pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl

pulumi_vault/ad/secret_backend.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -19,100 +20,100 @@ __all__ = ['SecretBackendArgs', 'SecretBackend']
 @pulumi.input_type
 class SecretBackendArgs:
     def __init__(__self__, *,
-                 binddn: pulumi.Input[str],
-                 bindpass: pulumi.Input[str],
-                 anonymous_group_search: Optional[pulumi.Input[bool]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 max_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 password_policy: Optional[pulumi.Input[str]] = None,
-                 request_timeout: Optional[pulumi.Input[int]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 ttl: Optional[pulumi.Input[int]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None):
+                 binddn: pulumi.Input[builtins.str],
+                 bindpass: pulumi.Input[builtins.str],
+                 anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackend resource.
-        :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
+        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
                (if true the initial credentials will still be used for the initial connection test).
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ad`.
-        :param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
+        :param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
                backend will be case sensitive. Otherwise, names will be normalized to lower case.
-        :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
+        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
                defaults to true.
-        :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
-        :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
-        :param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
+        :param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
+        :param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
                the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
-        :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
+        :param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
+        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
-        :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
+        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
+        :param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
                different cases unfortunately introduced a regression that could cause previously defined groups
                to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
                matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
                compatibility. It is enabled by default if the config is upgraded but disabled by default on
                new configurations.
-        :param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
+        :param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
                user to find the group memberships. This will find all security groups including nested ones.
-        :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         pulumi.set(__self__, "binddn", binddn)
         pulumi.set(__self__, "bindpass", bindpass)
@@ -183,31 +184,31 @@ class SecretBackendArgs:
 
     @property
     @pulumi.getter
-    def binddn(self) -> pulumi.Input[str]:
+    def binddn(self) -> pulumi.Input[builtins.str]:
         """
         Distinguished name of object to bind when performing user and group search.
         """
         return pulumi.get(self, "binddn")
 
     @binddn.setter
-    def binddn(self, value: pulumi.Input[str]):
+    def binddn(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "binddn", value)
 
     @property
     @pulumi.getter
-    def bindpass(self) -> pulumi.Input[str]:
+    def bindpass(self) -> pulumi.Input[builtins.str]:
         """
         Password to use along with binddn when performing user search.
         """
         return pulumi.get(self, "bindpass")
 
     @bindpass.setter
-    def bindpass(self, value: pulumi.Input[str]):
+    def bindpass(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "bindpass", value)
 
     @property
     @pulumi.getter(name="anonymousGroupSearch")
-    def anonymous_group_search(self) -> Optional[pulumi.Input[bool]]:
+    def anonymous_group_search(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use anonymous binds when performing LDAP group searches
         (if true the initial credentials will still be used for the initial connection test).
@@ -215,12 +216,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "anonymous_group_search")
 
     @anonymous_group_search.setter
-    def anonymous_group_search(self, value: Optional[pulumi.Input[bool]]):
+    def anonymous_group_search(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "anonymous_group_search", value)
 
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `ad`.
@@ -228,12 +229,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
 
     @property
     @pulumi.getter(name="caseSensitiveNames")
-    def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
+    def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If set, user and group names assigned to policies within the
         backend will be case sensitive. Otherwise, names will be normalized to lower case.
@@ -241,12 +242,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "case_sensitive_names")
 
     @case_sensitive_names.setter
-    def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
+    def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "case_sensitive_names", value)
 
     @property
     @pulumi.getter
-    def certificate(self) -> Optional[pulumi.Input[str]]:
+    def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         CA certificate to use when verifying LDAP server certificate, must be
         x509 PEM encoded.
@@ -254,48 +255,48 @@ class SecretBackendArgs:
         return pulumi.get(self, "certificate")
 
     @certificate.setter
-    def certificate(self, value: Optional[pulumi.Input[str]]):
+    def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "certificate", value)
 
     @property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Client certificate to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_cert")
 
     @client_tls_cert.setter
-    def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_cert", value)
 
     @property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_key")
 
     @client_tls_key.setter
-    def client_tls_key(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_key", value)
 
     @property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
+    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Default lease duration for secrets in seconds.
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
     @default_lease_ttl_seconds.setter
-    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
+    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
     @property
     @pulumi.getter(name="denyNullBind")
-    def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
+    def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Denies an unauthenticated LDAP bind request if the user's password is empty;
         defaults to true.
@@ -303,24 +304,24 @@ class SecretBackendArgs:
         return pulumi.get(self, "deny_null_bind")
 
     @deny_null_bind.setter
-    def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
+    def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "deny_null_bind", value)
 
     @property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Human-friendly description of the mount for the Active Directory backend.
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "description", value)
 
     @property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> Optional[pulumi.Input[bool]]:
+    def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -328,24 +329,24 @@ class SecretBackendArgs:
         return pulumi.get(self, "disable_remount")
 
     @disable_remount.setter
-    def disable_remount(self, value: Optional[pulumi.Input[bool]]):
+    def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable_remount", value)
 
     @property
     @pulumi.getter
-    def discoverdn(self) -> Optional[pulumi.Input[bool]]:
+    def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use anonymous bind to discover the bind Distinguished Name of a user.
         """
         return pulumi.get(self, "discoverdn")
 
     @discoverdn.setter
-    def discoverdn(self, value: Optional[pulumi.Input[bool]]):
+    def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "discoverdn", value)
 
     @property
     @pulumi.getter
-    def groupattr(self) -> Optional[pulumi.Input[str]]:
+    def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
         user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
@@ -353,24 +354,24 @@ class SecretBackendArgs:
         return pulumi.get(self, "groupattr")
 
     @groupattr.setter
-    def groupattr(self, value: Optional[pulumi.Input[str]]):
+    def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupattr", value)
 
     @property
     @pulumi.getter
-    def groupdn(self) -> Optional[pulumi.Input[str]]:
+    def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
         """
         return pulumi.get(self, "groupdn")
 
     @groupdn.setter
-    def groupdn(self, value: Optional[pulumi.Input[str]]):
+    def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupdn", value)
 
     @property
     @pulumi.getter
-    def groupfilter(self) -> Optional[pulumi.Input[str]]:
+    def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Go template for querying group membership of user (optional) The template can access
         the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
@@ -378,12 +379,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "groupfilter")
 
     @groupfilter.setter
-    def groupfilter(self, value: Optional[pulumi.Input[str]]):
+    def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupfilter", value)
 
