pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -26,6 +26,7 @@ class AuthBackendArgs:
26
26
  credentials: Optional[pulumi.Input[str]] = None,
27
27
  custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
28
28
  description: Optional[pulumi.Input[str]] = None,
29
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
29
30
  disable_remount: Optional[pulumi.Input[bool]] = None,
30
31
  identity_token_audience: Optional[pulumi.Input[str]] = None,
31
32
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -35,6 +36,9 @@ class AuthBackendArgs:
35
36
  path: Optional[pulumi.Input[str]] = None,
36
37
  private_key_id: Optional[pulumi.Input[str]] = None,
37
38
  project_id: Optional[pulumi.Input[str]] = None,
39
+ rotation_period: Optional[pulumi.Input[int]] = None,
40
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
41
+ rotation_window: Optional[pulumi.Input[int]] = None,
38
42
  service_account_email: Optional[pulumi.Input[str]] = None,
39
43
  tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
40
44
  """
@@ -50,6 +54,7 @@ class AuthBackendArgs:
50
54
 
51
55
  Overrides are set at the subdomain level using the following keys:
52
56
  :param pulumi.Input[str] description: A description of the auth method.
57
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
53
58
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
54
59
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
55
60
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -66,6 +71,13 @@ class AuthBackendArgs:
66
71
  :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
67
72
  :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
68
73
  :param pulumi.Input[str] project_id: The GCP Project ID
74
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
75
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
76
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
77
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
78
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
79
+ a rotation when a scheduled token rotation occurs. The default rotation window is
80
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
69
81
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
70
82
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
71
83
  :param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
@@ -82,6 +94,8 @@ class AuthBackendArgs:
82
94
  pulumi.set(__self__, "custom_endpoint", custom_endpoint)
83
95
  if description is not None:
84
96
  pulumi.set(__self__, "description", description)
97
+ if disable_automated_rotation is not None:
98
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
85
99
  if disable_remount is not None:
86
100
  pulumi.set(__self__, "disable_remount", disable_remount)
87
101
  if identity_token_audience is not None:
@@ -100,6 +114,12 @@ class AuthBackendArgs:
100
114
  pulumi.set(__self__, "private_key_id", private_key_id)
101
115
  if project_id is not None:
102
116
  pulumi.set(__self__, "project_id", project_id)
117
+ if rotation_period is not None:
118
+ pulumi.set(__self__, "rotation_period", rotation_period)
119
+ if rotation_schedule is not None:
120
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
121
+ if rotation_window is not None:
122
+ pulumi.set(__self__, "rotation_window", rotation_window)
103
123
  if service_account_email is not None:
104
124
  pulumi.set(__self__, "service_account_email", service_account_email)
105
125
  if tune is not None:
@@ -171,6 +191,18 @@ class AuthBackendArgs:
171
191
  def description(self, value: Optional[pulumi.Input[str]]):
172
192
  pulumi.set(self, "description", value)
173
193
 
194
+ @property
195
+ @pulumi.getter(name="disableAutomatedRotation")
196
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
197
+ """
198
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
199
+ """
200
+ return pulumi.get(self, "disable_automated_rotation")
201
+
202
+ @disable_automated_rotation.setter
203
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
204
+ pulumi.set(self, "disable_automated_rotation", value)
205
+
174
206
  @property
175
207
  @pulumi.getter(name="disableRemount")
176
208
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -286,6 +318,46 @@ class AuthBackendArgs:
286
318
  def project_id(self, value: Optional[pulumi.Input[str]]):
287
319
  pulumi.set(self, "project_id", value)
288
320
 
