1312
  return pulumi.get(self, "token_ttl")
1168
1313
 
1169
1314
  @token_ttl.setter
1170
- def token_ttl(self, value: Optional[pulumi.Input[int]]):
1315
+ def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
1171
1316
  pulumi.set(self, "token_ttl", value)
1172
1317
 
1173
1318
  @property
1174
1319
  @pulumi.getter(name="tokenType")
1175
- def token_type(self) -> Optional[pulumi.Input[str]]:
1320
+ def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
1176
1321
  """
1177
1322
  The type of token to generate, service or batch
1178
1323
  """
1179
1324
  return pulumi.get(self, "token_type")
1180
1325
 
1181
1326
  @token_type.setter
1182
- def token_type(self, value: Optional[pulumi.Input[str]]):
1327
+ def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
1183
1328
  pulumi.set(self, "token_type", value)
1184
1329
 
1185
1330
  @property
1186
1331
  @pulumi.getter
1187
- def upndomain(self) -> Optional[pulumi.Input[str]]:
1332
+ def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
1188
1333
  """
1189
1334
  The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1190
1335
  """
1191
1336
  return pulumi.get(self, "upndomain")
1192
1337
 
1193
1338
  @upndomain.setter
1194
- def upndomain(self, value: Optional[pulumi.Input[str]]):
1339
+ def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
1195
1340
  pulumi.set(self, "upndomain", value)
1196
1341
 
1197
1342
  @property
1198
1343
  @pulumi.getter
1199
- def url(self) -> Optional[pulumi.Input[str]]:
1344
+ def url(self) -> Optional[pulumi.Input[builtins.str]]:
1200
1345
  """
1201
1346
  The URL of the LDAP server
1202
1347
  """
1203
1348
  return pulumi.get(self, "url")
1204
1349
 
1205
1350
  @url.setter
1206
- def url(self, value: Optional[pulumi.Input[str]]):
1351
+ def url(self, value: Optional[pulumi.Input[builtins.str]]):
1207
1352
  pulumi.set(self, "url", value)
1208
1353
 
1209
1354
  @property
1210
1355
  @pulumi.getter(name="useTokenGroups")
1211
- def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
1356
+ def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
1212
1357
  """
1213
1358
  Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
1214
1359
  """
1215
1360
  return pulumi.get(self, "use_token_groups")
1216
1361
 
1217
1362
  @use_token_groups.setter
1218
- def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
1363
+ def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
1219
1364
  pulumi.set(self, "use_token_groups", value)
1220
1365
 
1221
1366
  @property
1222
1367
  @pulumi.getter
1223
- def userattr(self) -> Optional[pulumi.Input[str]]:
1368
+ def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
1224
1369
  """
1225
1370
  Attribute on user object matching username passed in
1226
1371
  """
1227
1372
  return pulumi.get(self, "userattr")
1228
1373
 
1229
1374
  @userattr.setter
1230
- def userattr(self, value: Optional[pulumi.Input[str]]):
1375
+ def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
1231
1376
  pulumi.set(self, "userattr", value)
1232
1377
 
1233
1378
  @property
1234
1379
  @pulumi.getter
1235
- def userdn(self) -> Optional[pulumi.Input[str]]:
1380
+ def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
1236
1381
  """
1237
1382
  Base DN under which to perform user search
1238
1383
  """
1239
1384
  return pulumi.get(self, "userdn")
1240
1385
 
1241
1386
  @userdn.setter
1242
- def userdn(self, value: Optional[pulumi.Input[str]]):
1387
+ def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
1243
1388
  pulumi.set(self, "userdn", value)
1244
1389
 
1245
1390
  @property
1246
1391
  @pulumi.getter
1247
- def userfilter(self) -> Optional[pulumi.Input[str]]:
1392
+ def userfilter(self) -> Optional[pulumi.Input[builtins.str]]:
1248
1393
  """
1249
1394
  LDAP user search filter
1250
1395
  """
1251
1396
  return pulumi.get(self, "userfilter")
1252
1397
 
1253
1398
  @userfilter.setter
1254
- def userfilter(self, value: Optional[pulumi.Input[str]]):
1399
+ def userfilter(self, value: Optional[pulumi.Input[builtins.str]]):
1255
1400
  pulumi.set(self, "userfilter", value)
1256
1401
 
1257
1402
  @property
1258
1403
  @pulumi.getter(name="usernameAsAlias")
1259
- def username_as_alias(self) -> Optional[pulumi.Input[bool]]:
1404
+ def username_as_alias(self) -> Optional[pulumi.Input[builtins.bool]]:
1260
1405
  """
1261
1406
  Force the auth method to use the username passed by the user as the alias name.
1262
1407
  """
1263
1408
  return pulumi.get(self, "username_as_alias")
1264
1409
 
1265
1410
  @username_as_alias.setter
1266
- def username_as_alias(self, value: Optional[pulumi.Input[bool]]):
1411
+ def username_as_alias(self, value: Optional[pulumi.Input[builtins.bool]]):
1267
1412
  pulumi.set(self, "username_as_alias", value)
1268
1413
 
