pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +1 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +253 -252
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +337 -336
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +113 -112
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +183 -182
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +239 -238
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +2525 -2524
  53. pulumi_vault/database/outputs.py +1529 -1528
  54. pulumi_vault/database/secret_backend_connection.py +169 -168
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +179 -178
  57. pulumi_vault/database/secrets_mount.py +267 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +260 -259
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +232 -231
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +588 -587
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +554 -553
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +1 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -30
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +141 -140
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -27
  191. pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +715 -714
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
  203. pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +1 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +93 -92
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +1 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +54 -53
  257. pulumi_vault/transit/get_verify.py +60 -59
  258. pulumi_vault/transit/secret_backend_key.py +274 -273
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
  264. {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -21,39 +22,41 @@ __all__ = ['BackendRoleArgs', 'BackendRole']
21
22
  @pulumi.input_type
22
23
  class BackendRoleArgs:
23
24
  def __init__(__self__, *,
24
- role: pulumi.Input[str],
25
- application_object_id: Optional[pulumi.Input[str]] = None,
25
+ role: pulumi.Input[builtins.str],
26
+ application_object_id: Optional[pulumi.Input[builtins.str]] = None,
26
27
  azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]]] = None,
27
28
  azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]]] = None,
28
- backend: Optional[pulumi.Input[str]] = None,
29
- description: Optional[pulumi.Input[str]] = None,
30
- max_ttl: Optional[pulumi.Input[str]] = None,
31
- namespace: Optional[pulumi.Input[str]] = None,
32
- permanently_delete: Optional[pulumi.Input[bool]] = None,
33
- sign_in_audience: Optional[pulumi.Input[str]] = None,
34
- tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
- ttl: Optional[pulumi.Input[str]] = None):
29
+ backend: Optional[pulumi.Input[builtins.str]] = None,
30
+ description: Optional[pulumi.Input[builtins.str]] = None,
31
+ explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
32
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
33
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
34
+ permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
35
+ sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
36
+ tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
37
+ ttl: Optional[pulumi.Input[builtins.str]] = None):
36
38
  """
37
39
  The set of arguments for constructing a BackendRole resource.
38
- :param pulumi.Input[str] role: Name of the Azure role
39
- :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
40
+ :param pulumi.Input[builtins.str] role: Name of the Azure role
41
+ :param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
40
42
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
41
43
  :param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]] azure_groups: List of Azure groups to be assigned to the generated service principal.
42
44
  :param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]] azure_roles: List of Azure roles to be assigned to the generated service principal.
43
- :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
44
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
45
- :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
45
+ :param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
46
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
47
+ :param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
48
+ :param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
46
49
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
47
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
50
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
48
51
  The value should not contain leading or trailing forward slashes.
49
52
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
50
53
  *Available only for Vault Enterprise*.
51
- :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
54
+ :param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
52
55
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
53
- :param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
56
+ :param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
54
57
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
55
- :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
56
- :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
58
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
59
+ :param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
57
60
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
58
61
  """
59
62
  pulumi.set(__self__, "role", role)
@@ -67,6 +70,8 @@ class BackendRoleArgs:
67
70
  pulumi.set(__self__, "backend", backend)
68
71
  if description is not None:
69
72
  pulumi.set(__self__, "description", description)
73
+ if explicit_max_ttl is not None:
74
+ pulumi.set(__self__, "explicit_max_ttl", explicit_max_ttl)
70
75
  if max_ttl is not None:
71
76
  pulumi.set(__self__, "max_ttl", max_ttl)
72
77
  if namespace is not None:
@@ -82,19 +87,19 @@ class BackendRoleArgs:
82
87
 
83
88
  @property
84
89
  @pulumi.getter
85
- def role(self) -> pulumi.Input[str]:
90
+ def role(self) -> pulumi.Input[builtins.str]:
86
91
  """
87
92
  Name of the Azure role
88
93
  """
89
94
  return pulumi.get(self, "role")
90
95
 
91
96
  @role.setter
92
- def role(self, value: pulumi.Input[str]):
97
+ def role(self, value: pulumi.Input[builtins.str]):
93
98
  pulumi.set(self, "role", value)
94
99
 