321
+ @property
322
+ @pulumi.getter(name="rotationPeriod")
323
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
324
+ """
325
+ The amount of time in seconds Vault should wait before rotating the root credential.
326
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
327
+ """
328
+ return pulumi.get(self, "rotation_period")
329
+
330
+ @rotation_period.setter
331
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
332
+ pulumi.set(self, "rotation_period", value)
333
+
334
+ @property
335
+ @pulumi.getter(name="rotationSchedule")
336
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
337
+ """
338
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
339
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
340
+ """
341
+ return pulumi.get(self, "rotation_schedule")
342
+
343
+ @rotation_schedule.setter
344
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
345
+ pulumi.set(self, "rotation_schedule", value)
346
+
347
+ @property
348
+ @pulumi.getter(name="rotationWindow")
349
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
350
+ """
351
+ The maximum amount of time in seconds allowed to complete
352
+ a rotation when a scheduled token rotation occurs. The default rotation window is
353
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
354
+ """
355
+ return pulumi.get(self, "rotation_window")
356
+
357
+ @rotation_window.setter
358
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
359
+ pulumi.set(self, "rotation_window", value)
360
+
289
361
  @property
290
362
  @pulumi.getter(name="serviceAccountEmail")
291
363
  def service_account_email(self) -> Optional[pulumi.Input[str]]:
@@ -323,6 +395,7 @@ class _AuthBackendState:
323
395
  credentials: Optional[pulumi.Input[str]] = None,
324
396
  custom_endpoint: Optional[pulumi.Input['AuthBackendCustomEndpointArgs']] = None,
325
397
  description: Optional[pulumi.Input[str]] = None,
398
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
326
399
  disable_remount: Optional[pulumi.Input[bool]] = None,
327
400
  identity_token_audience: Optional[pulumi.Input[str]] = None,
328
401
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -332,6 +405,9 @@ class _AuthBackendState:
332
405
  path: Optional[pulumi.Input[str]] = None,
333
406
  private_key_id: Optional[pulumi.Input[str]] = None,
334
407
  project_id: Optional[pulumi.Input[str]] = None,
408
+ rotation_period: Optional[pulumi.Input[int]] = None,
409
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
410
+ rotation_window: Optional[pulumi.Input[int]] = None,
335
411
  service_account_email: Optional[pulumi.Input[str]] = None,
336
412
  tune: Optional[pulumi.Input['AuthBackendTuneArgs']] = None):
337
413
  """
@@ -348,6 +424,7 @@ class _AuthBackendState:
348
424
 
349
425
  Overrides are set at the subdomain level using the following keys:
350
426
  :param pulumi.Input[str] description: A description of the auth method.
427
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
351
428
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
352
429
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
353
430
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -364,6 +441,13 @@ class _AuthBackendState:
364
441
  :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
365
442
  :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
366
443
  :param pulumi.Input[str] project_id: The GCP Project ID
444
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
445
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
446
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
447
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
448
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
449
+ a rotation when a scheduled token rotation occurs. The default rotation window is
450
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
367
451
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
368
452
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
369
453
  :param pulumi.Input['AuthBackendTuneArgs'] tune: Extra configuration block. Structure is documented below.
@@ -382,6 +466,8 @@ class _AuthBackendState:
382
466
  pulumi.set(__self__, "custom_endpoint", custom_endpoint)
383
467
  if description is not None:
384
468
  pulumi.set(__self__, "description", description)
469
+ if disable_automated_rotation is not None:
470
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
385
471
  if disable_remount is not None:
386
472
  pulumi.set(__self__, "disable_remount", disable_remount)
387
473
  if identity_token_audience is not None:
@@ -400,6 +486,12 @@ class _AuthBackendState:
400
486
  pulumi.set(__self__, "private_key_id", private_key_id)
401
487
  if project_id is not None:
402
488
  pulumi.set(__self__, "project_id", project_id)
489
+ if rotation_period is not None:
490
+ pulumi.set(__self__, "rotation_period", rotation_period)
491
+ if rotation_schedule is not None:
492
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
493
+ if rotation_window is not None:
494
+ pulumi.set(__self__, "rotation_window", rotation_window)
403
495
  if service_account_email is not None:
404
496
  pulumi.set(__self__, "service_account_email", service_account_email)
405
497
  if tune is not None:
@@ -483,6 +575,18 @@ class _AuthBackendState:
483
575
  def description(self, value: Optional[pulumi.Input[str]]):
484
576
  pulumi.set(self, "description", value)
485
577
 
578
+ @property
579
+ @pulumi.getter(name="disableAutomatedRotation")
580
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
581
+ """
582
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
583
+ """
584
+ return pulumi.get(self, "disable_automated_rotation")
585
+
586
+ @disable_automated_rotation.setter
587
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
588
+ pulumi.set(self, "disable_automated_rotation", value)
589
+
486
590
  @property
487
591
  @pulumi.getter(name="disableRemount")
488
592
  def disable_remount(self) -> Optional[pulumi.Input[bool]]:
@@ -598,6 +702,46 @@ class _AuthBackendState:
598
702
  def project_id(self, value: Optional[pulumi.Input[str]]):
599
703
  pulumi.set(self, "project_id", value)
600
704
 
705
+ @property
706
+ @pulumi.getter(name="rotationPeriod")
707
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
708
+ """
709
+ The amount of time in seconds Vault should wait before rotating the root credential.
710
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
711
+ """
712
+ return pulumi.get(self, "rotation_period")
713
+
714
+ @rotation_period.setter
715
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
716
+ pulumi.set(self, "rotation_period", value)
717
+
718
+ @property
719
+ @pulumi.getter(name="rotationSchedule")
720
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
721
+ """
722
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
723
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
724
+ """
725
+ return pulumi.get(self, "rotation_schedule")
726
+
727
+ @rotation_schedule.setter
728
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
729
+ pulumi.set(self, "rotation_schedule", value)
730
+
731
+ @property
732
+ @pulumi.getter(name="rotationWindow")
733
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
734
+ """
735
+ The maximum amount of time in seconds allowed to complete
736
+ a rotation when a scheduled token rotation occurs. The default rotation window is
737
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
738
+ """
739
+ return pulumi.get(self, "rotation_window")
740
+
741
+ @rotation_window.setter
742
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
743
+ pulumi.set(self, "rotation_window", value)
744
+
601
745
  @property
602
746
  @pulumi.getter(name="serviceAccountEmail")
603
747
  def service_account_email(self) -> Optional[pulumi.Input[str]]:
@@ -636,6 +780,7 @@ class AuthBackend(pulumi.CustomResource):
636
780
  credentials: Optional[pulumi.Input[str]] = None,
637
781
  custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
638
782
  description: Optional[pulumi.Input[str]] = None,
783
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
639
784
  disable_remount: Optional[pulumi.Input[bool]] = None,
640
785
  identity_token_audience: Optional[pulumi.Input[str]] = None,
641
786
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -645,6 +790,9 @@ class AuthBackend(pulumi.CustomResource):
645
790
  path: Optional[pulumi.Input[str]] = None,
646
791
  private_key_id: Optional[pulumi.Input[str]] = None,
647
792
  project_id: Optional[pulumi.Input[str]] = None,
793
+ rotation_period: Optional[pulumi.Input[int]] = None,
794
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
795
+ rotation_window: Optional[pulumi.Input[int]] = None,
648
796
  service_account_email: Optional[pulumi.Input[str]] = None,
649
797
  tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
650
798
  __props__=None):
@@ -662,7 +810,9 @@ class AuthBackend(pulumi.CustomResource):
662
810
  identity_token_key="example-key",
663
811
  identity_token_ttl=1800,
664
812
  identity_token_audience="<TOKEN_AUDIENCE>",
665
- service_account_email="<SERVICE_ACCOUNT_EMAIL>")
813
+ service_account_email="<SERVICE_ACCOUNT_EMAIL>",
814
+ rotation_schedule="0 * * * SAT",
815
+ rotation_window=3600)
666
816
  ```
667
817
 
668
818
  ## Import
@@ -686,6 +836,7 @@ class AuthBackend(pulumi.CustomResource):
686
836
 
687
837
  Overrides are set at the subdomain level using the following keys:
688
838
  :param pulumi.Input[str] description: A description of the auth method.
839
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
689
840
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
690
841
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
691
842
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -702,6 +853,13 @@ class AuthBackend(pulumi.CustomResource):
702
853
  :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
703
854
  :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
704
855
  :param pulumi.Input[str] project_id: The GCP Project ID
856
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
857
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
858
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
859
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
860
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
861
+ a rotation when a scheduled token rotation occurs. The default rotation window is
862
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
705
863
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
706
864
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
707
865
  :param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
@@ -728,7 +886,9 @@ class AuthBackend(pulumi.CustomResource):
728
886
  identity_token_key="example-key",
729
887
  identity_token_ttl=1800,
730
888
  identity_token_audience="<TOKEN_AUDIENCE>",
731
- service_account_email="<SERVICE_ACCOUNT_EMAIL>")
889
+ service_account_email="<SERVICE_ACCOUNT_EMAIL>",
890
+ rotation_schedule="0 * * * SAT",
891
+ rotation_window=3600)
732
892
  ```
733
893
 
734
894
  ## Import
@@ -759,6 +919,7 @@ class AuthBackend(pulumi.CustomResource):
759
919
  credentials: Optional[pulumi.Input[str]] = None,
760
920
  custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
761
921
  description: Optional[pulumi.Input[str]] = None,
922
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
762
923
  disable_remount: Optional[pulumi.Input[bool]] = None,
763
924
  identity_token_audience: Optional[pulumi.Input[str]] = None,
764
925
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -768,6 +929,9 @@ class AuthBackend(pulumi.CustomResource):
768
929
  path: Optional[pulumi.Input[str]] = None,
769
930
  private_key_id: Optional[pulumi.Input[str]] = None,
770
931
  project_id: Optional[pulumi.Input[str]] = None,
932
+ rotation_period: Optional[pulumi.Input[int]] = None,
933
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
934
+ rotation_window: Optional[pulumi.Input[int]] = None,
771
935
  service_account_email: Optional[pulumi.Input[str]] = None,
772
936
  tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None,
773
937
  __props__=None):
@@ -784,6 +948,7 @@ class AuthBackend(pulumi.CustomResource):
784
948
  __props__.__dict__["credentials"] = None if credentials is None else pulumi.Output.secret(credentials)
785
949
  __props__.__dict__["custom_endpoint"] = custom_endpoint
786
950
  __props__.__dict__["description"] = description
951
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
787
952
  __props__.__dict__["disable_remount"] = disable_remount
788
953
  __props__.__dict__["identity_token_audience"] = identity_token_audience
789
954
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -793,6 +958,9 @@ class AuthBackend(pulumi.CustomResource):
793
958
  __props__.__dict__["path"] = path
794
959
  __props__.__dict__["private_key_id"] = private_key_id
795
960
  __props__.__dict__["project_id"] = project_id
961
+ __props__.__dict__["rotation_period"] = rotation_period
962
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
963
+ __props__.__dict__["rotation_window"] = rotation_window
796
964
  __props__.__dict__["service_account_email"] = service_account_email
797
965
  __props__.__dict__["tune"] = tune
798
966
  __props__.__dict__["accessor"] = None
@@ -814,6 +982,7 @@ class AuthBackend(pulumi.CustomResource):
814
982
  credentials: Optional[pulumi.Input[str]] = None,
815
983
  custom_endpoint: Optional[pulumi.Input[Union['AuthBackendCustomEndpointArgs', 'AuthBackendCustomEndpointArgsDict']]] = None,
816
984
  description: Optional[pulumi.Input[str]] = None,
985
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
817
986
  disable_remount: Optional[pulumi.Input[bool]] = None,
818
987
  identity_token_audience: Optional[pulumi.Input[str]] = None,
819
988
  identity_token_key: Optional[pulumi.Input[str]] = None,
@@ -823,6 +992,9 @@ class AuthBackend(pulumi.CustomResource):
823
992
  path: Optional[pulumi.Input[str]] = None,
824
993
  private_key_id: Optional[pulumi.Input[str]] = None,
825
994
  project_id: Optional[pulumi.Input[str]] = None,
995
+ rotation_period: Optional[pulumi.Input[int]] = None,
996
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
997
+ rotation_window: Optional[pulumi.Input[int]] = None,
826
998
  service_account_email: Optional[pulumi.Input[str]] = None,
827
999
  tune: Optional[pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']]] = None) -> 'AuthBackend':
828
1000
  """
@@ -844,6 +1016,7 @@ class AuthBackend(pulumi.CustomResource):
844
1016
 
845
1017
  Overrides are set at the subdomain level using the following keys:
846
1018
  :param pulumi.Input[str] description: A description of the auth method.
1019
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
847
1020
  :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
848
1021
  See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
849
1022
  :param pulumi.Input[str] identity_token_audience: The audience claim value for plugin identity
@@ -860,6 +1033,13 @@ class AuthBackend(pulumi.CustomResource):
860
1033
  :param pulumi.Input[str] path: The path to mount the auth method — this defaults to 'gcp'.
861
1034
  :param pulumi.Input[str] private_key_id: The ID of the private key from the credentials
862
1035
  :param pulumi.Input[str] project_id: The GCP Project ID
1036
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
1037
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1038
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1039
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1040
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
1041
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1042
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
863
1043
  :param pulumi.Input[str] service_account_email: Service Account to impersonate for plugin workload identity federation.
864
1044
  Required with `identity_token_audience`. Requires Vault 1.17+. *Available only for Vault Enterprise*.
865
1045
  :param pulumi.Input[Union['AuthBackendTuneArgs', 'AuthBackendTuneArgsDict']] tune: Extra configuration block. Structure is documented below.
@@ -876,6 +1056,7 @@ class AuthBackend(pulumi.CustomResource):
876
1056
  __props__.__dict__["credentials"] = credentials
877
1057
  __props__.__dict__["custom_endpoint"] = custom_endpoint
878
1058
  __props__.__dict__["description"] = description
1059
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
879
1060
  __props__.__dict__["disable_remount"] = disable_remount
880
1061
  __props__.__dict__["identity_token_audience"] = identity_token_audience
881
1062
  __props__.__dict__["identity_token_key"] = identity_token_key
@@ -885,6 +1066,9 @@ class AuthBackend(pulumi.CustomResource):
885
1066
  __props__.__dict__["path"] = path
886
1067
  __props__.__dict__["private_key_id"] = private_key_id
887
1068
  __props__.__dict__["project_id"] = project_id
1069
+ __props__.__dict__["rotation_period"] = rotation_period
1070
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
1071
+ __props__.__dict__["rotation_window"] = rotation_window
888
1072
  __props__.__dict__["service_account_email"] = service_account_email
889
1073
  __props__.__dict__["tune"] = tune
890
1074
  return AuthBackend(resource_name, opts=opts, __props__=__props__)
@@ -943,6 +1127,14 @@ class AuthBackend(pulumi.CustomResource):
943
1127
  """
944
1128
  return pulumi.get(self, "description")
945
1129
 
1130
+ @property
1131
+ @pulumi.getter(name="disableAutomatedRotation")
1132
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
1133
+ """
1134
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
1135
+ """
1136
+ return pulumi.get(self, "disable_automated_rotation")
1137
+
946
1138
  @property
947
1139
  @pulumi.getter(name="disableRemount")
948
1140
  def disable_remount(self) -> pulumi.Output[Optional[bool]]:
@@ -1022,6 +1214,34 @@ class AuthBackend(pulumi.CustomResource):
1022
1214
  """
1023
1215
  return pulumi.get(self, "project_id")
1024
1216
 
1217
+ @property
1218
+ @pulumi.getter(name="rotationPeriod")
1219
+ def rotation_period(self) -> pulumi.Output[Optional[int]]:
1220
+ """
1221
+ The amount of time in seconds Vault should wait before rotating the root credential.
1222
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
1223
+ """
1224
+ return pulumi.get(self, "rotation_period")
1225
+
1226
+ @property
1227
+ @pulumi.getter(name="rotationSchedule")
1228
+ def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
1229
+ """
1230
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
1231
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
1232
+ """
1233
+ return pulumi.get(self, "rotation_schedule")
1234
+
1235
+ @property
1236
+ @pulumi.getter(name="rotationWindow")
1237
+ def rotation_window(self) -> pulumi.Output[Optional[int]]:
1238
+ """
1239
+ The maximum amount of time in seconds allowed to complete
1240
+ a rotation when a scheduled token rotation occurs. The default rotation window is
1241
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
1242
+ """
1243
+ return pulumi.get(self, "rotation_window")
1244
+
1025
1245
  @property
1026
1246
  @pulumi.getter(name="serviceAccountEmail")
1027
1247
  def service_account_email(self) -> pulumi.Output[Optional[str]]: