pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -24,10 +24,14 @@ class AuthBackendConfigArgs:
24
24
  backend: Optional[pulumi.Input[str]] = None,
25
25
  client_id: Optional[pulumi.Input[str]] = None,
26
26
  client_secret: Optional[pulumi.Input[str]] = None,
27
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
27
28
  environment: Optional[pulumi.Input[str]] = None,
28
29
  identity_token_audience: Optional[pulumi.Input[str]] = None,
29
30
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
30
- namespace: Optional[pulumi.Input[str]] = None):
31
+ namespace: Optional[pulumi.Input[str]] = None,
32
+ rotation_period: Optional[pulumi.Input[int]] = None,
33
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
34
+ rotation_window: Optional[pulumi.Input[int]] = None):
31
35
  """
32
36
  The set of arguments for constructing a AuthBackendConfig resource.
33
37
  :param pulumi.Input[str] resource: The configured URL for the application registered in
@@ -40,6 +44,8 @@ class AuthBackendConfigArgs:
40
44
  Currently read permissions to query compute resources are required.
41
45
  :param pulumi.Input[str] client_secret: The client secret for credentials to query the
42
46
  Azure APIs.
47
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
48
+ *Available only for Vault Enterprise*
43
49
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
44
50
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
45
51
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
@@ -50,6 +56,16 @@ class AuthBackendConfigArgs:
50
56
  The value should not contain leading or trailing forward slashes.
51
57
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
52
58
  *Available only for Vault Enterprise*.
59
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
60
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
61
+ *Available only for Vault Enterprise*
62
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
63
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
64
+ *Available only for Vault Enterprise*
65
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
66
+ a rotation when a scheduled token rotation occurs. The default rotation window is
67
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
68
+ *Available only for Vault Enterprise*
53
69
  """
54
70
  pulumi.set(__self__, "resource", resource)
55
71
  pulumi.set(__self__, "tenant_id", tenant_id)
@@ -59,6 +75,8 @@ class AuthBackendConfigArgs:
59
75
  pulumi.set(__self__, "client_id", client_id)
60
76
  if client_secret is not None:
61
77
  pulumi.set(__self__, "client_secret", client_secret)
78
+ if disable_automated_rotation is not None:
79
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
62
80
  if environment is not None:
63
81
  pulumi.set(__self__, "environment", environment)
64
82
  if identity_token_audience is not None:
@@ -67,6 +85,12 @@ class AuthBackendConfigArgs:
67
85
  pulumi.set(__self__, "identity_token_ttl", identity_token_ttl)
68
86
  if namespace is not None:
69
87
  pulumi.set(__self__, "namespace", namespace)
88
+ if rotation_period is not None:
89
+ pulumi.set(__self__, "rotation_period", rotation_period)
90
+ if rotation_schedule is not None:
91
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
92
+ if rotation_window is not None:
93
+ pulumi.set(__self__, "rotation_window", rotation_window)
70
94
 
71
95
  @property
72
96
  @pulumi.getter
@@ -133,6 +157,19 @@ class AuthBackendConfigArgs:
133
157
  def client_secret(self, value: Optional[pulumi.Input[str]]):
134
158
  pulumi.set(self, "client_secret", value)
135
159
 
160
+ @property
161
+ @pulumi.getter(name="disableAutomatedRotation")
162
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
163
+ """
164
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
165
+ *Available only for Vault Enterprise*
166
+ """
167
+ return pulumi.get(self, "disable_automated_rotation")
168
+
169
+ @disable_automated_rotation.setter
170
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
171
+ pulumi.set(self, "disable_automated_rotation", value)
172
+
136
173
  @property
137
174
  @pulumi.getter
138
175
  def environment(self) -> Optional[pulumi.Input[str]]:
@@ -187,6 +224,49 @@ class AuthBackendConfigArgs:
187
224
  def namespace(self, value: Optional[pulumi.Input[str]]):
188
225
  pulumi.set(self, "namespace", value)
189
226
 