1269
1414
 
@@ -1272,44 +1417,48 @@ class AuthBackend(pulumi.CustomResource):
1272
1417
  def __init__(__self__,
1273
1418
  resource_name: str,
1274
1419
  opts: Optional[pulumi.ResourceOptions] = None,
1275
- binddn: Optional[pulumi.Input[str]] = None,
1276
- bindpass: Optional[pulumi.Input[str]] = None,
1277
- case_sensitive_names: Optional[pulumi.Input[bool]] = None,
1278
- certificate: Optional[pulumi.Input[str]] = None,
1279
- client_tls_cert: Optional[pulumi.Input[str]] = None,
1280
- client_tls_key: Optional[pulumi.Input[str]] = None,
1281
- connection_timeout: Optional[pulumi.Input[int]] = None,
1282
- deny_null_bind: Optional[pulumi.Input[bool]] = None,
1283
- description: Optional[pulumi.Input[str]] = None,
1284
- disable_remount: Optional[pulumi.Input[bool]] = None,
1285
- discoverdn: Optional[pulumi.Input[bool]] = None,
1286
- groupattr: Optional[pulumi.Input[str]] = None,
1287
- groupdn: Optional[pulumi.Input[str]] = None,
1288
- groupfilter: Optional[pulumi.Input[str]] = None,
1289
- insecure_tls: Optional[pulumi.Input[bool]] = None,
1290
- local: Optional[pulumi.Input[bool]] = None,
1291
- max_page_size: Optional[pulumi.Input[int]] = None,
1292
- namespace: Optional[pulumi.Input[str]] = None,
1293
- path: Optional[pulumi.Input[str]] = None,
1294
- starttls: Optional[pulumi.Input[bool]] = None,
1295
- tls_max_version: Optional[pulumi.Input[str]] = None,
1296
- tls_min_version: Optional[pulumi.Input[str]] = None,
1297
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1298
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1299
- token_max_ttl: Optional[pulumi.Input[int]] = None,
1300
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1301
- token_num_uses: Optional[pulumi.Input[int]] = None,
1302
- token_period: Optional[pulumi.Input[int]] = None,
1303
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1304
- token_ttl: Optional[pulumi.Input[int]] = None,
1305
- token_type: Optional[pulumi.Input[str]] = None,
1306
- upndomain: Optional[pulumi.Input[str]] = None,
1307
- url: Optional[pulumi.Input[str]] = None,
1308
- use_token_groups: Optional[pulumi.Input[bool]] = None,
1309
- userattr: Optional[pulumi.Input[str]] = None,
1310
- userdn: Optional[pulumi.Input[str]] = None,
1311
- userfilter: Optional[pulumi.Input[str]] = None,
1312
- username_as_alias: Optional[pulumi.Input[bool]] = None,
1420
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
1421
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
1422
+ case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
1423
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1424
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
1425
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
1426
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
1427
+ deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
1428
+ description: Optional[pulumi.Input[builtins.str]] = None,
1429
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1430
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1431
+ discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
1432
+ groupattr: Optional[pulumi.Input[builtins.str]] = None,
1433
+ groupdn: Optional[pulumi.Input[builtins.str]] = None,
1434
+ groupfilter: Optional[pulumi.Input[builtins.str]] = None,
1435
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
1436
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1437
+ max_page_size: Optional[pulumi.Input[builtins.int]] = None,
1438
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1439
+ path: Optional[pulumi.Input[builtins.str]] = None,
1440
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
1441
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
1442
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
1443
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
1444
+ tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
1445
+ tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
1446
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1447
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1448
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1449
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
1450
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
1451
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
1452
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1453
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
1454
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
1455
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
1456
+ url: Optional[pulumi.Input[builtins.str]] = None,
1457
+ use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
1458
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
1459
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
1460
+ userfilter: Optional[pulumi.Input[builtins.str]] = None,
1461
+ username_as_alias: Optional[pulumi.Input[builtins.bool]] = None,
1313
1462
  __props__=None):
1314
1463
  """
1315
1464
  Provides a resource for managing an [LDAP auth backend within Vault](https://www.vaultproject.io/docs/auth/ldap.html).
@@ -1328,7 +1477,9 @@ class AuthBackend(pulumi.CustomResource):
1328
1477
  upndomain="EXAMPLE.ORG",
1329
1478
  discoverdn=False,
1330
1479
  groupdn="OU=Groups,DC=example,DC=org",
1331
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1480
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1481
+ rotation_schedule="0 * * * SAT",
1482
+ rotation_window=3600)
1332
1483
  ```
1333
1484
 
1334
1485
  ## Import
@@ -1341,47 +1492,55 @@ class AuthBackend(pulumi.CustomResource):
1341
1492
 
1342
1493
  :param str resource_name: The name of the resource.
1343
1494
  :param pulumi.ResourceOptions opts: Options for the resource.
1344
- :param pulumi.Input[str] binddn: DN of object to bind when performing user search
1345
- :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1346
- :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1347
- :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1348
- :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1349
- :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1350
- :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1351
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1495
+ :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
1496
+ :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
1497
+ :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1498
+ :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
1499
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1500
+ :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1501
+ :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
1502
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1503
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
1352
1504
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
1353
- :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
1354
- :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
1355
- :param pulumi.Input[str] groupdn: Base DN under which to perform group search
1356
- :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
1357
- :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
1358
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
1359
- :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
1505
+ :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
1506
+ :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
1507
+ :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
1508
+ :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
1509
+ :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
1510
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
1511
+ :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
1360
1512
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
1361
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1513
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1362
1514
  The value should not contain leading or trailing forward slashes.
1363
1515
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1364
1516
  *Available only for Vault Enterprise*.
1365
- :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1366
- :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1367
- :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1368
- :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
1369
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1370
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1371
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1372
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1373
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1374
- :param pulumi.Input[int] token_period: Generated Token's Period
1375
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1376
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1377
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1378
- :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1379
- :param pulumi.Input[str] url: The URL of the LDAP server
1380
- :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
1381
- :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
1382
- :param pulumi.Input[str] userdn: Base DN under which to perform user search
1383
- :param pulumi.Input[str] userfilter: LDAP user search filter
1384
- :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
1517
+ :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
1518
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1519
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1520
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1521
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1522
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
1523
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1524
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1525
+ :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
1526
+ :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
1527
+ :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
1528
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1529
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1530
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
1531
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1532
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1533
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
1534
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
1535
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
1536
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
1537
+ :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1538
+ :param pulumi.Input[builtins.str] url: The URL of the LDAP server
1539
+ :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
1540
+ :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
1541
+ :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
1542
+ :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
1543
+ :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
1385
1544
  """
1386
1545
  ...
1387
1546
  @overload
@@ -1406,7 +1565,9 @@ class AuthBackend(pulumi.CustomResource):
1406
1565
  upndomain="EXAMPLE.ORG",
1407
1566
  discoverdn=False,
1408
1567
  groupdn="OU=Groups,DC=example,DC=org",
1409
- groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))")
1568
+ groupfilter="(&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))",
1569
+ rotation_schedule="0 * * * SAT",
1570
+ rotation_window=3600)
1410
1571
  ```
1411
1572
 