     @property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
+    def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Skip LDAP server SSL Certificate verification. This is not recommended for production.
         Defaults to `false`.
@@ -391,12 +392,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "insecure_tls")
 
     @insecure_tls.setter
-    def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
+    def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "insecure_tls", value)
 
     @property
     @pulumi.getter(name="lastRotationTolerance")
-    def last_rotation_tolerance(self) -> Optional[pulumi.Input[int]]:
+    def last_rotation_tolerance(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The number of seconds after a Vault rotation where, if Active Directory
         shows a later rotation, it should be considered out-of-band
@@ -404,12 +405,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "last_rotation_tolerance")
 
     @last_rotation_tolerance.setter
-    def last_rotation_tolerance(self, value: Optional[pulumi.Input[int]]):
+    def last_rotation_tolerance(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "last_rotation_tolerance", value)
 
     @property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[bool]]:
+    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Mark the secrets engine as local-only. Local engines are not replicated or removed by
         replication.Tolerance duration to use when checking the last rotation time.
@@ -417,36 +418,36 @@ class SecretBackendArgs:
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[bool]]):
+    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "local", value)
 
     @property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
+    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Maximum possible lease duration for secrets in seconds.
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
     @max_lease_ttl_seconds.setter
-    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
+    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "max_lease_ttl_seconds", value)
 
     @property
     @pulumi.getter(name="maxTtl")
-    def max_ttl(self) -> Optional[pulumi.Input[int]]:
+    def max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         In seconds, the maximum password time-to-live.
         """
         return pulumi.get(self, "max_ttl")
 
     @max_ttl.setter
-    def max_ttl(self, value: Optional[pulumi.Input[int]]):
+    def max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "max_ttl", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -456,24 +457,24 @@ class SecretBackendArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter(name="passwordPolicy")
-    def password_policy(self) -> Optional[pulumi.Input[str]]:
+    def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Name of the password policy to use to generate passwords.
         """
         return pulumi.get(self, "password_policy")
 
     @password_policy.setter
-    def password_policy(self, value: Optional[pulumi.Input[str]]):
+    def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "password_policy", value)
 
     @property
     @pulumi.getter(name="requestTimeout")
-    def request_timeout(self) -> Optional[pulumi.Input[int]]:
+    def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Timeout, in seconds, for the connection when making requests against the server
         before returning back an error.
@@ -481,24 +482,24 @@ class SecretBackendArgs:
         return pulumi.get(self, "request_timeout")
 
     @request_timeout.setter
-    def request_timeout(self, value: Optional[pulumi.Input[int]]):
+    def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "request_timeout", value)
 
     @property
     @pulumi.getter
-    def starttls(self) -> Optional[pulumi.Input[bool]]:
+    def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Issue a StartTLS command after establishing unencrypted connection.
         """
         return pulumi.get(self, "starttls")
 
     @starttls.setter
-    def starttls(self, value: Optional[pulumi.Input[bool]]):
+    def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "starttls", value)
 
     @property
     @pulumi.getter(name="tlsMaxVersion")
-    def tls_max_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
         `tls12` or `tls13`. Defaults to `tls12`.
@@ -506,12 +507,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "tls_max_version")
 
     @tls_max_version.setter
-    def tls_max_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_max_version", value)
 
     @property
     @pulumi.getter(name="tlsMinVersion")
-    def tls_min_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
         `tls12` or `tls13`. Defaults to `tls12`.
@@ -519,36 +520,36 @@ class SecretBackendArgs:
         return pulumi.get(self, "tls_min_version")
 
     @tls_min_version.setter
-    def tls_min_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_min_version", value)
 
     @property
     @pulumi.getter
-    def ttl(self) -> Optional[pulumi.Input[int]]:
+    def ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         In seconds, the default password time-to-live.
         """
         return pulumi.get(self, "ttl")
 
     @ttl.setter
-    def ttl(self, value: Optional[pulumi.Input[int]]):
+    def ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "ttl", value)
 
     @property
     @pulumi.getter
-    def upndomain(self) -> Optional[pulumi.Input[str]]:
+    def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Enables userPrincipalDomain login with [username]@UPNDomain.
         """
         return pulumi.get(self, "upndomain")
 
     @upndomain.setter
-    def upndomain(self, value: Optional[pulumi.Input[str]]):
+    def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "upndomain", value)
 
     @property
     @pulumi.getter
-    def url(self) -> Optional[pulumi.Input[str]]:
+    def url(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP URL to connect to. Multiple URLs can be specified by concatenating
         them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -556,12 +557,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "url")
 
     @url.setter
-    def url(self, value: Optional[pulumi.Input[str]]):
+    def url(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "url", value)
 
     @property
     @pulumi.getter(name="usePre111GroupCnBehavior")
-    def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[bool]]:
+    def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         In Vault 1.1.1 a fix for handling group CN values of
         different cases unfortunately introduced a regression that could cause previously defined groups
@@ -573,12 +574,12 @@ class SecretBackendArgs:
         return pulumi.get(self, "use_pre111_group_cn_behavior")
 
     @use_pre111_group_cn_behavior.setter
-    def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[bool]]):
+    def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "use_pre111_group_cn_behavior", value)
 
     @property
     @pulumi.getter(name="useTokenGroups")
-    def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
+    def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If true, use the Active Directory tokenGroups constructed attribute of the
         user to find the group memberships. This will find all security groups including nested ones.
@@ -586,131 +587,131 @@ class SecretBackendArgs:
         return pulumi.get(self, "use_token_groups")
 
     @use_token_groups.setter
-    def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
+    def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "use_token_groups", value)
 
     @property
     @pulumi.getter
-    def userattr(self) -> Optional[pulumi.Input[str]]:
+    def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Attribute used when searching users. Defaults to `cn`.
         """
         return pulumi.get(self, "userattr")
 
     @userattr.setter
-    def userattr(self, value: Optional[pulumi.Input[str]]):
+    def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userattr", value)
 
     @property
     @pulumi.getter
-    def userdn(self) -> Optional[pulumi.Input[str]]:
+    def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         return pulumi.get(self, "userdn")
 
     @userdn.setter
-    def userdn(self, value: Optional[pulumi.Input[str]]):
+    def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userdn", value)
 
 
 @pulumi.input_type
 class _SecretBackendState:
     def __init__(__self__, *,
-                 anonymous_group_search: Optional[pulumi.Input[bool]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 max_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 password_policy: Optional[pulumi.Input[str]] = None,
-                 request_timeout: Optional[pulumi.Input[int]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 ttl: Optional[pulumi.Input[int]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None):
+                 anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackend resources.
-        :param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
+        :param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
                (if true the initial credentials will still be used for the initial connection test).
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ad`.
-        :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
+        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
                backend will be case sensitive. Otherwise, names will be normalized to lower case.
-        :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
+        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
                defaults to true.
-        :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
-        :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
-        :param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
+        :param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
+        :param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
                the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
-        :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
+        :param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
+        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
-        :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
+        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
+        :param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
                different cases unfortunately introduced a regression that could cause previously defined groups
                to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
                matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
                compatibility. It is enabled by default if the config is upgraded but disabled by default on
                new configurations.
-        :param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
+        :param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
                user to find the group memberships. This will find all security groups including nested ones.
-        :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         if anonymous_group_search is not None:
             pulumi.set(__self__, "anonymous_group_search", anonymous_group_search)
@@ -783,7 +784,7 @@ class _SecretBackendState:
 
     @property
     @pulumi.getter(name="anonymousGroupSearch")
-    def anonymous_group_search(self) -> Optional[pulumi.Input[bool]]:
+    def anonymous_group_search(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use anonymous binds when performing LDAP group searches
         (if true the initial credentials will still be used for the initial connection test).
@@ -791,12 +792,12 @@ class _SecretBackendState:
         return pulumi.get(self, "anonymous_group_search")
 
     @anonymous_group_search.setter
-    def anonymous_group_search(self, value: Optional[pulumi.Input[bool]]):
+    def anonymous_group_search(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "anonymous_group_search", value)
 
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `ad`.
@@ -804,36 +805,36 @@ class _SecretBackendState:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
 
     @property
     @pulumi.getter
-    def binddn(self) -> Optional[pulumi.Input[str]]:
+    def binddn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Distinguished name of object to bind when performing user and group search.
         """
         return pulumi.get(self, "binddn")
 
     @binddn.setter
-    def binddn(self, value: Optional[pulumi.Input[str]]):
+    def binddn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "binddn", value)
 
     @property
     @pulumi.getter
-    def bindpass(self) -> Optional[pulumi.Input[str]]:
+    def bindpass(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Password to use along with binddn when performing user search.
         """
         return pulumi.get(self, "bindpass")
 
     @bindpass.setter
-    def bindpass(self, value: Optional[pulumi.Input[str]]):
+    def bindpass(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "bindpass", value)
 
     @property
     @pulumi.getter(name="caseSensitiveNames")
-    def case_sensitive_names(self) -> Optional[pulumi.Input[bool]]:
+    def case_sensitive_names(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If set, user and group names assigned to policies within the
         backend will be case sensitive. Otherwise, names will be normalized to lower case.
@@ -841,12 +842,12 @@ class _SecretBackendState:
         return pulumi.get(self, "case_sensitive_names")
 
     @case_sensitive_names.setter
-    def case_sensitive_names(self, value: Optional[pulumi.Input[bool]]):
+    def case_sensitive_names(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "case_sensitive_names", value)
 
     @property
     @pulumi.getter
-    def certificate(self) -> Optional[pulumi.Input[str]]:
+    def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         CA certificate to use when verifying LDAP server certificate, must be
         x509 PEM encoded.
@@ -854,48 +855,48 @@ class _SecretBackendState:
         return pulumi.get(self, "certificate")
 
     @certificate.setter
-    def certificate(self, value: Optional[pulumi.Input[str]]):
+    def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "certificate", value)
 
     @property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_cert(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Client certificate to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_cert")
 
     @client_tls_cert.setter
-    def client_tls_cert(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_cert(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_cert", value)
 
     @property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> Optional[pulumi.Input[str]]:
+    def client_tls_key(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
         """
         return pulumi.get(self, "client_tls_key")
 
     @client_tls_key.setter
-    def client_tls_key(self, value: Optional[pulumi.Input[str]]):
+    def client_tls_key(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "client_tls_key", value)
 
     @property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
+    def default_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Default lease duration for secrets in seconds.
         """
         return pulumi.get(self, "default_lease_ttl_seconds")
 
     @default_lease_ttl_seconds.setter
-    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
+    def default_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "default_lease_ttl_seconds", value)
 
     @property
     @pulumi.getter(name="denyNullBind")
-    def deny_null_bind(self) -> Optional[pulumi.Input[bool]]:
+    def deny_null_bind(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Denies an unauthenticated LDAP bind request if the user's password is empty;
         defaults to true.
@@ -903,24 +904,24 @@ class _SecretBackendState:
         return pulumi.get(self, "deny_null_bind")
 
     @deny_null_bind.setter
-    def deny_null_bind(self, value: Optional[pulumi.Input[bool]]):
+    def deny_null_bind(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "deny_null_bind", value)
 
     @property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def description(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Human-friendly description of the mount for the Active Directory backend.
         """
         return pulumi.get(self, "description")
 
     @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
+    def description(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "description", value)
 
     @property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> Optional[pulumi.Input[bool]]:
+    def disable_remount(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -928,24 +929,24 @@ class _SecretBackendState:
         return pulumi.get(self, "disable_remount")
 
     @disable_remount.setter
-    def disable_remount(self, value: Optional[pulumi.Input[bool]]):
+    def disable_remount(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "disable_remount", value)
 
     @property
     @pulumi.getter
-    def discoverdn(self) -> Optional[pulumi.Input[bool]]:
+    def discoverdn(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Use anonymous bind to discover the bind Distinguished Name of a user.
         """
         return pulumi.get(self, "discoverdn")
 
     @discoverdn.setter
-    def discoverdn(self, value: Optional[pulumi.Input[bool]]):
+    def discoverdn(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "discoverdn", value)
 
     @property
     @pulumi.getter
-    def groupattr(self) -> Optional[pulumi.Input[str]]:
+    def groupattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
         user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
@@ -953,24 +954,24 @@ class _SecretBackendState:
         return pulumi.get(self, "groupattr")
 
     @groupattr.setter
-    def groupattr(self, value: Optional[pulumi.Input[str]]):
+    def groupattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupattr", value)
 
     @property
     @pulumi.getter
-    def groupdn(self) -> Optional[pulumi.Input[str]]:
+    def groupdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
         """
         return pulumi.get(self, "groupdn")
 
     @groupdn.setter
-    def groupdn(self, value: Optional[pulumi.Input[str]]):
+    def groupdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupdn", value)
 
     @property
     @pulumi.getter
-    def groupfilter(self) -> Optional[pulumi.Input[str]]:
+    def groupfilter(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Go template for querying group membership of user (optional) The template can access
         the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
@@ -978,12 +979,12 @@ class _SecretBackendState:
         return pulumi.get(self, "groupfilter")
 
     @groupfilter.setter
-    def groupfilter(self, value: Optional[pulumi.Input[str]]):
+    def groupfilter(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "groupfilter", value)
 
     @property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> Optional[pulumi.Input[bool]]:
+    def insecure_tls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Skip LDAP server SSL Certificate verification. This is not recommended for production.
         Defaults to `false`.
@@ -991,12 +992,12 @@ class _SecretBackendState:
         return pulumi.get(self, "insecure_tls")
 
     @insecure_tls.setter
-    def insecure_tls(self, value: Optional[pulumi.Input[bool]]):
+    def insecure_tls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "insecure_tls", value)
 
     @property
     @pulumi.getter(name="lastRotationTolerance")
-    def last_rotation_tolerance(self) -> Optional[pulumi.Input[int]]:
+    def last_rotation_tolerance(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         The number of seconds after a Vault rotation where, if Active Directory
         shows a later rotation, it should be considered out-of-band
@@ -1004,12 +1005,12 @@ class _SecretBackendState:
         return pulumi.get(self, "last_rotation_tolerance")
 
     @last_rotation_tolerance.setter
-    def last_rotation_tolerance(self, value: Optional[pulumi.Input[int]]):
+    def last_rotation_tolerance(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "last_rotation_tolerance", value)
 
     @property
     @pulumi.getter
-    def local(self) -> Optional[pulumi.Input[bool]]:
+    def local(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Mark the secrets engine as local-only. Local engines are not replicated or removed by
         replication.Tolerance duration to use when checking the last rotation time.
@@ -1017,36 +1018,36 @@ class _SecretBackendState:
         return pulumi.get(self, "local")
 
     @local.setter
-    def local(self, value: Optional[pulumi.Input[bool]]):
+    def local(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "local", value)
 
     @property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[int]]:
+    def max_lease_ttl_seconds(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Maximum possible lease duration for secrets in seconds.
         """
         return pulumi.get(self, "max_lease_ttl_seconds")
 
     @max_lease_ttl_seconds.setter
-    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[int]]):
+    def max_lease_ttl_seconds(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "max_lease_ttl_seconds", value)
 
     @property
     @pulumi.getter(name="maxTtl")
-    def max_ttl(self) -> Optional[pulumi.Input[int]]:
+    def max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         In seconds, the maximum password time-to-live.
         """
         return pulumi.get(self, "max_ttl")
 
     @max_ttl.setter
-    def max_ttl(self, value: Optional[pulumi.Input[int]]):
+    def max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "max_ttl", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1056,24 +1057,24 @@ class _SecretBackendState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter(name="passwordPolicy")
-    def password_policy(self) -> Optional[pulumi.Input[str]]:
+    def password_policy(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Name of the password policy to use to generate passwords.
         """
         return pulumi.get(self, "password_policy")
 
     @password_policy.setter
-    def password_policy(self, value: Optional[pulumi.Input[str]]):
+    def password_policy(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "password_policy", value)
 
     @property
     @pulumi.getter(name="requestTimeout")
-    def request_timeout(self) -> Optional[pulumi.Input[int]]:
+    def request_timeout(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         Timeout, in seconds, for the connection when making requests against the server
         before returning back an error.
@@ -1081,24 +1082,24 @@ class _SecretBackendState:
         return pulumi.get(self, "request_timeout")
 
     @request_timeout.setter
-    def request_timeout(self, value: Optional[pulumi.Input[int]]):
+    def request_timeout(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "request_timeout", value)
 
     @property
     @pulumi.getter
-    def starttls(self) -> Optional[pulumi.Input[bool]]:
+    def starttls(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Issue a StartTLS command after establishing unencrypted connection.
         """
         return pulumi.get(self, "starttls")
 
     @starttls.setter
-    def starttls(self, value: Optional[pulumi.Input[bool]]):
+    def starttls(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "starttls", value)
 
     @property
     @pulumi.getter(name="tlsMaxVersion")
-    def tls_max_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_max_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
         `tls12` or `tls13`. Defaults to `tls12`.
@@ -1106,12 +1107,12 @@ class _SecretBackendState:
         return pulumi.get(self, "tls_max_version")
 
     @tls_max_version.setter
-    def tls_max_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_max_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_max_version", value)
 
     @property
     @pulumi.getter(name="tlsMinVersion")
-    def tls_min_version(self) -> Optional[pulumi.Input[str]]:
+    def tls_min_version(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
         `tls12` or `tls13`. Defaults to `tls12`.
@@ -1119,36 +1120,36 @@ class _SecretBackendState:
         return pulumi.get(self, "tls_min_version")
 
     @tls_min_version.setter
-    def tls_min_version(self, value: Optional[pulumi.Input[str]]):
+    def tls_min_version(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "tls_min_version", value)
 
     @property
     @pulumi.getter
-    def ttl(self) -> Optional[pulumi.Input[int]]:
+    def ttl(self) -> Optional[pulumi.Input[builtins.int]]:
         """
         In seconds, the default password time-to-live.
         """
         return pulumi.get(self, "ttl")
 
     @ttl.setter
-    def ttl(self, value: Optional[pulumi.Input[int]]):
+    def ttl(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "ttl", value)
 
     @property
     @pulumi.getter
-    def upndomain(self) -> Optional[pulumi.Input[str]]:
+    def upndomain(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Enables userPrincipalDomain login with [username]@UPNDomain.
         """
         return pulumi.get(self, "upndomain")
 
     @upndomain.setter
-    def upndomain(self, value: Optional[pulumi.Input[str]]):
+    def upndomain(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "upndomain", value)
 
     @property
     @pulumi.getter
-    def url(self) -> Optional[pulumi.Input[str]]:
+    def url(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP URL to connect to. Multiple URLs can be specified by concatenating
         them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -1156,12 +1157,12 @@ class _SecretBackendState:
         return pulumi.get(self, "url")
 
     @url.setter
-    def url(self, value: Optional[pulumi.Input[str]]):
+    def url(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "url", value)
 
     @property
     @pulumi.getter(name="usePre111GroupCnBehavior")
-    def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[bool]]:
+    def use_pre111_group_cn_behavior(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         In Vault 1.1.1 a fix for handling group CN values of
         different cases unfortunately introduced a regression that could cause previously defined groups
@@ -1173,12 +1174,12 @@ class _SecretBackendState:
         return pulumi.get(self, "use_pre111_group_cn_behavior")
 
     @use_pre111_group_cn_behavior.setter
-    def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[bool]]):
+    def use_pre111_group_cn_behavior(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "use_pre111_group_cn_behavior", value)
 
     @property
     @pulumi.getter(name="useTokenGroups")
-    def use_token_groups(self) -> Optional[pulumi.Input[bool]]:
+    def use_token_groups(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         If true, use the Active Directory tokenGroups constructed attribute of the
         user to find the group memberships. This will find all security groups including nested ones.
@@ -1186,31 +1187,31 @@ class _SecretBackendState:
         return pulumi.get(self, "use_token_groups")
 
     @use_token_groups.setter
-    def use_token_groups(self, value: Optional[pulumi.Input[bool]]):
+    def use_token_groups(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "use_token_groups", value)
 
     @property
     @pulumi.getter
-    def userattr(self) -> Optional[pulumi.Input[str]]:
+    def userattr(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Attribute used when searching users. Defaults to `cn`.
         """
         return pulumi.get(self, "userattr")
 
     @userattr.setter
-    def userattr(self, value: Optional[pulumi.Input[str]]):
+    def userattr(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userattr", value)
 
     @property
     @pulumi.getter
-    def userdn(self) -> Optional[pulumi.Input[str]]:
+    def userdn(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         return pulumi.get(self, "userdn")
 
     @userdn.setter
-    def userdn(self, value: Optional[pulumi.Input[str]]):
+    def userdn(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "userdn", value)
 
 
@@ -1219,40 +1220,40 @@ class SecretBackend(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 anonymous_group_search: Optional[pulumi.Input[bool]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 max_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 password_policy: Optional[pulumi.Input[str]] = None,
-                 request_timeout: Optional[pulumi.Input[int]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 ttl: Optional[pulumi.Input[int]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None,
+                 anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -1280,64 +1281,64 @@ class SecretBackend(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
+        :param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
                (if true the initial credentials will still be used for the initial connection test).
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ad`.
-        :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
+        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
                backend will be case sensitive. Otherwise, names will be normalized to lower case.
-        :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
+        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
                defaults to true.
-        :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
-        :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
-        :param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
+        :param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
+        :param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
                the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
-        :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
+        :param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
+        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
-        :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
+        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
+        :param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
                different cases unfortunately introduced a regression that could cause previously defined groups
                to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
                matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
                compatibility. It is enabled by default if the config is upgraded but disabled by default on
                new configurations.
-        :param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
+        :param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
                user to find the group memberships. This will find all security groups including nested ones.
-        :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         ...
     @overload
@@ -1384,40 +1385,40 @@ class SecretBackend(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 anonymous_group_search: Optional[pulumi.Input[bool]] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 binddn: Optional[pulumi.Input[str]] = None,
-                 bindpass: Optional[pulumi.Input[str]] = None,
-                 case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-                 certificate: Optional[pulumi.Input[str]] = None,
-                 client_tls_cert: Optional[pulumi.Input[str]] = None,
-                 client_tls_key: Optional[pulumi.Input[str]] = None,
-                 default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 deny_null_bind: Optional[pulumi.Input[bool]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 disable_remount: Optional[pulumi.Input[bool]] = None,
-                 discoverdn: Optional[pulumi.Input[bool]] = None,
-                 groupattr: Optional[pulumi.Input[str]] = None,
-                 groupdn: Optional[pulumi.Input[str]] = None,
-                 groupfilter: Optional[pulumi.Input[str]] = None,
-                 insecure_tls: Optional[pulumi.Input[bool]] = None,
-                 last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-                 local: Optional[pulumi.Input[bool]] = None,
-                 max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-                 max_ttl: Optional[pulumi.Input[int]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 password_policy: Optional[pulumi.Input[str]] = None,
-                 request_timeout: Optional[pulumi.Input[int]] = None,
-                 starttls: Optional[pulumi.Input[bool]] = None,
-                 tls_max_version: Optional[pulumi.Input[str]] = None,
-                 tls_min_version: Optional[pulumi.Input[str]] = None,
-                 ttl: Optional[pulumi.Input[int]] = None,
-                 upndomain: Optional[pulumi.Input[str]] = None,
-                 url: Optional[pulumi.Input[str]] = None,
-                 use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
-                 use_token_groups: Optional[pulumi.Input[bool]] = None,
-                 userattr: Optional[pulumi.Input[str]] = None,
-                 userdn: Optional[pulumi.Input[str]] = None,
+                 anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 binddn: Optional[pulumi.Input[builtins.str]] = None,
+                 bindpass: Optional[pulumi.Input[builtins.str]] = None,
+                 case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+                 certificate: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+                 client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+                 default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+                 description: Optional[pulumi.Input[builtins.str]] = None,
+                 disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+                 discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+                 groupattr: Optional[pulumi.Input[builtins.str]] = None,
+                 groupdn: Optional[pulumi.Input[builtins.str]] = None,
+                 groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+                 insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+                 last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
+                 local: Optional[pulumi.Input[builtins.bool]] = None,
+                 max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+                 max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 password_policy: Optional[pulumi.Input[builtins.str]] = None,
+                 request_timeout: Optional[pulumi.Input[builtins.int]] = None,
+                 starttls: Optional[pulumi.Input[builtins.bool]] = None,
+                 tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+                 tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+                 ttl: Optional[pulumi.Input[builtins.int]] = None,
+                 upndomain: Optional[pulumi.Input[builtins.str]] = None,
+                 url: Optional[pulumi.Input[builtins.str]] = None,
+                 use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
+                 use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+                 userattr: Optional[pulumi.Input[builtins.str]] = None,
+                 userdn: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -1477,40 +1478,40 @@ class SecretBackend(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            anonymous_group_search: Optional[pulumi.Input[bool]] = None,
-            backend: Optional[pulumi.Input[str]] = None,
-            binddn: Optional[pulumi.Input[str]] = None,
-            bindpass: Optional[pulumi.Input[str]] = None,
-            case_sensitive_names: Optional[pulumi.Input[bool]] = None,
-            certificate: Optional[pulumi.Input[str]] = None,
-            client_tls_cert: Optional[pulumi.Input[str]] = None,
-            client_tls_key: Optional[pulumi.Input[str]] = None,
-            default_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-            deny_null_bind: Optional[pulumi.Input[bool]] = None,
-            description: Optional[pulumi.Input[str]] = None,
-            disable_remount: Optional[pulumi.Input[bool]] = None,
-            discoverdn: Optional[pulumi.Input[bool]] = None,
-            groupattr: Optional[pulumi.Input[str]] = None,
-            groupdn: Optional[pulumi.Input[str]] = None,
-            groupfilter: Optional[pulumi.Input[str]] = None,
-            insecure_tls: Optional[pulumi.Input[bool]] = None,
-            last_rotation_tolerance: Optional[pulumi.Input[int]] = None,
-            local: Optional[pulumi.Input[bool]] = None,
-            max_lease_ttl_seconds: Optional[pulumi.Input[int]] = None,
-            max_ttl: Optional[pulumi.Input[int]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
-            password_policy: Optional[pulumi.Input[str]] = None,
-            request_timeout: Optional[pulumi.Input[int]] = None,
-            starttls: Optional[pulumi.Input[bool]] = None,
-            tls_max_version: Optional[pulumi.Input[str]] = None,
-            tls_min_version: Optional[pulumi.Input[str]] = None,
-            ttl: Optional[pulumi.Input[int]] = None,
-            upndomain: Optional[pulumi.Input[str]] = None,
-            url: Optional[pulumi.Input[str]] = None,
-            use_pre111_group_cn_behavior: Optional[pulumi.Input[bool]] = None,
-            use_token_groups: Optional[pulumi.Input[bool]] = None,
-            userattr: Optional[pulumi.Input[str]] = None,
-            userdn: Optional[pulumi.Input[str]] = None) -> 'SecretBackend':
+            anonymous_group_search: Optional[pulumi.Input[builtins.bool]] = None,
+            backend: Optional[pulumi.Input[builtins.str]] = None,
+            binddn: Optional[pulumi.Input[builtins.str]] = None,
+            bindpass: Optional[pulumi.Input[builtins.str]] = None,
+            case_sensitive_names: Optional[pulumi.Input[builtins.bool]] = None,
+            certificate: Optional[pulumi.Input[builtins.str]] = None,
+            client_tls_cert: Optional[pulumi.Input[builtins.str]] = None,
+            client_tls_key: Optional[pulumi.Input[builtins.str]] = None,
+            default_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+            deny_null_bind: Optional[pulumi.Input[builtins.bool]] = None,
+            description: Optional[pulumi.Input[builtins.str]] = None,
+            disable_remount: Optional[pulumi.Input[builtins.bool]] = None,
+            discoverdn: Optional[pulumi.Input[builtins.bool]] = None,
+            groupattr: Optional[pulumi.Input[builtins.str]] = None,
+            groupdn: Optional[pulumi.Input[builtins.str]] = None,
+            groupfilter: Optional[pulumi.Input[builtins.str]] = None,
+            insecure_tls: Optional[pulumi.Input[builtins.bool]] = None,
+            last_rotation_tolerance: Optional[pulumi.Input[builtins.int]] = None,
+            local: Optional[pulumi.Input[builtins.bool]] = None,
+            max_lease_ttl_seconds: Optional[pulumi.Input[builtins.int]] = None,
+            max_ttl: Optional[pulumi.Input[builtins.int]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
+            password_policy: Optional[pulumi.Input[builtins.str]] = None,
+            request_timeout: Optional[pulumi.Input[builtins.int]] = None,
+            starttls: Optional[pulumi.Input[builtins.bool]] = None,
+            tls_max_version: Optional[pulumi.Input[builtins.str]] = None,
+            tls_min_version: Optional[pulumi.Input[builtins.str]] = None,
+            ttl: Optional[pulumi.Input[builtins.int]] = None,
+            upndomain: Optional[pulumi.Input[builtins.str]] = None,
+            url: Optional[pulumi.Input[builtins.str]] = None,
+            use_pre111_group_cn_behavior: Optional[pulumi.Input[builtins.bool]] = None,
+            use_token_groups: Optional[pulumi.Input[builtins.bool]] = None,
+            userattr: Optional[pulumi.Input[builtins.str]] = None,
+            userdn: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackend':
         """
         Get an existing SecretBackend resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -1518,64 +1519,64 @@ class SecretBackend(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
+        :param pulumi.Input[builtins.bool] anonymous_group_search: Use anonymous binds when performing LDAP group searches
                (if true the initial credentials will still be used for the initial connection test).
-        :param pulumi.Input[str] backend: The unique path this backend should be mounted at. Must
+        :param pulumi.Input[builtins.str] backend: The unique path this backend should be mounted at. Must
                not begin or end with a `/`. Defaults to `ad`.
-        :param pulumi.Input[str] binddn: Distinguished name of object to bind when performing user and group search.
-        :param pulumi.Input[str] bindpass: Password to use along with binddn when performing user search.
-        :param pulumi.Input[bool] case_sensitive_names: If set, user and group names assigned to policies within the
+        :param pulumi.Input[builtins.str] binddn: Distinguished name of object to bind when performing user and group search.
+        :param pulumi.Input[builtins.str] bindpass: Password to use along with binddn when performing user search.
+        :param pulumi.Input[builtins.bool] case_sensitive_names: If set, user and group names assigned to policies within the
                backend will be case sensitive. Otherwise, names will be normalized to lower case.
-        :param pulumi.Input[str] certificate: CA certificate to use when verifying LDAP server certificate, must be
+        :param pulumi.Input[builtins.str] certificate: CA certificate to use when verifying LDAP server certificate, must be
                x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
-        :param pulumi.Input[int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
-        :param pulumi.Input[bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
+        :param pulumi.Input[builtins.str] client_tls_cert: Client certificate to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.str] client_tls_key: Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
+        :param pulumi.Input[builtins.int] default_lease_ttl_seconds: Default lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.bool] deny_null_bind: Denies an unauthenticated LDAP bind request if the user's password is empty;
                defaults to true.
-        :param pulumi.Input[str] description: Human-friendly description of the mount for the Active Directory backend.
-        :param pulumi.Input[bool] disable_remount: If set, opts out of mount migration on path updates.
+        :param pulumi.Input[builtins.str] description: Human-friendly description of the mount for the Active Directory backend.
+        :param pulumi.Input[builtins.bool] disable_remount: If set, opts out of mount migration on path updates.
                See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
-        :param pulumi.Input[bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
-        :param pulumi.Input[str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
+        :param pulumi.Input[builtins.bool] discoverdn: Use anonymous bind to discover the bind Distinguished Name of a user.
+        :param pulumi.Input[builtins.str] groupattr: LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
                user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
-        :param pulumi.Input[str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
-        :param pulumi.Input[str] groupfilter: Go template for querying group membership of user (optional) The template can access
+        :param pulumi.Input[builtins.str] groupdn: LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
+        :param pulumi.Input[builtins.str] groupfilter: Go template for querying group membership of user (optional) The template can access
                the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
-        :param pulumi.Input[bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
+        :param pulumi.Input[builtins.bool] insecure_tls: Skip LDAP server SSL Certificate verification. This is not recommended for production.
                Defaults to `false`.
-        :param pulumi.Input[int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
+        :param pulumi.Input[builtins.int] last_rotation_tolerance: The number of seconds after a Vault rotation where, if Active Directory
                shows a later rotation, it should be considered out-of-band
-        :param pulumi.Input[bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
+        :param pulumi.Input[builtins.bool] local: Mark the secrets engine as local-only. Local engines are not replicated or removed by
                replication.Tolerance duration to use when checking the last rotation time.
-        :param pulumi.Input[int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
-        :param pulumi.Input[int] max_ttl: In seconds, the maximum password time-to-live.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.int] max_lease_ttl_seconds: Maximum possible lease duration for secrets in seconds.
+        :param pulumi.Input[builtins.int] max_ttl: In seconds, the maximum password time-to-live.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[str] password_policy: Name of the password policy to use to generate passwords.
-        :param pulumi.Input[int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
+        :param pulumi.Input[builtins.str] password_policy: Name of the password policy to use to generate passwords.
+        :param pulumi.Input[builtins.int] request_timeout: Timeout, in seconds, for the connection when making requests against the server
                before returning back an error.
-        :param pulumi.Input[bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
-        :param pulumi.Input[str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.bool] starttls: Issue a StartTLS command after establishing unencrypted connection.
+        :param pulumi.Input[builtins.str] tls_max_version: Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
+        :param pulumi.Input[builtins.str] tls_min_version: Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
                `tls12` or `tls13`. Defaults to `tls12`.
-        :param pulumi.Input[int] ttl: In seconds, the default password time-to-live.
-        :param pulumi.Input[str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
-        :param pulumi.Input[str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
+        :param pulumi.Input[builtins.int] ttl: In seconds, the default password time-to-live.
+        :param pulumi.Input[builtins.str] upndomain: Enables userPrincipalDomain login with [username]@UPNDomain.
+        :param pulumi.Input[builtins.str] url: LDAP URL to connect to. Multiple URLs can be specified by concatenating
                them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
-        :param pulumi.Input[bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
+        :param pulumi.Input[builtins.bool] use_pre111_group_cn_behavior: In Vault 1.1.1 a fix for handling group CN values of
                different cases unfortunately introduced a regression that could cause previously defined groups
                to not be found due to a change in the resulting name. If set true, the pre-1.1.1 behavior for
                matching group CNs will be used. This is only needed in some upgrade scenarios for backwards
                compatibility. It is enabled by default if the config is upgraded but disabled by default on
                new configurations.
-        :param pulumi.Input[bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
+        :param pulumi.Input[builtins.bool] use_token_groups: If true, use the Active Directory tokenGroups constructed attribute of the
                user to find the group memberships. This will find all security groups including nested ones.
-        :param pulumi.Input[str] userattr: Attribute used when searching users. Defaults to `cn`.
-        :param pulumi.Input[str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
+        :param pulumi.Input[builtins.str] userattr: Attribute used when searching users. Defaults to `cn`.
+        :param pulumi.Input[builtins.str] userdn: LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -1619,7 +1620,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="anonymousGroupSearch")
-    def anonymous_group_search(self) -> pulumi.Output[Optional[bool]]:
+    def anonymous_group_search(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Use anonymous binds when performing LDAP group searches
         (if true the initial credentials will still be used for the initial connection test).
@@ -1628,7 +1629,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[Optional[str]]:
+    def backend(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The unique path this backend should be mounted at. Must
         not begin or end with a `/`. Defaults to `ad`.
@@ -1637,7 +1638,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def binddn(self) -> pulumi.Output[str]:
+    def binddn(self) -> pulumi.Output[builtins.str]:
         """
         Distinguished name of object to bind when performing user and group search.
         """
@@ -1645,7 +1646,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def bindpass(self) -> pulumi.Output[str]:
+    def bindpass(self) -> pulumi.Output[builtins.str]:
         """
         Password to use along with binddn when performing user search.
         """
@@ -1653,7 +1654,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="caseSensitiveNames")
-    def case_sensitive_names(self) -> pulumi.Output[Optional[bool]]:
+    def case_sensitive_names(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         If set, user and group names assigned to policies within the
         backend will be case sensitive. Otherwise, names will be normalized to lower case.
@@ -1662,7 +1663,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def certificate(self) -> pulumi.Output[Optional[str]]:
+    def certificate(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         CA certificate to use when verifying LDAP server certificate, must be
         x509 PEM encoded.
@@ -1671,7 +1672,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="clientTlsCert")
-    def client_tls_cert(self) -> pulumi.Output[Optional[str]]:
+    def client_tls_cert(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Client certificate to provide to the LDAP server, must be x509 PEM encoded.
         """
@@ -1679,7 +1680,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="clientTlsKey")
-    def client_tls_key(self) -> pulumi.Output[Optional[str]]:
+    def client_tls_key(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Client certificate key to provide to the LDAP server, must be x509 PEM encoded.
         """
@@ -1687,7 +1688,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="defaultLeaseTtlSeconds")
-    def default_lease_ttl_seconds(self) -> pulumi.Output[int]:
+    def default_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
         """
         Default lease duration for secrets in seconds.
         """
@@ -1695,7 +1696,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="denyNullBind")
-    def deny_null_bind(self) -> pulumi.Output[Optional[bool]]:
+    def deny_null_bind(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Denies an unauthenticated LDAP bind request if the user's password is empty;
         defaults to true.
@@ -1704,7 +1705,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def description(self) -> pulumi.Output[Optional[str]]:
+    def description(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Human-friendly description of the mount for the Active Directory backend.
         """
@@ -1712,7 +1713,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="disableRemount")
-    def disable_remount(self) -> pulumi.Output[Optional[bool]]:
+    def disable_remount(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         If set, opts out of mount migration on path updates.
         See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
@@ -1721,7 +1722,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def discoverdn(self) -> pulumi.Output[Optional[bool]]:
+    def discoverdn(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Use anonymous bind to discover the bind Distinguished Name of a user.
         """
@@ -1729,7 +1730,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def groupattr(self) -> pulumi.Output[Optional[str]]:
+    def groupattr(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         LDAP attribute to follow on objects returned by <groupfilter> in order to enumerate
         user group membership. Examples: `cn` or `memberOf`, etc. Defaults to `cn`.
@@ -1738,7 +1739,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def groupdn(self) -> pulumi.Output[Optional[str]]:
+    def groupdn(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org).
         """
@@ -1746,7 +1747,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def groupfilter(self) -> pulumi.Output[Optional[str]]:
+    def groupfilter(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Go template for querying group membership of user (optional) The template can access
         the following context variables: UserDN, Username. Defaults to `(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`
@@ -1755,7 +1756,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="insecureTls")
-    def insecure_tls(self) -> pulumi.Output[Optional[bool]]:
+    def insecure_tls(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Skip LDAP server SSL Certificate verification. This is not recommended for production.
         Defaults to `false`.
@@ -1764,7 +1765,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="lastRotationTolerance")
-    def last_rotation_tolerance(self) -> pulumi.Output[int]:
+    def last_rotation_tolerance(self) -> pulumi.Output[builtins.int]:
         """
         The number of seconds after a Vault rotation where, if Active Directory
         shows a later rotation, it should be considered out-of-band
@@ -1773,7 +1774,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def local(self) -> pulumi.Output[Optional[bool]]:
+    def local(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Mark the secrets engine as local-only. Local engines are not replicated or removed by
         replication.Tolerance duration to use when checking the last rotation time.
@@ -1782,7 +1783,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="maxLeaseTtlSeconds")
-    def max_lease_ttl_seconds(self) -> pulumi.Output[int]:
+    def max_lease_ttl_seconds(self) -> pulumi.Output[builtins.int]:
         """
         Maximum possible lease duration for secrets in seconds.
         """
@@ -1790,7 +1791,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="maxTtl")
-    def max_ttl(self) -> pulumi.Output[int]:
+    def max_ttl(self) -> pulumi.Output[builtins.int]:
         """
         In seconds, the maximum password time-to-live.
         """
@@ -1798,7 +1799,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1809,7 +1810,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="passwordPolicy")
-    def password_policy(self) -> pulumi.Output[Optional[str]]:
+    def password_policy(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Name of the password policy to use to generate passwords.
         """
@@ -1817,7 +1818,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="requestTimeout")
-    def request_timeout(self) -> pulumi.Output[Optional[int]]:
+    def request_timeout(self) -> pulumi.Output[Optional[builtins.int]]:
         """
         Timeout, in seconds, for the connection when making requests against the server
         before returning back an error.
@@ -1826,7 +1827,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def starttls(self) -> pulumi.Output[bool]:
+    def starttls(self) -> pulumi.Output[builtins.bool]:
         """
         Issue a StartTLS command after establishing unencrypted connection.
         """
@@ -1834,7 +1835,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tlsMaxVersion")
-    def tls_max_version(self) -> pulumi.Output[str]:
+    def tls_max_version(self) -> pulumi.Output[builtins.str]:
         """
         Maximum TLS version to use. Accepted values are `tls10`, `tls11`,
         `tls12` or `tls13`. Defaults to `tls12`.
@@ -1843,7 +1844,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="tlsMinVersion")
-    def tls_min_version(self) -> pulumi.Output[str]:
+    def tls_min_version(self) -> pulumi.Output[builtins.str]:
         """
         Minimum TLS version to use. Accepted values are `tls10`, `tls11`,
         `tls12` or `tls13`. Defaults to `tls12`.
@@ -1852,7 +1853,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def ttl(self) -> pulumi.Output[int]:
+    def ttl(self) -> pulumi.Output[builtins.int]:
         """
         In seconds, the default password time-to-live.
         """
@@ -1860,7 +1861,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def upndomain(self) -> pulumi.Output[str]:
+    def upndomain(self) -> pulumi.Output[builtins.str]:
         """
         Enables userPrincipalDomain login with [username]@UPNDomain.
         """
@@ -1868,7 +1869,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def url(self) -> pulumi.Output[Optional[str]]:
+    def url(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         LDAP URL to connect to. Multiple URLs can be specified by concatenating
         them with commas; they will be tried in-order. Defaults to `ldap://127.0.0.1`.
@@ -1877,7 +1878,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="usePre111GroupCnBehavior")
-    def use_pre111_group_cn_behavior(self) -> pulumi.Output[bool]:
+    def use_pre111_group_cn_behavior(self) -> pulumi.Output[builtins.bool]:
         """
         In Vault 1.1.1 a fix for handling group CN values of
         different cases unfortunately introduced a regression that could cause previously defined groups
@@ -1890,7 +1891,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="useTokenGroups")
-    def use_token_groups(self) -> pulumi.Output[Optional[bool]]:
+    def use_token_groups(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         If true, use the Active Directory tokenGroups constructed attribute of the
         user to find the group memberships. This will find all security groups including nested ones.
@@ -1899,7 +1900,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def userattr(self) -> pulumi.Output[Optional[str]]:
+    def userattr(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Attribute used when searching users. Defaults to `cn`.
         """
@@ -1907,7 +1908,7 @@ class SecretBackend(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def userdn(self) -> pulumi.Output[Optional[str]]:
+    def userdn(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         LDAP domain to use for users (eg: ou=People,dc=example,dc=org)`.
         """