227
+ @property
228
+ @pulumi.getter(name="rotationPeriod")
229
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
230
+ """
231
+ The amount of time in seconds Vault should wait before rotating the root credential.
232
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
233
+ *Available only for Vault Enterprise*
234
+ """
235
+ return pulumi.get(self, "rotation_period")
236
+
237
+ @rotation_period.setter
238
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
239
+ pulumi.set(self, "rotation_period", value)
240
+
241
+ @property
242
+ @pulumi.getter(name="rotationSchedule")
243
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
244
+ """
245
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
246
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
247
+ *Available only for Vault Enterprise*
248
+ """
249
+ return pulumi.get(self, "rotation_schedule")
250
+
251
+ @rotation_schedule.setter
252
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
253
+ pulumi.set(self, "rotation_schedule", value)
254
+
255
+ @property
256
+ @pulumi.getter(name="rotationWindow")
257
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
258
+ """
259
+ The maximum amount of time in seconds allowed to complete
260
+ a rotation when a scheduled token rotation occurs. The default rotation window is
261
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
262
+ *Available only for Vault Enterprise*
263
+ """
264
+ return pulumi.get(self, "rotation_window")
265
+
266
+ @rotation_window.setter
267
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
268
+ pulumi.set(self, "rotation_window", value)
269
+
190
270
 
191
271
  @pulumi.input_type
192
272
  class _AuthBackendConfigState:
@@ -194,11 +274,15 @@ class _AuthBackendConfigState:
194
274
  backend: Optional[pulumi.Input[str]] = None,
195
275
  client_id: Optional[pulumi.Input[str]] = None,
196
276
  client_secret: Optional[pulumi.Input[str]] = None,
277
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
197
278
  environment: Optional[pulumi.Input[str]] = None,
198
279
  identity_token_audience: Optional[pulumi.Input[str]] = None,
199
280
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
200
281
  namespace: Optional[pulumi.Input[str]] = None,
201
282
  resource: Optional[pulumi.Input[str]] = None,
283
+ rotation_period: Optional[pulumi.Input[int]] = None,
284
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
285
+ rotation_window: Optional[pulumi.Input[int]] = None,
202
286
  tenant_id: Optional[pulumi.Input[str]] = None):
203
287
  """
204
288
  Input properties used for looking up and filtering AuthBackendConfig resources.
@@ -208,6 +292,8 @@ class _AuthBackendConfigState:
208
292
  Currently read permissions to query compute resources are required.
209
293
  :param pulumi.Input[str] client_secret: The client secret for credentials to query the
210
294
  Azure APIs.
295
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
296
+ *Available only for Vault Enterprise*
211
297
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
212
298
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
213
299
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
@@ -220,6 +306,16 @@ class _AuthBackendConfigState:
220
306
  *Available only for Vault Enterprise*.
221
307
  :param pulumi.Input[str] resource: The configured URL for the application registered in
222
308
  Azure Active Directory.
309
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
310
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
311
+ *Available only for Vault Enterprise*
312
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
313
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
314
+ *Available only for Vault Enterprise*
315
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
316
+ a rotation when a scheduled token rotation occurs. The default rotation window is
317
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
318
+ *Available only for Vault Enterprise*
223
319
  :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
224
320
  organization.
225
321
  """
@@ -229,6 +325,8 @@ class _AuthBackendConfigState:
229
325
  pulumi.set(__self__, "client_id", client_id)
230
326
  if client_secret is not None:
231
327
  pulumi.set(__self__, "client_secret", client_secret)
328
+ if disable_automated_rotation is not None:
329
+ pulumi.set(__self__, "disable_automated_rotation", disable_automated_rotation)
232
330
  if environment is not None:
233
331
  pulumi.set(__self__, "environment", environment)
234
332
  if identity_token_audience is not None:
@@ -239,6 +337,12 @@ class _AuthBackendConfigState:
239
337
  pulumi.set(__self__, "namespace", namespace)
240
338
  if resource is not None:
241
339
  pulumi.set(__self__, "resource", resource)
340
+ if rotation_period is not None:
341
+ pulumi.set(__self__, "rotation_period", rotation_period)
342
+ if rotation_schedule is not None:
343
+ pulumi.set(__self__, "rotation_schedule", rotation_schedule)
344
+ if rotation_window is not None:
345
+ pulumi.set(__self__, "rotation_window", rotation_window)
242
346
  if tenant_id is not None:
243
347
  pulumi.set(__self__, "tenant_id", tenant_id)
244
348
 
@@ -281,6 +385,19 @@ class _AuthBackendConfigState:
281
385
  def client_secret(self, value: Optional[pulumi.Input[str]]):
282
386
  pulumi.set(self, "client_secret", value)
283
387
 
388
+ @property
389
+ @pulumi.getter(name="disableAutomatedRotation")
390
+ def disable_automated_rotation(self) -> Optional[pulumi.Input[bool]]:
391
+ """
392
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
393
+ *Available only for Vault Enterprise*
394
+ """
395
+ return pulumi.get(self, "disable_automated_rotation")
396
+
397
+ @disable_automated_rotation.setter
398
+ def disable_automated_rotation(self, value: Optional[pulumi.Input[bool]]):
399
+ pulumi.set(self, "disable_automated_rotation", value)
400
+
284
401
  @property
285
402
  @pulumi.getter
286
403
  def environment(self) -> Optional[pulumi.Input[str]]:
@@ -348,6 +465,49 @@ class _AuthBackendConfigState:
348
465
  def resource(self, value: Optional[pulumi.Input[str]]):
349
466
  pulumi.set(self, "resource", value)
350
467
 
468
+ @property
469
+ @pulumi.getter(name="rotationPeriod")
470
+ def rotation_period(self) -> Optional[pulumi.Input[int]]:
471
+ """
472
+ The amount of time in seconds Vault should wait before rotating the root credential.
473
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
474
+ *Available only for Vault Enterprise*
475
+ """
476
+ return pulumi.get(self, "rotation_period")
477
+
478
+ @rotation_period.setter
479
+ def rotation_period(self, value: Optional[pulumi.Input[int]]):
480
+ pulumi.set(self, "rotation_period", value)
481
+
482
+ @property
483
+ @pulumi.getter(name="rotationSchedule")
484
+ def rotation_schedule(self) -> Optional[pulumi.Input[str]]:
485
+ """
486
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
487
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
488
+ *Available only for Vault Enterprise*
489
+ """
490
+ return pulumi.get(self, "rotation_schedule")
491
+
492
+ @rotation_schedule.setter
493
+ def rotation_schedule(self, value: Optional[pulumi.Input[str]]):
494
+ pulumi.set(self, "rotation_schedule", value)
495
+
496
+ @property
497
+ @pulumi.getter(name="rotationWindow")
498
+ def rotation_window(self) -> Optional[pulumi.Input[int]]:
499
+ """
500
+ The maximum amount of time in seconds allowed to complete
501
+ a rotation when a scheduled token rotation occurs. The default rotation window is
502
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
503
+ *Available only for Vault Enterprise*
504
+ """
505
+ return pulumi.get(self, "rotation_window")
506
+
507
+ @rotation_window.setter
508
+ def rotation_window(self, value: Optional[pulumi.Input[int]]):
509
+ pulumi.set(self, "rotation_window", value)
510
+
351
511
  @property
352
512
  @pulumi.getter(name="tenantId")
353
513
  def tenant_id(self) -> Optional[pulumi.Input[str]]:
@@ -370,11 +530,15 @@ class AuthBackendConfig(pulumi.CustomResource):
370
530
  backend: Optional[pulumi.Input[str]] = None,
371
531
  client_id: Optional[pulumi.Input[str]] = None,
372
532
  client_secret: Optional[pulumi.Input[str]] = None,
533
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
373
534
  environment: Optional[pulumi.Input[str]] = None,
374
535
  identity_token_audience: Optional[pulumi.Input[str]] = None,
375
536
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
376
537
  namespace: Optional[pulumi.Input[str]] = None,
377
538
  resource: Optional[pulumi.Input[str]] = None,
539
+ rotation_period: Optional[pulumi.Input[int]] = None,