95
100
  @property
96
101
  @pulumi.getter(name="applicationObjectId")
97
- def application_object_id(self) -> Optional[pulumi.Input[str]]:
102
+ def application_object_id(self) -> Optional[pulumi.Input[builtins.str]]:
98
103
  """
99
104
  Application Object ID for an existing service principal that will
100
105
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
@@ -102,7 +107,7 @@ class BackendRoleArgs:
102
107
  return pulumi.get(self, "application_object_id")
103
108
 
104
109
  @application_object_id.setter
105
- def application_object_id(self, value: Optional[pulumi.Input[str]]):
110
+ def application_object_id(self, value: Optional[pulumi.Input[builtins.str]]):
106
111
  pulumi.set(self, "application_object_id", value)
107
112
 
108
113
  @property
@@ -131,31 +136,43 @@ class BackendRoleArgs:
131
136
 
132
137
  @property
133
138
  @pulumi.getter
134
- def backend(self) -> Optional[pulumi.Input[str]]:
139
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
135
140
  """
136
141
  Path to the mounted Azure auth backend
137
142
  """
138
143
  return pulumi.get(self, "backend")
139
144
 
140
145
  @backend.setter
141
- def backend(self, value: Optional[pulumi.Input[str]]):
146
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
142
147
  pulumi.set(self, "backend", value)
143
148
 
144
149
  @property
145
150
  @pulumi.getter
146
- def description(self) -> Optional[pulumi.Input[str]]:
151
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
147
152
  """
148
153
  Human-friendly description of the mount for the backend.
149
154
  """
150
155
  return pulumi.get(self, "description")
151
156
 
152
157
  @description.setter
153
- def description(self, value: Optional[pulumi.Input[str]]):
158
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
154
159
  pulumi.set(self, "description", value)
155
160
 
161
+ @property
162
+ @pulumi.getter(name="explicitMaxTtl")
163
+ def explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
164
+ """
165
+ Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
166
+ """
167
+ return pulumi.get(self, "explicit_max_ttl")
168
+
169
+ @explicit_max_ttl.setter
170
+ def explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
171
+ pulumi.set(self, "explicit_max_ttl", value)
172
+
156
173
  @property
157
174
  @pulumi.getter(name="maxTtl")
158
- def max_ttl(self) -> Optional[pulumi.Input[str]]:
175
+ def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
159
176
  """
160
177
  Specifies the maximum TTL for service principals generated using this role. Accepts time
161
178
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
@@ -163,12 +180,12 @@ class BackendRoleArgs:
163
180
  return pulumi.get(self, "max_ttl")
164
181
 
165
182
  @max_ttl.setter
166
- def max_ttl(self, value: Optional[pulumi.Input[str]]):
183
+ def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
167
184
  pulumi.set(self, "max_ttl", value)
168
185
 
169
186
  @property
170
187
  @pulumi.getter
171
- def namespace(self) -> Optional[pulumi.Input[str]]:
188
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
172
189
  """
173
190
  The namespace to provision the resource in.
174
191
  The value should not contain leading or trailing forward slashes.
@@ -178,12 +195,12 @@ class BackendRoleArgs:
178
195
  return pulumi.get(self, "namespace")
179
196
 
180
197
  @namespace.setter
181
- def namespace(self, value: Optional[pulumi.Input[str]]):
198
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
182
199
  pulumi.set(self, "namespace", value)
183
200
 
184
201
  @property
185
202
  @pulumi.getter(name="permanentlyDelete")
186
- def permanently_delete(self) -> Optional[pulumi.Input[bool]]:
203
+ def permanently_delete(self) -> Optional[pulumi.Input[builtins.bool]]:
187
204
  """
188
205
  Indicates whether the applications and service principals created by Vault will be permanently
189
206
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -191,12 +208,12 @@ class BackendRoleArgs:
191
208
  return pulumi.get(self, "permanently_delete")
192
209
 
193
210
  @permanently_delete.setter
194
- def permanently_delete(self, value: Optional[pulumi.Input[bool]]):
211
+ def permanently_delete(self, value: Optional[pulumi.Input[builtins.bool]]):
195
212
  pulumi.set(self, "permanently_delete", value)
196
213
 
197
214
  @property
198
215
  @pulumi.getter(name="signInAudience")
199
- def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
216
+ def sign_in_audience(self) -> Optional[pulumi.Input[builtins.str]]:
200
217
  """
201
218
  Specifies the security principal types that are allowed to sign in to the application.
202
219
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
@@ -204,24 +221,24 @@ class BackendRoleArgs:
204
221
  return pulumi.get(self, "sign_in_audience")
205
222
 
206
223
  @sign_in_audience.setter
207
- def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
224
+ def sign_in_audience(self, value: Optional[pulumi.Input[builtins.str]]):
208
225
  pulumi.set(self, "sign_in_audience", value)
209
226
 
210
227
  @property
211
228
  @pulumi.getter
212
- def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
229
+ def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
213
230
  """
214
231
  A list of Azure tags to attach to an application. Requires Vault 1.16+.
215
232
  """
216
233
  return pulumi.get(self, "tags")
217
234
 
218
235
  @tags.setter
219
- def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
236
+ def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
220
237
  pulumi.set(self, "tags", value)
221
238
 
222
239
  @property
223
240
  @pulumi.getter
224
- def ttl(self) -> Optional[pulumi.Input[str]]:
241
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
225
242
  """
226
243
  Specifies the default TTL for service principals generated using this role.
227
244
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
@@ -229,46 +246,48 @@ class BackendRoleArgs:
229
246
  return pulumi.get(self, "ttl")
230
247
 
231
248
  @ttl.setter
232
- def ttl(self, value: Optional[pulumi.Input[str]]):
249
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
233
250
  pulumi.set(self, "ttl", value)
234
251
 
235
252
 
236
253
  @pulumi.input_type
237
254
  class _BackendRoleState:
238
255
  def __init__(__self__, *,
239
- application_object_id: Optional[pulumi.Input[str]] = None,
256
+ application_object_id: Optional[pulumi.Input[builtins.str]] = None,
240
257
  azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]]] = None,
241
258
  azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]]] = None,
242
- backend: Optional[pulumi.Input[str]] = None,
243
- description: Optional[pulumi.Input[str]] = None,
244
- max_ttl: Optional[pulumi.Input[str]] = None,
245
- namespace: Optional[pulumi.Input[str]] = None,
246
- permanently_delete: Optional[pulumi.Input[bool]] = None,
247
- role: Optional[pulumi.Input[str]] = None,
248
- sign_in_audience: Optional[pulumi.Input[str]] = None,
249
- tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
250
- ttl: Optional[pulumi.Input[str]] = None):
259
+ backend: Optional[pulumi.Input[builtins.str]] = None,
260
+ description: Optional[pulumi.Input[builtins.str]] = None,
261
+ explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
262
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
263
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
264
+ permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
265
+ role: Optional[pulumi.Input[builtins.str]] = None,
266
+ sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
267
+ tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
268
+ ttl: Optional[pulumi.Input[builtins.str]] = None):
251
269
  """
252
270
  Input properties used for looking up and filtering BackendRole resources.
253
- :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
271
+ :param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
254
272
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
255
273
  :param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureGroupArgs']]] azure_groups: List of Azure groups to be assigned to the generated service principal.
256
274
  :param pulumi.Input[Sequence[pulumi.Input['BackendRoleAzureRoleArgs']]] azure_roles: List of Azure roles to be assigned to the generated service principal.
257
- :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
258
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
259
- :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
275
+ :param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
276
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
277
+ :param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
278
+ :param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
260
279
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
261
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
280
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
262
281
  The value should not contain leading or trailing forward slashes.
263
282
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
264
283
  *Available only for Vault Enterprise*.
265
- :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
284
+ :param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
266
285
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
267
- :param pulumi.Input[str] role: Name of the Azure role
268
- :param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
286
+ :param pulumi.Input[builtins.str] role: Name of the Azure role
287
+ :param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
269
288
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
270
- :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
271
- :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
289
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
290
+ :param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
272
291
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
273
292
  """
274
293
  if application_object_id is not None:
@@ -281,6 +300,8 @@ class _BackendRoleState:
281
300
  pulumi.set(__self__, "backend", backend)
282
301
  if description is not None:
283
302
  pulumi.set(__self__, "description", description)
303
+ if explicit_max_ttl is not None:
304
+ pulumi.set(__self__, "explicit_max_ttl", explicit_max_ttl)
284
305
  if max_ttl is not None:
285
306
  pulumi.set(__self__, "max_ttl", max_ttl)
286
307
  if namespace is not None:
@@ -298,7 +319,7 @@ class _BackendRoleState:
298
319
 
299
320
  @property
300
321
  @pulumi.getter(name="applicationObjectId")
301
- def application_object_id(self) -> Optional[pulumi.Input[str]]:
322
+ def application_object_id(self) -> Optional[pulumi.Input[builtins.str]]:
302
323
  """
303
324
  Application Object ID for an existing service principal that will
304
325
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
@@ -306,7 +327,7 @@ class _BackendRoleState:
306
327
  return pulumi.get(self, "application_object_id")
307
328
 
308
329
  @application_object_id.setter
309
- def application_object_id(self, value: Optional[pulumi.Input[str]]):
330
+ def application_object_id(self, value: Optional[pulumi.Input[builtins.str]]):
310
331
  pulumi.set(self, "application_object_id", value)
311
332
 
312
333
  @property
@@ -335,31 +356,43 @@ class _BackendRoleState:
335
356
 
336
357
  @property
337
358
  @pulumi.getter
338
- def backend(self) -> Optional[pulumi.Input[str]]:
359
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
339
360
  """
340
361
  Path to the mounted Azure auth backend
341
362
  """
342
363
  return pulumi.get(self, "backend")
343
364
 
344
365
  @backend.setter
345
- def backend(self, value: Optional[pulumi.Input[str]]):
366
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
346
367
  pulumi.set(self, "backend", value)
347
368
 
348
369
  @property
349
370
  @pulumi.getter
350
- def description(self) -> Optional[pulumi.Input[str]]:
371
+ def description(self) -> Optional[pulumi.Input[builtins.str]]:
351
372
  """
352
373
  Human-friendly description of the mount for the backend.
353
374
  """
354
375
  return pulumi.get(self, "description")
355
376
 
356
377
  @description.setter
357
- def description(self, value: Optional[pulumi.Input[str]]):
378
+ def description(self, value: Optional[pulumi.Input[builtins.str]]):
358
379
  pulumi.set(self, "description", value)
359
380
 
381
+ @property
382
+ @pulumi.getter(name="explicitMaxTtl")
383
+ def explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
384
+ """
385
+ Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
386
+ """
387
+ return pulumi.get(self, "explicit_max_ttl")
388
+
389
+ @explicit_max_ttl.setter
390
+ def explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
391
+ pulumi.set(self, "explicit_max_ttl", value)
392
+
360
393
  @property
361
394
  @pulumi.getter(name="maxTtl")
362
- def max_ttl(self) -> Optional[pulumi.Input[str]]:
395
+ def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
363
396
  """
364
397
  Specifies the maximum TTL for service principals generated using this role. Accepts time
365
398
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
@@ -367,12 +400,12 @@ class _BackendRoleState:
367
400
  return pulumi.get(self, "max_ttl")
368
401
 
369
402
  @max_ttl.setter
370
- def max_ttl(self, value: Optional[pulumi.Input[str]]):
403
+ def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
371
404
  pulumi.set(self, "max_ttl", value)
372
405
 
373
406
  @property
374
407
  @pulumi.getter
375
- def namespace(self) -> Optional[pulumi.Input[str]]:
408
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
376
409
  """
377
410
  The namespace to provision the resource in.
378
411
  The value should not contain leading or trailing forward slashes.
@@ -382,12 +415,12 @@ class _BackendRoleState:
382
415
  return pulumi.get(self, "namespace")
383
416
 
384
417
  @namespace.setter
385
- def namespace(self, value: Optional[pulumi.Input[str]]):
418
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
386
419
  pulumi.set(self, "namespace", value)
387
420
 
388
421
  @property
389
422
  @pulumi.getter(name="permanentlyDelete")
390
- def permanently_delete(self) -> Optional[pulumi.Input[bool]]:
423
+ def permanently_delete(self) -> Optional[pulumi.Input[builtins.bool]]:
391
424
  """
392
425
  Indicates whether the applications and service principals created by Vault will be permanently
393
426
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -395,24 +428,24 @@ class _BackendRoleState:
395
428
  return pulumi.get(self, "permanently_delete")
396
429
 
397
430
  @permanently_delete.setter
398
- def permanently_delete(self, value: Optional[pulumi.Input[bool]]):
431
+ def permanently_delete(self, value: Optional[pulumi.Input[builtins.bool]]):
399
432
  pulumi.set(self, "permanently_delete", value)
400
433
 
401
434
  @property
402
435
  @pulumi.getter
403
- def role(self) -> Optional[pulumi.Input[str]]:
436
+ def role(self) -> Optional[pulumi.Input[builtins.str]]:
404
437
  """
405
438
  Name of the Azure role
406
439
  """
407
440
  return pulumi.get(self, "role")
408
441
 
409
442
  @role.setter
410
- def role(self, value: Optional[pulumi.Input[str]]):
443
+ def role(self, value: Optional[pulumi.Input[builtins.str]]):
411
444
  pulumi.set(self, "role", value)
412
445
 
413
446
  @property
414
447
  @pulumi.getter(name="signInAudience")
415
- def sign_in_audience(self) -> Optional[pulumi.Input[str]]:
448
+ def sign_in_audience(self) -> Optional[pulumi.Input[builtins.str]]:
416
449
  """
417
450
  Specifies the security principal types that are allowed to sign in to the application.
418
451
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
@@ -420,24 +453,24 @@ class _BackendRoleState:
420
453
  return pulumi.get(self, "sign_in_audience")
421
454
 
422
455
  @sign_in_audience.setter
423
- def sign_in_audience(self, value: Optional[pulumi.Input[str]]):
456
+ def sign_in_audience(self, value: Optional[pulumi.Input[builtins.str]]):
424
457
  pulumi.set(self, "sign_in_audience", value)
425
458
 
426
459
  @property
427
460
  @pulumi.getter
428
- def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
461
+ def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
429
462
  """
430
463
  A list of Azure tags to attach to an application. Requires Vault 1.16+.
431
464
  """
432
465
  return pulumi.get(self, "tags")
433
466
 
434
467
  @tags.setter
435
- def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
468
+ def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
436
469
  pulumi.set(self, "tags", value)
437
470
 
438
471
  @property
439
472
  @pulumi.getter
440
- def ttl(self) -> Optional[pulumi.Input[str]]:
473
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
441
474
  """
442
475
  Specifies the default TTL for service principals generated using this role.
443
476
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
@@ -445,7 +478,7 @@ class _BackendRoleState:
445
478
  return pulumi.get(self, "ttl")
446
479
 
447
480
  @ttl.setter
448
- def ttl(self, value: Optional[pulumi.Input[str]]):
481
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
449
482
  pulumi.set(self, "ttl", value)
450
483
 
451
484
 
@@ -454,18 +487,19 @@ class BackendRole(pulumi.CustomResource):
454
487
  def __init__(__self__,
455
488
  resource_name: str,
456
489
  opts: Optional[pulumi.ResourceOptions] = None,
457
- application_object_id: Optional[pulumi.Input[str]] = None,
490
+ application_object_id: Optional[pulumi.Input[builtins.str]] = None,
458
491
  azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
459
492
  azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
460
- backend: Optional[pulumi.Input[str]] = None,
461
- description: Optional[pulumi.Input[str]] = None,
462
- max_ttl: Optional[pulumi.Input[str]] = None,
463
- namespace: Optional[pulumi.Input[str]] = None,
464
- permanently_delete: Optional[pulumi.Input[bool]] = None,
465
- role: Optional[pulumi.Input[str]] = None,
466
- sign_in_audience: Optional[pulumi.Input[str]] = None,
467
- tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
468
- ttl: Optional[pulumi.Input[str]] = None,
493
+ backend: Optional[pulumi.Input[builtins.str]] = None,
494
+ description: Optional[pulumi.Input[builtins.str]] = None,
495
+ explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
496
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
497
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
498
+ permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
499
+ role: Optional[pulumi.Input[builtins.str]] = None,
500
+ sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
501
+ tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
502
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
469
503
  __props__=None):
470
504
  """
471
505
  ## Example Usage
@@ -503,25 +537,26 @@ class BackendRole(pulumi.CustomResource):
503
537
 
504
538
  :param str resource_name: The name of the resource.
505
539
  :param pulumi.ResourceOptions opts: Options for the resource.
506
- :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
540
+ :param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
507
541
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
508
542
  :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
509
543
  :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
510
- :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
511
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
512
- :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
544
+ :param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
545
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
546
+ :param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
547
+ :param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
513
548
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
514
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
549
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
515
550
  The value should not contain leading or trailing forward slashes.
516
551
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
517
552
  *Available only for Vault Enterprise*.
518
- :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
553
+ :param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
519
554
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
520
- :param pulumi.Input[str] role: Name of the Azure role
521
- :param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
555
+ :param pulumi.Input[builtins.str] role: Name of the Azure role
556
+ :param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
522
557
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
523
- :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
524
- :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
558
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
559
+ :param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
525
560
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
526
561
  """
527
562
  ...
@@ -579,18 +614,19 @@ class BackendRole(pulumi.CustomResource):
579
614
  def _internal_init(__self__,
580
615
  resource_name: str,
581
616
  opts: Optional[pulumi.ResourceOptions] = None,
582
- application_object_id: Optional[pulumi.Input[str]] = None,
617
+ application_object_id: Optional[pulumi.Input[builtins.str]] = None,
583
618
  azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
584
619
  azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
585
- backend: Optional[pulumi.Input[str]] = None,
586
- description: Optional[pulumi.Input[str]] = None,
587
- max_ttl: Optional[pulumi.Input[str]] = None,
588
- namespace: Optional[pulumi.Input[str]] = None,
589
- permanently_delete: Optional[pulumi.Input[bool]] = None,
590
- role: Optional[pulumi.Input[str]] = None,
591
- sign_in_audience: Optional[pulumi.Input[str]] = None,
592
- tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
593
- ttl: Optional[pulumi.Input[str]] = None,
620
+ backend: Optional[pulumi.Input[builtins.str]] = None,
621
+ description: Optional[pulumi.Input[builtins.str]] = None,
622
+ explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
623
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
624
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
625
+ permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
626
+ role: Optional[pulumi.Input[builtins.str]] = None,
627
+ sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
628
+ tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
629
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
594
630
  __props__=None):
595
631
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
596
632
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -605,6 +641,7 @@ class BackendRole(pulumi.CustomResource):
605
641
  __props__.__dict__["azure_roles"] = azure_roles
606
642
  __props__.__dict__["backend"] = backend
607
643
  __props__.__dict__["description"] = description
644
+ __props__.__dict__["explicit_max_ttl"] = explicit_max_ttl
608
645
  __props__.__dict__["max_ttl"] = max_ttl
609
646
  __props__.__dict__["namespace"] = namespace
610
647
  __props__.__dict__["permanently_delete"] = permanently_delete
@@ -624,18 +661,19 @@ class BackendRole(pulumi.CustomResource):
624
661
  def get(resource_name: str,
625
662
  id: pulumi.Input[str],
626
663
  opts: Optional[pulumi.ResourceOptions] = None,
627
- application_object_id: Optional[pulumi.Input[str]] = None,
664
+ application_object_id: Optional[pulumi.Input[builtins.str]] = None,
628
665
  azure_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]]] = None,
629
666
  azure_roles: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]]] = None,
630
- backend: Optional[pulumi.Input[str]] = None,
631
- description: Optional[pulumi.Input[str]] = None,
632
- max_ttl: Optional[pulumi.Input[str]] = None,
633
- namespace: Optional[pulumi.Input[str]] = None,
634
- permanently_delete: Optional[pulumi.Input[bool]] = None,
635
- role: Optional[pulumi.Input[str]] = None,
636
- sign_in_audience: Optional[pulumi.Input[str]] = None,
637
- tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
638
- ttl: Optional[pulumi.Input[str]] = None) -> 'BackendRole':
667
+ backend: Optional[pulumi.Input[builtins.str]] = None,
668
+ description: Optional[pulumi.Input[builtins.str]] = None,
669
+ explicit_max_ttl: Optional[pulumi.Input[builtins.str]] = None,
670
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
671
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
672
+ permanently_delete: Optional[pulumi.Input[builtins.bool]] = None,
673
+ role: Optional[pulumi.Input[builtins.str]] = None,
674
+ sign_in_audience: Optional[pulumi.Input[builtins.str]] = None,
675
+ tags: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
676
+ ttl: Optional[pulumi.Input[builtins.str]] = None) -> 'BackendRole':
639
677
  """
640
678
  Get an existing BackendRole resource's state with the given name, id, and optional extra
641
679
  properties used to qualify the lookup.
@@ -643,25 +681,26 @@ class BackendRole(pulumi.CustomResource):
643
681
  :param str resource_name: The unique name of the resulting resource.
644
682
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
645
683
  :param pulumi.ResourceOptions opts: Options for the resource.
646
- :param pulumi.Input[str] application_object_id: Application Object ID for an existing service principal that will
684
+ :param pulumi.Input[builtins.str] application_object_id: Application Object ID for an existing service principal that will
647
685
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
648
686
  :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureGroupArgs', 'BackendRoleAzureGroupArgsDict']]]] azure_groups: List of Azure groups to be assigned to the generated service principal.
649
687
  :param pulumi.Input[Sequence[pulumi.Input[Union['BackendRoleAzureRoleArgs', 'BackendRoleAzureRoleArgsDict']]]] azure_roles: List of Azure roles to be assigned to the generated service principal.
650
- :param pulumi.Input[str] backend: Path to the mounted Azure auth backend
651
- :param pulumi.Input[str] description: Human-friendly description of the mount for the backend.
652
- :param pulumi.Input[str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
688
+ :param pulumi.Input[builtins.str] backend: Path to the mounted Azure auth backend
689
+ :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the backend.
690
+ :param pulumi.Input[builtins.str] explicit_max_ttl: Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
691
+ :param pulumi.Input[builtins.str] max_ttl: Specifies the maximum TTL for service principals generated using this role. Accepts time
653
692
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
654
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
693
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
655
694
  The value should not contain leading or trailing forward slashes.
656
695
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
657
696
  *Available only for Vault Enterprise*.
658
- :param pulumi.Input[bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
697
+ :param pulumi.Input[builtins.bool] permanently_delete: Indicates whether the applications and service principals created by Vault will be permanently
659
698
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
660
- :param pulumi.Input[str] role: Name of the Azure role
661
- :param pulumi.Input[str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
699
+ :param pulumi.Input[builtins.str] role: Name of the Azure role
700
+ :param pulumi.Input[builtins.str] sign_in_audience: Specifies the security principal types that are allowed to sign in to the application.
662
701
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
663
- :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
664
- :param pulumi.Input[str] ttl: Specifies the default TTL for service principals generated using this role.
702
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] tags: A list of Azure tags to attach to an application. Requires Vault 1.16+.
703
+ :param pulumi.Input[builtins.str] ttl: Specifies the default TTL for service principals generated using this role.
665
704
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.
666
705
  """
667
706
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -673,6 +712,7 @@ class BackendRole(pulumi.CustomResource):
673
712
  __props__.__dict__["azure_roles"] = azure_roles
674
713
  __props__.__dict__["backend"] = backend
675
714
  __props__.__dict__["description"] = description
715
+ __props__.__dict__["explicit_max_ttl"] = explicit_max_ttl
676
716
  __props__.__dict__["max_ttl"] = max_ttl
677
717
  __props__.__dict__["namespace"] = namespace
678
718
  __props__.__dict__["permanently_delete"] = permanently_delete
@@ -684,7 +724,7 @@ class BackendRole(pulumi.CustomResource):
684
724
 
685
725
  @property
686
726
  @pulumi.getter(name="applicationObjectId")
687
- def application_object_id(self) -> pulumi.Output[Optional[str]]:
727
+ def application_object_id(self) -> pulumi.Output[Optional[builtins.str]]:
688
728
  """
689
729
  Application Object ID for an existing service principal that will
690
730
  be used instead of creating dynamic service principals. If present, `azure_roles` and `permanently_delete` will be ignored.
@@ -709,7 +749,7 @@ class BackendRole(pulumi.CustomResource):
709
749
 
710
750
  @property
711
751
  @pulumi.getter
712
- def backend(self) -> pulumi.Output[Optional[str]]:
752
+ def backend(self) -> pulumi.Output[Optional[builtins.str]]:
713
753
  """
714
754
  Path to the mounted Azure auth backend
715
755
  """
@@ -717,15 +757,23 @@ class BackendRole(pulumi.CustomResource):
717
757
 
718
758
  @property
719
759
  @pulumi.getter
720
- def description(self) -> pulumi.Output[Optional[str]]:
760
+ def description(self) -> pulumi.Output[Optional[builtins.str]]:
721
761
  """
722
762
  Human-friendly description of the mount for the backend.
723
763
  """
724
764
  return pulumi.get(self, "description")
725
765
 
766
+ @property
767
+ @pulumi.getter(name="explicitMaxTtl")
768
+ def explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.str]]:
769
+ """
770
+ Specifies the explicit maximum lifetime of the lease and service principal generated using this role. If not set or set to 0, will use the system default (10 years). Requires Vault 1.18+.
771
+ """
772
+ return pulumi.get(self, "explicit_max_ttl")
773
+
726
774
  @property
727
775
  @pulumi.getter(name="maxTtl")
728
- def max_ttl(self) -> pulumi.Output[Optional[str]]:
776
+ def max_ttl(self) -> pulumi.Output[Optional[builtins.str]]:
729
777
  """
730
778
  Specifies the maximum TTL for service principals generated using this role. Accepts time
731
779
  suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine max TTL time.
@@ -734,7 +782,7 @@ class BackendRole(pulumi.CustomResource):
734
782
 
735
783
  @property
736
784
  @pulumi.getter
737
- def namespace(self) -> pulumi.Output[Optional[str]]:
785
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
738
786
  """
739
787
  The namespace to provision the resource in.
740
788
  The value should not contain leading or trailing forward slashes.
@@ -745,7 +793,7 @@ class BackendRole(pulumi.CustomResource):
745
793
 
746
794
  @property
747
795
  @pulumi.getter(name="permanentlyDelete")
748
- def permanently_delete(self) -> pulumi.Output[bool]:
796
+ def permanently_delete(self) -> pulumi.Output[builtins.bool]:
749
797
  """
750
798
  Indicates whether the applications and service principals created by Vault will be permanently
751
799
  deleted when the corresponding leases expire. Defaults to `false`. For Vault v1.12+.
@@ -754,7 +802,7 @@ class BackendRole(pulumi.CustomResource):
754
802
 
755
803
  @property
756
804
  @pulumi.getter
757
- def role(self) -> pulumi.Output[str]:
805
+ def role(self) -> pulumi.Output[builtins.str]:
758
806
  """
759
807
  Name of the Azure role
760
808
  """
@@ -762,7 +810,7 @@ class BackendRole(pulumi.CustomResource):
762
810
 
763
811
  @property
764
812
  @pulumi.getter(name="signInAudience")
765
- def sign_in_audience(self) -> pulumi.Output[Optional[str]]:
813
+ def sign_in_audience(self) -> pulumi.Output[Optional[builtins.str]]:
766
814
  """
767
815
  Specifies the security principal types that are allowed to sign in to the application.
768
816
  Valid values are: AzureADMyOrg, AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, PersonalMicrosoftAccount. Requires Vault 1.16+.
@@ -771,7 +819,7 @@ class BackendRole(pulumi.CustomResource):
771
819
 
772
820
  @property
773
821
  @pulumi.getter
774
- def tags(self) -> pulumi.Output[Optional[Sequence[str]]]:
822
+ def tags(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
775
823
  """
776
824
  A list of Azure tags to attach to an application. Requires Vault 1.16+.
777
825
  """
@@ -779,7 +827,7 @@ class BackendRole(pulumi.CustomResource):
779
827
 
780
828
  @property
781
829
  @pulumi.getter
782
- def ttl(self) -> pulumi.Output[Optional[str]]:
830
+ def ttl(self) -> pulumi.Output[Optional[builtins.str]]:
783
831
  """
784
832
  Specifies the default TTL for service principals generated using this role.
785
833
  Accepts time suffixed strings ("1h") or an integer number of seconds. Defaults to the system/engine default TTL time.