1412
1573
  ## Import
@@ -1432,44 +1593,48 @@ class AuthBackend(pulumi.CustomResource):
1432
1593
  def _internal_init(__self__,
1433
1594
  resource_name: str,
1434
1595
  opts: Optional[pulumi.ResourceOptions] = None,
1435
- binddn: Optional[pulumi.Input[str]] = None,
1436
- bindpass: Optional[pulumi.Input[str]] = None,
1437
- case_sensitive_names: Optional[pulumi.Input[bool]] = None,
1438
- certificate: Optional[pulumi.Input[str]] = None,
1439
- client_tls_cert: Optional[pulumi.Input[str]] = None,
1440
- client_tls_key: Optional[pulumi.Input[str]] = None,
1441
- connection_timeout: Optional[pulumi.Input[int]] = None,
1442
- deny_null_bind: Optional[pulumi.Input[bool]] = None,
1443
- description: Optional[pulumi.Input[str]] = None,
1444
- disable_remount: Optional[pulumi.Input[bool]] = None,
1445
- discoverdn: Optional[pulumi.Input[bool]] = None,
1446
- groupattr: Optional[pulumi.Input[str]] = None,
1447
- groupdn: Optional[pulumi.Input[str]] = None,
1448
- groupfilter: Optional[pulumi.Input[str]] = None,
1449
- insecure_tls: Optional[pulumi.Input[bool]] = None,
1450
- local: Optional[pulumi.Input[bool]] = None,
1451
- max_page_size: Optional[pulumi.Input[int]] = None,
1452
- namespace: Optional[pulumi.Input[str]] = None,
1453
- path: Optional[pulumi.Input[str]] = None,
1454
- starttls: Optional[pulumi.Input[bool]] = None,
1455
- tls_max_version: Optional[pulumi.Input[str]] = None,
1456
- tls_min_version: Optional[pulumi.Input[str]] = None,
1457
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1458
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1459
- token_max_ttl: Optional[pulumi.Input[int]] = None,
1460
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1461
- token_num_uses: Optional[pulumi.Input[int]] = None,
1462
- token_period: Optional[pulumi.Input[int]] = None,
1463
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1464
- token_ttl: Optional[pulumi.Input[int]] = None,
1465
- token_type: Optional[pulumi.Input[str]] = None,
1466
- upndomain: Optional[pulumi.Input[str]] = None,
1467
- url: Optional[pulumi.Input[str]] = None,
1468
- use_token_groups: Optional[pulumi.Input[bool]] = None,
1469
- userattr: Optional[pulumi.Input[str]] = None,
1470
- userdn: Optional[pulumi.Input[str]] = None,
1471
- userfilter: Optional[pulumi.Input[str]] = None,
1472
- username_as_alias: Optional[pulumi.Input[bool]] = None,
1596
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
1597
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
1598
+ case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
1599
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1600
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
1601
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
1602
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
1603
+ deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
1604
+ description: Optional[pulumi.Input[builtins.str]] = None,
1605
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1606
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1607
+ discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
1608
+ groupattr: Optional[pulumi.Input[builtins.str]] = None,
1609
+ groupdn: Optional[pulumi.Input[builtins.str]] = None,
1610
+ groupfilter: Optional[pulumi.Input[builtins.str]] = None,
1611
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
1612
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1613
+ max_page_size: Optional[pulumi.Input[builtins.int]] = None,
1614
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1615
+ path: Optional[pulumi.Input[builtins.str]] = None,
1616
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
1617
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
1618
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
1619
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
1620
+ tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
1621
+ tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
1622
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1623
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1624
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1625
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
1626
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
1627
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
1628
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1629
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
1630
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
1631
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
1632
+ url: Optional[pulumi.Input[builtins.str]] = None,
1633
+ use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
1634
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
1635
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
1636
+ userfilter: Optional[pulumi.Input[builtins.str]] = None,
1637
+ username_as_alias: Optional[pulumi.Input[builtins.bool]] = None,
1473
1638
  __props__=None):
1474
1639
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1475
1640
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1488,6 +1653,7 @@ class AuthBackend(pulumi.CustomResource):
1488
1653
  __props__.__dict__["connection_timeout"] = connection_timeout
1489
1654
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1490
1655
  __props__.__dict__["description"] = description
1656
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1491
1657
  __props__.__dict__["disable_remount"] = disable_remount
1492
1658
  __props__.__dict__["discoverdn"] = discoverdn
1493
1659
  __props__.__dict__["groupattr"] = groupattr
@@ -1498,6 +1664,9 @@ class AuthBackend(pulumi.CustomResource):
1498
1664
  __props__.__dict__["max_page_size"] = max_page_size
1499
1665
  __props__.__dict__["namespace"] = namespace
1500
1666
  __props__.__dict__["path"] = path
1667
+ __props__.__dict__["rotation_period"] = rotation_period
1668
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1669
+ __props__.__dict__["rotation_window"] = rotation_window
1501
1670
  __props__.__dict__["starttls"] = starttls
1502
1671
  __props__.__dict__["tls_max_version"] = tls_max_version
1503
1672
  __props__.__dict__["tls_min_version"] = tls_min_version
@@ -1532,45 +1701,49 @@ class AuthBackend(pulumi.CustomResource):
1532
1701
  def get(resource_name: str,
1533
1702
  id: pulumi.Input[str],
1534
1703
  opts: Optional[pulumi.ResourceOptions] = None,
1535
- accessor: Optional[pulumi.Input[str]] = None,
1536
- binddn: Optional[pulumi.Input[str]] = None,
1537
- bindpass: Optional[pulumi.Input[str]] = None,
1538
- case_sensitive_names: Optional[pulumi.Input[bool]] = None,
1539
- certificate: Optional[pulumi.Input[str]] = None,
1540
- client_tls_cert: Optional[pulumi.Input[str]] = None,
1541
- client_tls_key: Optional[pulumi.Input[str]] = None,
1542
- connection_timeout: Optional[pulumi.Input[int]] = None,
1543
- deny_null_bind: Optional[pulumi.Input[bool]] = None,
1544
- description: Optional[pulumi.Input[str]] = None,
1545
- disable_remount: Optional[pulumi.Input[bool]] = None,
1546
- discoverdn: Optional[pulumi.Input[bool]] = None,
1547
- groupattr: Optional[pulumi.Input[str]] = None,
1548
- groupdn: Optional[pulumi.Input[str]] = None,
1549
- groupfilter: Optional[pulumi.Input[str]] = None,
1550
- insecure_tls: Optional[pulumi.Input[bool]] = None,
1551
- local: Optional[pulumi.Input[bool]] = None,
1552
- max_page_size: Optional[pulumi.Input[int]] = None,
1553
- namespace: Optional[pulumi.Input[str]] = None,
1554
- path: Optional[pulumi.Input[str]] = None,
1555
- starttls: Optional[pulumi.Input[bool]] = None,
1556
- tls_max_version: Optional[pulumi.Input[str]] = None,
1557
- tls_min_version: Optional[pulumi.Input[str]] = None,
1558
- token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1559
- token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
1560
- token_max_ttl: Optional[pulumi.Input[int]] = None,
1561
- token_no_default_policy: Optional[pulumi.Input[bool]] = None,
1562
- token_num_uses: Optional[pulumi.Input[int]] = None,
1563
- token_period: Optional[pulumi.Input[int]] = None,
1564
- token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1565
- token_ttl: Optional[pulumi.Input[int]] = None,
1566
- token_type: Optional[pulumi.Input[str]] = None,
1567
- upndomain: Optional[pulumi.Input[str]] = None,
1568
- url: Optional[pulumi.Input[str]] = None,
1569
- use_token_groups: Optional[pulumi.Input[bool]] = None,
1570
- userattr: Optional[pulumi.Input[str]] = None,
1571
- userdn: Optional[pulumi.Input[str]] = None,
1572
- userfilter: Optional[pulumi.Input[str]] = None,
1573
- username_as_alias: Optional[pulumi.Input[bool]] = None) -> 'AuthBackend':
1704
+ accessor: Optional[pulumi.Input[builtins.str]] = None,
1705
+ binddn: Optional[pulumi.Input[builtins.str]] = None,
1706
+ bindpass: Optional[pulumi.Input[builtins.str]] = None,
1707
+ case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
1708
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1709
+ client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
1710
+ client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
1711
+ connection_timeout: Optional[pulumi.Input[builtins.int]] = None,
1712
+ deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
1713
+ description: Optional[pulumi.Input[builtins.str]] = None,
1714
+ disable_automated_rotation: Optional[pulumi.Input[builtins.bool]] = None,
1715
+ disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
1716
+ discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
1717
+ groupattr: Optional[pulumi.Input[builtins.str]] = None,
1718
+ groupdn: Optional[pulumi.Input[builtins.str]] = None,
1719
+ groupfilter: Optional[pulumi.Input[builtins.str]] = None,
1720
+ insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
1721
+ local: Optional[pulumi.Input[builtins.bool]] = None,
1722
+ max_page_size: Optional[pulumi.Input[builtins.int]] = None,
1723
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1724
+ path: Optional[pulumi.Input[builtins.str]] = None,
1725
+ rotation_period: Optional[pulumi.Input[builtins.int]] = None,
1726
+ rotation_schedule: Optional[pulumi.Input[builtins.str]] = None,
1727
+ rotation_window: Optional[pulumi.Input[builtins.int]] = None,
1728
+ starttls: Optional[pulumi.Input[builtins.bool]] = None,
1729
+ tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
1730
+ tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
1731
+ token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1732
+ token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1733
+ token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
1734
+ token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
1735
+ token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
1736
+ token_period: Optional[pulumi.Input[builtins.int]] = None,
1737
+ token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1738
+ token_ttl: Optional[pulumi.Input[builtins.int]] = None,
1739
+ token_type: Optional[pulumi.Input[builtins.str]] = None,
1740
+ upndomain: Optional[pulumi.Input[builtins.str]] = None,
1741
+ url: Optional[pulumi.Input[builtins.str]] = None,
1742
+ use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
1743
+ userattr: Optional[pulumi.Input[builtins.str]] = None,
1744
+ userdn: Optional[pulumi.Input[builtins.str]] = None,
1745
+ userfilter: Optional[pulumi.Input[builtins.str]] = None,
1746
+ username_as_alias: Optional[pulumi.Input[builtins.bool]] = None) -> 'AuthBackend':
1574
1747
  """
1575
1748
  Get an existing AuthBackend resource's state with the given name, id, and optional extra
1576
1749
  properties used to qualify the lookup.
@@ -1578,48 +1751,56 @@ class AuthBackend(pulumi.CustomResource):
1578
1751
  :param str resource_name: The unique name of the resulting resource.
1579
1752
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1580
1753
  :param pulumi.ResourceOptions opts: Options for the resource.
1581
- :param pulumi.Input[str] accessor: The accessor for this auth mount.
1582
- :param pulumi.Input[str] binddn: DN of object to bind when performing user search
1583
- :param pulumi.Input[str] bindpass: Password to use with `binddn` when performing user search
1584
- :param pulumi.Input[bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1585
- :param pulumi.Input[str] certificate: Trusted CA to validate TLS certificate
1586
- :param pulumi.Input[int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1587
- :param pulumi.Input[bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1588
- :param pulumi.Input[str] description: Description for the LDAP auth backend mount
1589
- :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
1754
+ :param pulumi.Input[builtins.str] accessor: The accessor for this auth mount.
1755
+ :param pulumi.Input[builtins.str] binddn: DN of object to bind when performing user search
1756
+ :param pulumi.Input[builtins.str] bindpass: Password to use with `binddn` when performing user search
1757
+ :param pulumi.Input[builtins.bool] case_sensitive_names: Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1758
+ :param pulumi.Input[builtins.str] certificate: Trusted CA to validate TLS certificate
1759
+ :param pulumi.Input[builtins.int] connection_timeout: Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1760
+ :param pulumi.Input[builtins.bool] deny_null_bind: Prevents users from bypassing authentication when providing an empty password.
1761
+ :param pulumi.Input[builtins.str] description: Description for the LDAP auth backend mount
1762
+ :param pulumi.Input[builtins.bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1763
+ :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
1590
1764
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
1591
- :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
1592
- :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by groupfilter
1593
- :param pulumi.Input[str] groupdn: Base DN under which to perform group search
1594
- :param pulumi.Input[str] groupfilter: Go template used to construct group membership query
1595
- :param pulumi.Input[bool] insecure_tls: Control whether or TLS certificates must be validated
1596
- :param pulumi.Input[bool] local: Specifies if the auth method is local only.
1597
- :param pulumi.Input[int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
1765
+ :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind DN of a user.
1766
+ :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by groupfilter
1767
+ :param pulumi.Input[builtins.str] groupdn: Base DN under which to perform group search
1768
+ :param pulumi.Input[builtins.str] groupfilter: Go template used to construct group membership query
1769
+ :param pulumi.Input[builtins.bool] insecure_tls: Control whether or TLS certificates must be validated
1770
+ :param pulumi.Input[builtins.bool] local: Specifies if the auth method is local only.
1771
+ :param pulumi.Input[builtins.int] max_page_size: Sets the max page size for LDAP lookups, by default it's set to -1.
1598
1772
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
1599
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1773
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1600
1774
  The value should not contain leading or trailing forward slashes.
1601
1775
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1602
1776
  *Available only for Vault Enterprise*.
1603
- :param pulumi.Input[str] path: Path to mount the LDAP auth backend under
1604
- :param pulumi.Input[bool] starttls: Control use of TLS when conecting to LDAP
1605
- :param pulumi.Input[str] tls_max_version: Maximum acceptable version of TLS
1606
- :param pulumi.Input[str] tls_min_version: Minimum acceptable version of TLS
1607
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1608
- :param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1609
- :param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
1610
- :param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1611
- :param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1612
- :param pulumi.Input[int] token_period: Generated Token's Period
1613
- :param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
1614
- :param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
1615
- :param pulumi.Input[str] token_type: The type of token to generate, service or batch
1616
- :param pulumi.Input[str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1617
- :param pulumi.Input[str] url: The URL of the LDAP server
1618
- :param pulumi.Input[bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
1619
- :param pulumi.Input[str] userattr: Attribute on user object matching username passed in
1620
- :param pulumi.Input[str] userdn: Base DN under which to perform user search
1621
- :param pulumi.Input[str] userfilter: LDAP user search filter
1622
- :param pulumi.Input[bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
1777
+ :param pulumi.Input[builtins.str] path: Path to mount the LDAP auth backend under
1778
+ :param pulumi.Input[builtins.int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1779
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1780
+ :param pulumi.Input[builtins.str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1781
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1782
+ :param pulumi.Input[builtins.int] rotation_window: The maximum amount of time in seconds allowed to complete
1783
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1784
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1785
+ :param pulumi.Input[builtins.bool] starttls: Control use of TLS when conecting to LDAP
1786
+ :param pulumi.Input[builtins.str] tls_max_version: Maximum acceptable version of TLS
1787
+ :param pulumi.Input[builtins.str] tls_min_version: Minimum acceptable version of TLS
1788
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
1789
+ :param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
1790
+ :param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
1791
+ :param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
1792
+ :param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
1793
+ :param pulumi.Input[builtins.int] token_period: Generated Token's Period
1794
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
1795
+ :param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
1796
+ :param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
1797
+ :param pulumi.Input[builtins.str] upndomain: The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1798
+ :param pulumi.Input[builtins.str] url: The URL of the LDAP server
1799
+ :param pulumi.Input[builtins.bool] use_token_groups: Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
1800
+ :param pulumi.Input[builtins.str] userattr: Attribute on user object matching username passed in
1801
+ :param pulumi.Input[builtins.str] userdn: Base DN under which to perform user search
1802
+ :param pulumi.Input[builtins.str] userfilter: LDAP user search filter
1803
+ :param pulumi.Input[builtins.bool] username_as_alias: Force the auth method to use the username passed by the user as the alias name.
1623
1804
  """
1624
1805
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1625
1806
 
@@ -1635,6 +1816,7 @@ class AuthBackend(pulumi.CustomResource):
1635
1816
  __props__.__dict__["connection_timeout"] = connection_timeout
1636
1817
  __props__.__dict__["deny_null_bind"] = deny_null_bind
1637
1818
  __props__.__dict__["description"] = description
1819
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
1638
1820
  __props__.__dict__["disable_remount"] = disable_remount
1639
1821
  __props__.__dict__["discoverdn"] = discoverdn
1640
1822
  __props__.__dict__["groupattr"] = groupattr
@@ -1645,6 +1827,9 @@ class AuthBackend(pulumi.CustomResource):
1645
1827
  __props__.__dict__["max_page_size"] = max_page_size
1646
1828
  __props__.__dict__["namespace"] = namespace
1647
1829
  __props__.__dict__["path"] = path
1830
+ __props__.__dict__["rotation_period"] = rotation_period
1831
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1832
+ __props__.__dict__["rotation_window"] = rotation_window
1648
1833
  __props__.__dict__["starttls"] = starttls
1649
1834
  __props__.__dict__["tls_max_version"] = tls_max_version
1650
1835
  __props__.__dict__["tls_min_version"] = tls_min_version
@@ -1668,7 +1853,7 @@ class AuthBackend(pulumi.CustomResource):
1668
1853
 
1669
1854
  @property
1670
1855
  @pulumi.getter
1671
- def accessor(self) -> pulumi.Output[str]:
1856
+ def accessor(self) -> pulumi.Output[builtins.str]:
1672
1857
  """
1673
1858
  The accessor for this auth mount.
1674
1859
  """
@@ -1676,7 +1861,7 @@ class AuthBackend(pulumi.CustomResource):
1676
1861
 
1677
1862
  @property
1678
1863
  @pulumi.getter
1679
- def binddn(self) -> pulumi.Output[str]:
1864
+ def binddn(self) -> pulumi.Output[builtins.str]:
1680
1865
  """
1681
1866
  DN of object to bind when performing user search
1682
1867
  """
@@ -1684,7 +1869,7 @@ class AuthBackend(pulumi.CustomResource):
1684
1869
 
1685
1870
  @property
1686
1871
  @pulumi.getter
1687
- def bindpass(self) -> pulumi.Output[str]:
1872
+ def bindpass(self) -> pulumi.Output[builtins.str]:
1688
1873
  """
1689
1874
  Password to use with `binddn` when performing user search
1690
1875
  """
@@ -1692,7 +1877,7 @@ class AuthBackend(pulumi.CustomResource):
1692
1877
 
1693
1878
  @property
1694
1879
  @pulumi.getter(name="caseSensitiveNames")
1695
- def case_sensitive_names(self) -> pulumi.Output[bool]:
1880
+ def case_sensitive_names(self) -> pulumi.Output[builtins.bool]:
1696
1881
  """
1697
1882
  Control case senstivity of objects fetched from LDAP, this is used for object matching in vault
1698
1883
  """
@@ -1700,7 +1885,7 @@ class AuthBackend(pulumi.CustomResource):
1700
1885
 
1701
1886
  @property
1702
1887
  @pulumi.getter
1703
- def certificate(self) -> pulumi.Output[str]:
1888
+ def certificate(self) -> pulumi.Output[builtins.str]:
1704
1889
  """
1705
1890
  Trusted CA to validate TLS certificate
1706
1891
  """
@@ -1708,17 +1893,17 @@ class AuthBackend(pulumi.CustomResource):
1708
1893
 
1709
1894
  @property
1710
1895
  @pulumi.getter(name="clientTlsCert")
1711
- def client_tls_cert(self) -> pulumi.Output[str]:
1896
+ def client_tls_cert(self) -> pulumi.Output[builtins.str]:
1712
1897
  return pulumi.get(self, "client_tls_cert")
1713
1898
 
1714
1899
  @property
1715
1900
  @pulumi.getter(name="clientTlsKey")
1716
- def client_tls_key(self) -> pulumi.Output[str]:
1901
+ def client_tls_key(self) -> pulumi.Output[builtins.str]:
1717
1902
  return pulumi.get(self, "client_tls_key")
1718
1903
 
1719
1904
  @property
1720
1905
  @pulumi.getter(name="connectionTimeout")
1721
- def connection_timeout(self) -> pulumi.Output[int]:
1906
+ def connection_timeout(self) -> pulumi.Output[builtins.int]:
1722
1907
  """
1723
1908
  Timeout in seconds when connecting to LDAP before attempting to connect to the next server in the URL provided in `url` (integer: 30)
1724
1909
  """
@@ -1726,7 +1911,7 @@ class AuthBackend(pulumi.CustomResource):
1726
1911
 
1727
1912
  @property
1728
1913
  @pulumi.getter(name="denyNullBind")
1729
- def deny_null_bind(self) -> pulumi.Output[bool]:
1914
+ def deny_null_bind(self) -> pulumi.Output[builtins.bool]:
1730
1915
  """
1731
1916
  Prevents users from bypassing authentication when providing an empty password.
1732
1917
  """
@@ -1734,15 +1919,23 @@ class AuthBackend(pulumi.CustomResource):
1734
1919
 
1735
1920
  @property
1736
1921
  @pulumi.getter
1737
- def description(self) -> pulumi.Output[str]:
1922
+ def description(self) -> pulumi.Output[builtins.str]:
1738
1923
  """
1739
1924
  Description for the LDAP auth backend mount
1740
1925
  """
1741
1926
  return pulumi.get(self, "description")
1742
1927
 
1928
+ @property
1929
+ @pulumi.getter(name="disableAutomatedRotation")
1930
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[builtins.bool]]:
1931
+ """
1932
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1933
+ """
1934
+ return pulumi.get(self, "disable_automated_rotation")
1935
+
1743
1936
  @property
1744
1937
  @pulumi.getter(name="disableRemount")
1745
- def disable_remount(self) -> pulumi.Output[Optional[bool]]:
1938
+ def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
1746
1939
  """
1747
1940
  If set, opts out of mount migration on path updates.
1748
1941
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -1751,7 +1944,7 @@ class AuthBackend(pulumi.CustomResource):
1751
1944
 
1752
1945
  @property
1753
1946
  @pulumi.getter
1754
- def discoverdn(self) -> pulumi.Output[bool]:
1947
+ def discoverdn(self) -> pulumi.Output[builtins.bool]:
1755
1948
  """
1756
1949
  Use anonymous bind to discover the bind DN of a user.
1757
1950
  """
@@ -1759,7 +1952,7 @@ class AuthBackend(pulumi.CustomResource):
1759
1952
 
1760
1953
  @property
1761
1954
  @pulumi.getter
1762
- def groupattr(self) -> pulumi.Output[str]:
1955
+ def groupattr(self) -> pulumi.Output[builtins.str]:
1763
1956
  """
1764
1957
  LDAP attribute to follow on objects returned by groupfilter
1765
1958
  """
@@ -1767,7 +1960,7 @@ class AuthBackend(pulumi.CustomResource):
1767
1960
 
1768
1961
  @property
1769
1962
  @pulumi.getter
1770
- def groupdn(self) -> pulumi.Output[str]:
1963
+ def groupdn(self) -> pulumi.Output[builtins.str]:
1771
1964
  """
1772
1965
  Base DN under which to perform group search
1773
1966
  """
@@ -1775,7 +1968,7 @@ class AuthBackend(pulumi.CustomResource):
1775
1968
 
1776
1969
  @property
1777
1970
  @pulumi.getter
1778
- def groupfilter(self) -> pulumi.Output[str]:
1971
+ def groupfilter(self) -> pulumi.Output[builtins.str]:
1779
1972
  """
1780
1973
  Go template used to construct group membership query
1781
1974
  """
@@ -1783,7 +1976,7 @@ class AuthBackend(pulumi.CustomResource):
1783
1976
 
1784
1977
  @property
1785
1978
  @pulumi.getter(name="insecureTls")
1786
- def insecure_tls(self) -> pulumi.Output[bool]:
1979
+ def insecure_tls(self) -> pulumi.Output[builtins.bool]:
1787
1980
  """
1788
1981
  Control whether or TLS certificates must be validated
1789
1982
  """
@@ -1791,7 +1984,7 @@ class AuthBackend(pulumi.CustomResource):
1791
1984
 
1792
1985
  @property
1793
1986
  @pulumi.getter
1794
- def local(self) -> pulumi.Output[Optional[bool]]:
1987
+ def local(self) -> pulumi.Output[Optional[builtins.bool]]:
1795
1988
  """
1796
1989
  Specifies if the auth method is local only.
1797
1990
  """
@@ -1799,7 +1992,7 @@ class AuthBackend(pulumi.CustomResource):
1799
1992
 
1800
1993
  @property
1801
1994
  @pulumi.getter(name="maxPageSize")
1802
- def max_page_size(self) -> pulumi.Output[Optional[int]]:
1995
+ def max_page_size(self) -> pulumi.Output[Optional[builtins.int]]:
1803
1996
  """
1804
1997
  Sets the max page size for LDAP lookups, by default it's set to -1.
1805
1998
  *Available only for Vault 1.11.11+, 1.12.7+, and 1.13.3+*.
@@ -1808,7 +2001,7 @@ class AuthBackend(pulumi.CustomResource):
1808
2001
 
1809
2002
  @property
1810
2003
  @pulumi.getter
1811
- def namespace(self) -> pulumi.Output[Optional[str]]:
2004
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1812
2005
  """
1813
2006
  The namespace to provision the resource in.
1814
2007
  The value should not contain leading or trailing forward slashes.
@@ -1819,15 +2012,43 @@ class AuthBackend(pulumi.CustomResource):
1819
2012
 
1820
2013
  @property
1821
2014
  @pulumi.getter
1822
- def path(self) -> pulumi.Output[Optional[str]]:
2015
+ def path(self) -> pulumi.Output[Optional[builtins.str]]:
1823
2016
  """
1824
2017
  Path to mount the LDAP auth backend under
1825
2018
  """
1826
2019
  return pulumi.get(self, "path")
1827
2020
 
2021
+ @property
2022
+ @pulumi.getter(name="rotationPeriod")
2023
+ def rotation_period(self) -> pulumi.Output[Optional[builtins.int]]:
2024
+ """
2025
+ The amount of time in seconds Vault should wait before rotating the root credential.
2026
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
2027
+ """
2028
+ return pulumi.get(self, "rotation_period")
2029
+
2030
+ @property
2031
+ @pulumi.getter(name="rotationSchedule")
2032
+ def rotation_schedule(self) -> pulumi.Output[Optional[builtins.str]]:
2033
+ """
2034
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
2035
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
2036
+ """
2037
+ return pulumi.get(self, "rotation_schedule")
2038
+
2039
+ @property
2040
+ @pulumi.getter(name="rotationWindow")
2041
+ def rotation_window(self) -> pulumi.Output[Optional[builtins.int]]:
2042
+ """
2043
+ The maximum amount of time in seconds allowed to complete
2044
+ a rotation when a scheduled token rotation occurs. The default rotation window is
2045
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
2046
+ """
2047
+ return pulumi.get(self, "rotation_window")
2048
+
1828
2049
  @property
1829
2050
  @pulumi.getter
1830
- def starttls(self) -> pulumi.Output[bool]:
2051
+ def starttls(self) -> pulumi.Output[builtins.bool]:
1831
2052
  """
1832
2053
  Control use of TLS when conecting to LDAP
1833
2054
  """
@@ -1835,7 +2056,7 @@ class AuthBackend(pulumi.CustomResource):
1835
2056
 
1836
2057
  @property
1837
2058
  @pulumi.getter(name="tlsMaxVersion")
1838
- def tls_max_version(self) -> pulumi.Output[str]:
2059
+ def tls_max_version(self) -> pulumi.Output[builtins.str]:
1839
2060
  """
1840
2061
  Maximum acceptable version of TLS
1841
2062
  """
@@ -1843,7 +2064,7 @@ class AuthBackend(pulumi.CustomResource):
1843
2064
 
1844
2065
  @property
1845
2066
  @pulumi.getter(name="tlsMinVersion")
1846
- def tls_min_version(self) -> pulumi.Output[str]:
2067
+ def tls_min_version(self) -> pulumi.Output[builtins.str]:
1847
2068
  """
1848
2069
  Minimum acceptable version of TLS
1849
2070
  """
@@ -1851,7 +2072,7 @@ class AuthBackend(pulumi.CustomResource):
1851
2072
 
1852
2073
  @property
1853
2074
  @pulumi.getter(name="tokenBoundCidrs")
1854
- def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
2075
+ def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1855
2076
  """
1856
2077
  Specifies the blocks of IP addresses which are allowed to use the generated token
1857
2078
  """
@@ -1859,7 +2080,7 @@ class AuthBackend(pulumi.CustomResource):
1859
2080
 
1860
2081
  @property
1861
2082
  @pulumi.getter(name="tokenExplicitMaxTtl")
1862
- def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
2083
+ def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
1863
2084
  """
1864
2085
  Generated Token's Explicit Maximum TTL in seconds
1865
2086
  """
@@ -1867,7 +2088,7 @@ class AuthBackend(pulumi.CustomResource):
1867
2088
 
1868
2089
  @property
1869
2090
  @pulumi.getter(name="tokenMaxTtl")
1870
- def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
2091
+ def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
1871
2092
  """
1872
2093
  The maximum lifetime of the generated token
1873
2094
  """
@@ -1875,7 +2096,7 @@ class AuthBackend(pulumi.CustomResource):
1875
2096
 
1876
2097
  @property
1877
2098
  @pulumi.getter(name="tokenNoDefaultPolicy")
1878
- def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
2099
+ def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
1879
2100
  """
1880
2101
  If true, the 'default' policy will not automatically be added to generated tokens
1881
2102
  """
@@ -1883,7 +2104,7 @@ class AuthBackend(pulumi.CustomResource):
1883
2104
 
1884
2105
  @property
1885
2106
  @pulumi.getter(name="tokenNumUses")
1886
- def token_num_uses(self) -> pulumi.Output[Optional[int]]:
2107
+ def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
1887
2108
  """
1888
2109
  The maximum number of times a token may be used, a value of zero means unlimited
1889
2110
  """
@@ -1891,7 +2112,7 @@ class AuthBackend(pulumi.CustomResource):
1891
2112
 
1892
2113
  @property
1893
2114
  @pulumi.getter(name="tokenPeriod")
1894
- def token_period(self) -> pulumi.Output[Optional[int]]:
2115
+ def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
1895
2116
  """
1896
2117
  Generated Token's Period
1897
2118
  """
@@ -1899,7 +2120,7 @@ class AuthBackend(pulumi.CustomResource):
1899
2120
 
1900
2121
  @property
1901
2122
  @pulumi.getter(name="tokenPolicies")
1902
- def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
2123
+ def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1903
2124
  """
1904
2125
  Generated Token's Policies
1905
2126
  """
@@ -1907,7 +2128,7 @@ class AuthBackend(pulumi.CustomResource):
1907
2128
 
1908
2129
  @property
1909
2130
  @pulumi.getter(name="tokenTtl")
1910
- def token_ttl(self) -> pulumi.Output[Optional[int]]:
2131
+ def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
1911
2132
  """
1912
2133
  The initial ttl of the token to generate in seconds
1913
2134
  """
@@ -1915,7 +2136,7 @@ class AuthBackend(pulumi.CustomResource):
1915
2136
 
1916
2137
  @property
1917
2138
  @pulumi.getter(name="tokenType")
1918
- def token_type(self) -> pulumi.Output[Optional[str]]:
2139
+ def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
1919
2140
  """
1920
2141
  The type of token to generate, service or batch
1921
2142
  """
@@ -1923,7 +2144,7 @@ class AuthBackend(pulumi.CustomResource):
1923
2144
 
1924
2145
  @property
1925
2146
  @pulumi.getter
1926
- def upndomain(self) -> pulumi.Output[str]:
2147
+ def upndomain(self) -> pulumi.Output[builtins.str]:
1927
2148
  """
1928
2149
  The `userPrincipalDomain` used to construct the UPN string for the authenticating user.
1929
2150
  """
@@ -1931,7 +2152,7 @@ class AuthBackend(pulumi.CustomResource):
1931
2152
 
1932
2153
  @property
1933
2154
  @pulumi.getter
1934
- def url(self) -> pulumi.Output[str]:
2155
+ def url(self) -> pulumi.Output[builtins.str]:
1935
2156
  """
1936
2157
  The URL of the LDAP server
1937
2158
  """
@@ -1939,7 +2160,7 @@ class AuthBackend(pulumi.CustomResource):
1939
2160
 
1940
2161
  @property
1941
2162
  @pulumi.getter(name="useTokenGroups")
1942
- def use_token_groups(self) -> pulumi.Output[bool]:
2163
+ def use_token_groups(self) -> pulumi.Output[builtins.bool]:
1943
2164
  """
1944
2165
  Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
1945
2166
  """
@@ -1947,7 +2168,7 @@ class AuthBackend(pulumi.CustomResource):
1947
2168
 
1948
2169
  @property
1949
2170
  @pulumi.getter
1950
- def userattr(self) -> pulumi.Output[str]:
2171
+ def userattr(self) -> pulumi.Output[builtins.str]:
1951
2172
  """
1952
2173
  Attribute on user object matching username passed in
1953
2174
  """
@@ -1955,7 +2176,7 @@ class AuthBackend(pulumi.CustomResource):
1955
2176
 
1956
2177
  @property
1957
2178
  @pulumi.getter
1958
- def userdn(self) -> pulumi.Output[str]:
2179
+ def userdn(self) -> pulumi.Output[builtins.str]:
1959
2180
  """
1960
2181
  Base DN under which to perform user search
1961
2182
  """
@@ -1963,7 +2184,7 @@ class AuthBackend(pulumi.CustomResource):
1963
2184
 
1964
2185
  @property
1965
2186
  @pulumi.getter
1966
- def userfilter(self) -> pulumi.Output[str]:
2187
+ def userfilter(self) -> pulumi.Output[builtins.str]:
1967
2188
  """
1968
2189
  LDAP user search filter
1969
2190
  """
@@ -1971,7 +2192,7 @@ class AuthBackend(pulumi.CustomResource):
1971
2192
 
1972
2193
  @property
1973
2194
  @pulumi.getter(name="usernameAsAlias")
1974
- def username_as_alias(self) -> pulumi.Output[bool]:
2195
+ def username_as_alias(self) -> pulumi.Output[builtins.bool]:
1975
2196
  """
1976
2197
  Force the auth method to use the username passed by the user as the alias name.
1977
2198
  """