540
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
541
+ rotation_window: Optional[pulumi.Input[int]] = None,
378
542
  tenant_id: Optional[pulumi.Input[str]] = None,
379
543
  __props__=None):
380
544
  """
@@ -393,7 +557,9 @@ class AuthBackendConfig(pulumi.CustomResource):
393
557
  tenant_id="11111111-2222-3333-4444-555555555555",
394
558
  client_id="11111111-2222-3333-4444-555555555555",
395
559
  identity_token_audience="<TOKEN_AUDIENCE>",
396
- identity_token_ttl="<TOKEN_TTL>")
560
+ identity_token_ttl="<TOKEN_TTL>",
561
+ rotation_schedule="0 * * * SAT",
562
+ rotation_window=3600)
397
563
  ```
398
564
 
399
565
  ```python
@@ -406,7 +572,9 @@ class AuthBackendConfig(pulumi.CustomResource):
406
572
  tenant_id="11111111-2222-3333-4444-555555555555",
407
573
  client_id="11111111-2222-3333-4444-555555555555",
408
574
  client_secret="01234567890123456789",
409
- resource="https://vault.hashicorp.com")
575
+ resource="https://vault.hashicorp.com",
576
+ rotation_schedule="0 * * * SAT",
577
+ rotation_window=3600)
410
578
  ```
411
579
 
412
580
  ## Import
@@ -425,6 +593,8 @@ class AuthBackendConfig(pulumi.CustomResource):
425
593
  Currently read permissions to query compute resources are required.
426
594
  :param pulumi.Input[str] client_secret: The client secret for credentials to query the
427
595
  Azure APIs.
596
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
597
+ *Available only for Vault Enterprise*
428
598
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
429
599
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
430
600
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
@@ -437,6 +607,16 @@ class AuthBackendConfig(pulumi.CustomResource):
437
607
  *Available only for Vault Enterprise*.
438
608
  :param pulumi.Input[str] resource: The configured URL for the application registered in
439
609
  Azure Active Directory.
610
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
611
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
612
+ *Available only for Vault Enterprise*
613
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
614
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
615
+ *Available only for Vault Enterprise*
616
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
617
+ a rotation when a scheduled token rotation occurs. The default rotation window is
618
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
619
+ *Available only for Vault Enterprise*
440
620
  :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
441
621
  organization.
442
622
  """
@@ -462,7 +642,9 @@ class AuthBackendConfig(pulumi.CustomResource):
462
642
  tenant_id="11111111-2222-3333-4444-555555555555",
463
643
  client_id="11111111-2222-3333-4444-555555555555",
464
644
  identity_token_audience="<TOKEN_AUDIENCE>",
465
- identity_token_ttl="<TOKEN_TTL>")
645
+ identity_token_ttl="<TOKEN_TTL>",
646
+ rotation_schedule="0 * * * SAT",
647
+ rotation_window=3600)
466
648
  ```
467
649
 
468
650
  ```python
@@ -475,7 +657,9 @@ class AuthBackendConfig(pulumi.CustomResource):
475
657
  tenant_id="11111111-2222-3333-4444-555555555555",
476
658
  client_id="11111111-2222-3333-4444-555555555555",
477
659
  client_secret="01234567890123456789",
478
- resource="https://vault.hashicorp.com")
660
+ resource="https://vault.hashicorp.com",
661
+ rotation_schedule="0 * * * SAT",
662
+ rotation_window=3600)
479
663
  ```
480
664
 
481
665
  ## Import
@@ -504,11 +688,15 @@ class AuthBackendConfig(pulumi.CustomResource):
504
688
  backend: Optional[pulumi.Input[str]] = None,
505
689
  client_id: Optional[pulumi.Input[str]] = None,
506
690
  client_secret: Optional[pulumi.Input[str]] = None,
691
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
507
692
  environment: Optional[pulumi.Input[str]] = None,
508
693
  identity_token_audience: Optional[pulumi.Input[str]] = None,
509
694
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
510
695
  namespace: Optional[pulumi.Input[str]] = None,
511
696
  resource: Optional[pulumi.Input[str]] = None,
697
+ rotation_period: Optional[pulumi.Input[int]] = None,
698
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
699
+ rotation_window: Optional[pulumi.Input[int]] = None,
512
700
  tenant_id: Optional[pulumi.Input[str]] = None,
513
701
  __props__=None):
514
702
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -522,6 +710,7 @@ class AuthBackendConfig(pulumi.CustomResource):
522
710
  __props__.__dict__["backend"] = backend
523
711
  __props__.__dict__["client_id"] = None if client_id is None else pulumi.Output.secret(client_id)
524
712
  __props__.__dict__["client_secret"] = None if client_secret is None else pulumi.Output.secret(client_secret)
713
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
525
714
  __props__.__dict__["environment"] = environment
526
715
  __props__.__dict__["identity_token_audience"] = identity_token_audience
527
716
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
@@ -529,6 +718,9 @@ class AuthBackendConfig(pulumi.CustomResource):
529
718
  if resource is None and not opts.urn:
530
719
  raise TypeError("Missing required property 'resource'")
531
720
  __props__.__dict__["resource"] = resource
721
+ __props__.__dict__["rotation_period"] = rotation_period
722
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
723
+ __props__.__dict__["rotation_window"] = rotation_window
532
724
  if tenant_id is None and not opts.urn:
533
725
  raise TypeError("Missing required property 'tenant_id'")
534
726
  __props__.__dict__["tenant_id"] = None if tenant_id is None else pulumi.Output.secret(tenant_id)
@@ -547,11 +739,15 @@ class AuthBackendConfig(pulumi.CustomResource):
547
739
  backend: Optional[pulumi.Input[str]] = None,
548
740
  client_id: Optional[pulumi.Input[str]] = None,
549
741
  client_secret: Optional[pulumi.Input[str]] = None,
742
+ disable_automated_rotation: Optional[pulumi.Input[bool]] = None,
550
743
  environment: Optional[pulumi.Input[str]] = None,
551
744
  identity_token_audience: Optional[pulumi.Input[str]] = None,
552
745
  identity_token_ttl: Optional[pulumi.Input[int]] = None,
553
746
  namespace: Optional[pulumi.Input[str]] = None,
554
747
  resource: Optional[pulumi.Input[str]] = None,
748
+ rotation_period: Optional[pulumi.Input[int]] = None,
749
+ rotation_schedule: Optional[pulumi.Input[str]] = None,
750
+ rotation_window: Optional[pulumi.Input[int]] = None,
555
751
  tenant_id: Optional[pulumi.Input[str]] = None) -> 'AuthBackendConfig':
556
752
  """
557
753
  Get an existing AuthBackendConfig resource's state with the given name, id, and optional extra
@@ -566,6 +762,8 @@ class AuthBackendConfig(pulumi.CustomResource):
566
762
  Currently read permissions to query compute resources are required.
567
763
  :param pulumi.Input[str] client_secret: The client secret for credentials to query the
568
764
  Azure APIs.
765
+ :param pulumi.Input[bool] disable_automated_rotation: Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
766
+ *Available only for Vault Enterprise*
569
767
  :param pulumi.Input[str] environment: The Azure cloud environment. Valid values:
570
768
  AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud,
571
769
  AzureGermanCloud. Defaults to `AzurePublicCloud`.
@@ -578,6 +776,16 @@ class AuthBackendConfig(pulumi.CustomResource):
578
776
  *Available only for Vault Enterprise*.
579
777
  :param pulumi.Input[str] resource: The configured URL for the application registered in
580
778
  Azure Active Directory.
779
+ :param pulumi.Input[int] rotation_period: The amount of time in seconds Vault should wait before rotating the root credential.
780
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
781
+ *Available only for Vault Enterprise*
782
+ :param pulumi.Input[str] rotation_schedule: The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
783
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
784
+ *Available only for Vault Enterprise*
785
+ :param pulumi.Input[int] rotation_window: The maximum amount of time in seconds allowed to complete
786
+ a rotation when a scheduled token rotation occurs. The default rotation window is
787
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
788
+ *Available only for Vault Enterprise*
581
789
  :param pulumi.Input[str] tenant_id: The tenant id for the Azure Active Directory
582
790
  organization.
583
791
  """
@@ -588,11 +796,15 @@ class AuthBackendConfig(pulumi.CustomResource):
588
796
  __props__.__dict__["backend"] = backend
589
797
  __props__.__dict__["client_id"] = client_id
590
798
  __props__.__dict__["client_secret"] = client_secret
799
+ __props__.__dict__["disable_automated_rotation"] = disable_automated_rotation
591
800
  __props__.__dict__["environment"] = environment
592
801
  __props__.__dict__["identity_token_audience"] = identity_token_audience
593
802
  __props__.__dict__["identity_token_ttl"] = identity_token_ttl
594
803
  __props__.__dict__["namespace"] = namespace
595
804
  __props__.__dict__["resource"] = resource
805
+ __props__.__dict__["rotation_period"] = rotation_period
806
+ __props__.__dict__["rotation_schedule"] = rotation_schedule
807
+ __props__.__dict__["rotation_window"] = rotation_window
596
808
  __props__.__dict__["tenant_id"] = tenant_id
597
809
  return AuthBackendConfig(resource_name, opts=opts, __props__=__props__)
598
810
 
@@ -623,6 +835,15 @@ class AuthBackendConfig(pulumi.CustomResource):
623
835
  """
624
836
  return pulumi.get(self, "client_secret")
625
837
 
838
+ @property
839
+ @pulumi.getter(name="disableAutomatedRotation")
840
+ def disable_automated_rotation(self) -> pulumi.Output[Optional[bool]]:
841
+ """
842
+ Cancels all upcoming rotations of the root credential until unset. Requires Vault Enterprise 1.19+.
843
+ *Available only for Vault Enterprise*
844
+ """
845
+ return pulumi.get(self, "disable_automated_rotation")
846
+
626
847
  @property
627
848
  @pulumi.getter
628
849
  def environment(self) -> pulumi.Output[Optional[str]]:
@@ -670,6 +891,37 @@ class AuthBackendConfig(pulumi.CustomResource):
670
891
  """
671
892
  return pulumi.get(self, "resource")
672
893
 
894
+ @property
895
+ @pulumi.getter(name="rotationPeriod")
896
+ def rotation_period(self) -> pulumi.Output[Optional[int]]:
897
+ """
898
+ The amount of time in seconds Vault should wait before rotating the root credential.
899
+ A zero value tells Vault not to rotate the root credential. The minimum rotation period is 10 seconds. Requires Vault Enterprise 1.19+.
900
+ *Available only for Vault Enterprise*
901
+ """
902
+ return pulumi.get(self, "rotation_period")
903
+
904
+ @property
905
+ @pulumi.getter(name="rotationSchedule")
906
+ def rotation_schedule(self) -> pulumi.Output[Optional[str]]:
907
+ """
908
+ The schedule, in [cron-style time format](https://en.wikipedia.org/wiki/Cron),
909
+ defining the schedule on which Vault should rotate the root token. Requires Vault Enterprise 1.19+.
910
+ *Available only for Vault Enterprise*
911
+ """
912
+ return pulumi.get(self, "rotation_schedule")
913
+
914
+ @property
915
+ @pulumi.getter(name="rotationWindow")
916
+ def rotation_window(self) -> pulumi.Output[Optional[int]]:
917
+ """
918
+ The maximum amount of time in seconds allowed to complete
919
+ a rotation when a scheduled token rotation occurs. The default rotation window is
920
+ unbound and the minimum allowable window is `3600`. Requires Vault Enterprise 1.19+.
921
+ *Available only for Vault Enterprise*
922
+ """
923
+ return pulumi.get(self, "rotation_window")
924
+
673
925
  @property
674
926
  @pulumi.getter(name="tenantId")
675
927
  def tenant_id(self) -> pulumi.Output[str]: