PyPI - pulumi-vault - Versions diffs - 7.6.0a1764657486__py3-none-any.whl - Mend

pulumi-vault 7.6.0a1764657486__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

pulumi_vault/__init__.py +1399 -0
pulumi_vault/_inputs.py +2701 -0
pulumi_vault/_utilities.py +331 -0
pulumi_vault/ad/__init__.py +12 -0
pulumi_vault/ad/get_access_credentials.py +177 -0
pulumi_vault/ad/secret_backend.py +1916 -0
pulumi_vault/ad/secret_library.py +546 -0
pulumi_vault/ad/secret_role.py +499 -0
pulumi_vault/alicloud/__init__.py +9 -0
pulumi_vault/alicloud/auth_backend_role.py +866 -0
pulumi_vault/approle/__init__.py +12 -0
pulumi_vault/approle/auth_backend_login.py +571 -0
pulumi_vault/approle/auth_backend_role.py +1082 -0
pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
pulumi_vault/audit.py +499 -0
pulumi_vault/audit_request_header.py +277 -0
pulumi_vault/auth_backend.py +565 -0
pulumi_vault/aws/__init__.py +22 -0
pulumi_vault/aws/auth_backend_cert.py +420 -0
pulumi_vault/aws/auth_backend_client.py +1259 -0
pulumi_vault/aws/auth_backend_config_identity.py +494 -0
pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
pulumi_vault/aws/auth_backend_login.py +1046 -0
pulumi_vault/aws/auth_backend_role.py +1961 -0
pulumi_vault/aws/auth_backend_role_tag.py +638 -0
pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
pulumi_vault/aws/auth_backend_sts_role.py +414 -0
pulumi_vault/aws/get_access_credentials.py +369 -0
pulumi_vault/aws/get_static_access_credentials.py +137 -0
pulumi_vault/aws/secret_backend.py +2018 -0
pulumi_vault/aws/secret_backend_role.py +1188 -0
pulumi_vault/aws/secret_backend_static_role.py +639 -0
pulumi_vault/azure/__init__.py +15 -0
pulumi_vault/azure/_inputs.py +108 -0
pulumi_vault/azure/auth_backend_config.py +1096 -0
pulumi_vault/azure/auth_backend_role.py +1176 -0
pulumi_vault/azure/backend.py +1793 -0
pulumi_vault/azure/backend_role.py +883 -0
pulumi_vault/azure/get_access_credentials.py +400 -0
pulumi_vault/azure/outputs.py +107 -0
pulumi_vault/cert_auth_backend_role.py +1539 -0
pulumi_vault/config/__init__.py +9 -0
pulumi_vault/config/__init__.pyi +164 -0
pulumi_vault/config/_inputs.py +73 -0
pulumi_vault/config/outputs.py +1225 -0
pulumi_vault/config/ui_custom_message.py +530 -0
pulumi_vault/config/vars.py +230 -0
pulumi_vault/consul/__init__.py +10 -0
pulumi_vault/consul/secret_backend.py +1517 -0
pulumi_vault/consul/secret_backend_role.py +847 -0
pulumi_vault/database/__init__.py +14 -0
pulumi_vault/database/_inputs.py +11907 -0
pulumi_vault/database/outputs.py +8496 -0
pulumi_vault/database/secret_backend_connection.py +1676 -0
pulumi_vault/database/secret_backend_role.py +840 -0
pulumi_vault/database/secret_backend_static_role.py +881 -0
pulumi_vault/database/secrets_mount.py +2160 -0
pulumi_vault/egp_policy.py +399 -0
pulumi_vault/gcp/__init__.py +17 -0
pulumi_vault/gcp/_inputs.py +441 -0
pulumi_vault/gcp/auth_backend.py +1486 -0
pulumi_vault/gcp/auth_backend_role.py +1235 -0
pulumi_vault/gcp/get_auth_backend_role.py +514 -0
pulumi_vault/gcp/outputs.py +302 -0
pulumi_vault/gcp/secret_backend.py +1807 -0
pulumi_vault/gcp/secret_impersonated_account.py +484 -0
pulumi_vault/gcp/secret_roleset.py +554 -0
pulumi_vault/gcp/secret_static_account.py +557 -0
pulumi_vault/generic/__init__.py +11 -0
pulumi_vault/generic/endpoint.py +786 -0
pulumi_vault/generic/get_secret.py +306 -0
pulumi_vault/generic/secret.py +486 -0
pulumi_vault/get_auth_backend.py +226 -0
pulumi_vault/get_auth_backends.py +170 -0
pulumi_vault/get_namespace.py +226 -0
pulumi_vault/get_namespaces.py +202 -0
pulumi_vault/get_nomad_access_token.py +210 -0
pulumi_vault/get_policy_document.py +160 -0
pulumi_vault/get_raft_autopilot_state.py +267 -0
pulumi_vault/github/__init__.py +13 -0
pulumi_vault/github/_inputs.py +225 -0
pulumi_vault/github/auth_backend.py +1194 -0
pulumi_vault/github/outputs.py +174 -0
pulumi_vault/github/team.py +380 -0
pulumi_vault/github/user.py +380 -0
pulumi_vault/identity/__init__.py +35 -0
pulumi_vault/identity/entity.py +447 -0
pulumi_vault/identity/entity_alias.py +398 -0
pulumi_vault/identity/entity_policies.py +455 -0
pulumi_vault/identity/get_entity.py +384 -0
pulumi_vault/identity/get_group.py +467 -0
pulumi_vault/identity/get_oidc_client_creds.py +175 -0
pulumi_vault/identity/get_oidc_openid_config.py +334 -0
pulumi_vault/identity/get_oidc_public_keys.py +179 -0
pulumi_vault/identity/group.py +805 -0
pulumi_vault/identity/group_alias.py +386 -0
pulumi_vault/identity/group_member_entity_ids.py +444 -0
pulumi_vault/identity/group_member_group_ids.py +467 -0
pulumi_vault/identity/group_policies.py +471 -0
pulumi_vault/identity/mfa_duo.py +674 -0
pulumi_vault/identity/mfa_login_enforcement.py +566 -0
pulumi_vault/identity/mfa_okta.py +626 -0
pulumi_vault/identity/mfa_pingid.py +616 -0
pulumi_vault/identity/mfa_totp.py +758 -0
pulumi_vault/identity/oidc.py +268 -0
pulumi_vault/identity/oidc_assignment.py +375 -0
pulumi_vault/identity/oidc_client.py +667 -0
pulumi_vault/identity/oidc_key.py +474 -0
pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
pulumi_vault/identity/oidc_provider.py +550 -0
pulumi_vault/identity/oidc_role.py +543 -0
pulumi_vault/identity/oidc_scope.py +355 -0
pulumi_vault/identity/outputs.py +137 -0
pulumi_vault/jwt/__init__.py +12 -0
pulumi_vault/jwt/_inputs.py +225 -0
pulumi_vault/jwt/auth_backend.py +1347 -0
pulumi_vault/jwt/auth_backend_role.py +1847 -0
pulumi_vault/jwt/outputs.py +174 -0
pulumi_vault/kmip/__init__.py +11 -0
pulumi_vault/kmip/secret_backend.py +1591 -0
pulumi_vault/kmip/secret_role.py +1194 -0
pulumi_vault/kmip/secret_scope.py +372 -0
pulumi_vault/kubernetes/__init__.py +15 -0
pulumi_vault/kubernetes/auth_backend_config.py +654 -0
pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
pulumi_vault/kubernetes/get_service_account_token.py +344 -0
pulumi_vault/kubernetes/secret_backend.py +1341 -0
pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
pulumi_vault/kv/__init__.py +18 -0
pulumi_vault/kv/_inputs.py +124 -0
pulumi_vault/kv/get_secret.py +240 -0
pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
pulumi_vault/kv/get_secret_v2.py +315 -0
pulumi_vault/kv/get_secrets_list.py +186 -0
pulumi_vault/kv/get_secrets_list_v2.py +243 -0
pulumi_vault/kv/outputs.py +102 -0
pulumi_vault/kv/secret.py +397 -0
pulumi_vault/kv/secret_backend_v2.py +455 -0
pulumi_vault/kv/secret_v2.py +970 -0
pulumi_vault/ldap/__init__.py +19 -0
pulumi_vault/ldap/_inputs.py +225 -0
pulumi_vault/ldap/auth_backend.py +2520 -0
pulumi_vault/ldap/auth_backend_group.py +386 -0
pulumi_vault/ldap/auth_backend_user.py +439 -0
pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
pulumi_vault/ldap/get_static_credentials.py +192 -0
pulumi_vault/ldap/outputs.py +174 -0
pulumi_vault/ldap/secret_backend.py +2207 -0
pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
pulumi_vault/ldap/secret_backend_library_set.py +552 -0
pulumi_vault/ldap/secret_backend_static_role.py +541 -0
pulumi_vault/managed/__init__.py +11 -0
pulumi_vault/managed/_inputs.py +944 -0
pulumi_vault/managed/keys.py +398 -0
pulumi_vault/managed/outputs.py +667 -0
pulumi_vault/mfa_duo.py +589 -0
pulumi_vault/mfa_okta.py +623 -0
pulumi_vault/mfa_pingid.py +670 -0
pulumi_vault/mfa_totp.py +620 -0
pulumi_vault/mongodbatlas/__init__.py +10 -0
pulumi_vault/mongodbatlas/secret_backend.py +388 -0
pulumi_vault/mongodbatlas/secret_role.py +726 -0
pulumi_vault/mount.py +1262 -0
pulumi_vault/namespace.py +452 -0
pulumi_vault/nomad_secret_backend.py +1559 -0
pulumi_vault/nomad_secret_role.py +489 -0
pulumi_vault/oci_auth_backend.py +676 -0
pulumi_vault/oci_auth_backend_role.py +852 -0
pulumi_vault/okta/__init__.py +13 -0
pulumi_vault/okta/_inputs.py +320 -0
pulumi_vault/okta/auth_backend.py +1231 -0
pulumi_vault/okta/auth_backend_group.py +369 -0
pulumi_vault/okta/auth_backend_user.py +416 -0
pulumi_vault/okta/outputs.py +244 -0
pulumi_vault/outputs.py +502 -0
pulumi_vault/pkisecret/__init__.py +38 -0
pulumi_vault/pkisecret/_inputs.py +270 -0
pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
pulumi_vault/pkisecret/backend_config_acme.py +690 -0
pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
pulumi_vault/pkisecret/backend_config_est.py +756 -0
pulumi_vault/pkisecret/backend_config_scep.py +738 -0
pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
pulumi_vault/pkisecret/get_backend_key.py +211 -0
pulumi_vault/pkisecret/get_backend_keys.py +192 -0
pulumi_vault/pkisecret/outputs.py +270 -0
pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
pulumi_vault/pkisecret/secret_backend_key.py +613 -0
pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
pulumi_vault/plugin.py +596 -0
pulumi_vault/plugin_pinned_version.py +299 -0
pulumi_vault/policy.py +279 -0
pulumi_vault/provider.py +781 -0
pulumi_vault/pulumi-plugin.json +5 -0
pulumi_vault/py.typed +0 -0
pulumi_vault/quota_lease_count.py +504 -0
pulumi_vault/quota_rate_limit.py +751 -0
pulumi_vault/rabbitmq/__init__.py +12 -0
pulumi_vault/rabbitmq/_inputs.py +235 -0
pulumi_vault/rabbitmq/outputs.py +144 -0
pulumi_vault/rabbitmq/secret_backend.py +1437 -0
pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
pulumi_vault/raft_autopilot.py +609 -0
pulumi_vault/raft_snapshot_agent_config.py +1591 -0
pulumi_vault/rgp_policy.py +349 -0
pulumi_vault/saml/__init__.py +12 -0
pulumi_vault/saml/_inputs.py +225 -0
pulumi_vault/saml/auth_backend.py +811 -0
pulumi_vault/saml/auth_backend_role.py +1068 -0
pulumi_vault/saml/outputs.py +174 -0
pulumi_vault/scep_auth_backend_role.py +908 -0
pulumi_vault/secrets/__init__.py +18 -0
pulumi_vault/secrets/_inputs.py +110 -0
pulumi_vault/secrets/outputs.py +94 -0
pulumi_vault/secrets/sync_association.py +450 -0
pulumi_vault/secrets/sync_aws_destination.py +780 -0
pulumi_vault/secrets/sync_azure_destination.py +736 -0
pulumi_vault/secrets/sync_config.py +303 -0
pulumi_vault/secrets/sync_gcp_destination.py +572 -0
pulumi_vault/secrets/sync_gh_destination.py +688 -0
pulumi_vault/secrets/sync_github_apps.py +376 -0
pulumi_vault/secrets/sync_vercel_destination.py +603 -0
pulumi_vault/ssh/__init__.py +13 -0
pulumi_vault/ssh/_inputs.py +76 -0
pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
pulumi_vault/ssh/outputs.py +51 -0
pulumi_vault/ssh/secret_backend_ca.py +588 -0
pulumi_vault/ssh/secret_backend_role.py +1493 -0
pulumi_vault/terraformcloud/__init__.py +11 -0
pulumi_vault/terraformcloud/secret_backend.py +1321 -0
pulumi_vault/terraformcloud/secret_creds.py +445 -0
pulumi_vault/terraformcloud/secret_role.py +563 -0
pulumi_vault/token.py +1026 -0
pulumi_vault/tokenauth/__init__.py +9 -0
pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
pulumi_vault/transform/__init__.py +14 -0
pulumi_vault/transform/alphabet.py +348 -0
pulumi_vault/transform/get_decode.py +287 -0
pulumi_vault/transform/get_encode.py +291 -0
pulumi_vault/transform/role.py +350 -0
pulumi_vault/transform/template.py +592 -0
pulumi_vault/transform/transformation.py +608 -0
pulumi_vault/transit/__init__.py +15 -0
pulumi_vault/transit/get_cmac.py +256 -0
pulumi_vault/transit/get_decrypt.py +181 -0
pulumi_vault/transit/get_encrypt.py +174 -0
pulumi_vault/transit/get_sign.py +328 -0
pulumi_vault/transit/get_verify.py +373 -0
pulumi_vault/transit/secret_backend_key.py +1202 -0
pulumi_vault/transit/secret_cache_config.py +302 -0
pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0

pulumi_vault/ldap/secret_backend_dynamic_role.py ADDED Viewed

@@ -0,0 +1,767 @@
+# coding=utf-8
+# *** WARNING: this file was generated by pulumi-language-python. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+import builtins as _builtins
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+__all__ = ['SecretBackendDynamicRoleArgs', 'SecretBackendDynamicRole']
+@pulumi.input_type
+class SecretBackendDynamicRoleArgs:
+    def __init__(__self__, *,
+                 creation_ldif: pulumi.Input[_builtins.str],
+                 deletion_ldif: pulumi.Input[_builtins.str],
+                 role_name: pulumi.Input[_builtins.str],
+                 default_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 rollback_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 username_template: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        The set of arguments for constructing a SecretBackendDynamicRole resource.
+        :param pulumi.Input[_builtins.str] creation_ldif: A templatized LDIF string used to create a user
+               account. This may contain multiple LDIF entries. The `creation_ldif` can also
+               be used to add the user account to an existing group. All LDIF entries are
+               performed in order. If Vault encounters an error while executing the
+               `creation_ldif` it will stop at the first error and not execute any remaining
+               LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+               entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+               details. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.str] deletion_ldif: A templatized LDIF string used to delete the
+               user account once its TTL has expired. This may contain multiple LDIF
+               entries. All LDIF entries are performed in order. If Vault encounters an
+               error while executing an entry in the `deletion_ldif` it will attempt to
+               continue executing any remaining entries. This field may optionally be
+               provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.str] role_name: Name of the role.
+        :param pulumi.Input[_builtins.int] default_ttl: Specifies the TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.int] max_ttl: Specifies the maximum TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] mount: The unique path this backend should be mounted at. Must
+               not begin or end with a `/`. Defaults to `ldap`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.str] rollback_ldif: A templatized LDIF string used to attempt to
+               rollback any changes in the event that execution of the `creation_ldif` results
+               in an error. This may contain multiple LDIF entries. All LDIF entries are
+               performed in order. If Vault encounters an error while executing an entry in
+               the `rollback_ldif` it will attempt to continue executing any remaining
+               entries. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.str] username_template: A template used to generate a dynamic
+               username. This will be used to fill in the `.Username` field within the
+               `creation_ldif` string.
+        """
+        pulumi.set(__self__, "creation_ldif", creation_ldif)
+        pulumi.set(__self__, "deletion_ldif", deletion_ldif)
+        pulumi.set(__self__, "role_name", role_name)
+        if default_ttl is not None:
+            pulumi.set(__self__, "default_ttl", default_ttl)
+        if max_ttl is not None:
+            pulumi.set(__self__, "max_ttl", max_ttl)
+        if mount is not None:
+            pulumi.set(__self__, "mount", mount)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if rollback_ldif is not None:
+            pulumi.set(__self__, "rollback_ldif", rollback_ldif)
+        if username_template is not None:
+            pulumi.set(__self__, "username_template", username_template)
+    @_builtins.property
+    @pulumi.getter(name="creationLdif")
+    def creation_ldif(self) -> pulumi.Input[_builtins.str]:
+        """
+        A templatized LDIF string used to create a user
+        account. This may contain multiple LDIF entries. The `creation_ldif` can also
+        be used to add the user account to an existing group. All LDIF entries are
+        performed in order. If Vault encounters an error while executing the
+        `creation_ldif` it will stop at the first error and not execute any remaining
+        LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+        entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+        details. This field may optionally be provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "creation_ldif")
+    @creation_ldif.setter
+    def creation_ldif(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "creation_ldif", value)
+    @_builtins.property
+    @pulumi.getter(name="deletionLdif")
+    def deletion_ldif(self) -> pulumi.Input[_builtins.str]:
+        """
+        A templatized LDIF string used to delete the
+        user account once its TTL has expired. This may contain multiple LDIF
+        entries. All LDIF entries are performed in order. If Vault encounters an
+        error while executing an entry in the `deletion_ldif` it will attempt to
+        continue executing any remaining entries. This field may optionally be
+        provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "deletion_ldif")
+    @deletion_ldif.setter
+    def deletion_ldif(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "deletion_ldif", value)
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> pulumi.Input[_builtins.str]:
+        """
+        Name of the role.
+        """
+        return pulumi.get(self, "role_name")
+    @role_name.setter
+    def role_name(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "role_name", value)
+    @_builtins.property
+    @pulumi.getter(name="defaultTtl")
+    def default_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Specifies the TTL for the leases associated with this role.
+        """
+        return pulumi.get(self, "default_ttl")
+    @default_ttl.setter
+    def default_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "default_ttl", value)
+    @_builtins.property
+    @pulumi.getter(name="maxTtl")
+    def max_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Specifies the maximum TTL for the leases associated with this role.
+        """
+        return pulumi.get(self, "max_ttl")
+    @max_ttl.setter
+    def max_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "max_ttl", value)
+    @_builtins.property
+    @pulumi.getter
+    def mount(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The unique path this backend should be mounted at. Must
+        not begin or end with a `/`. Defaults to `ldap`.
+        """
+        return pulumi.get(self, "mount")
+    @mount.setter
+    def mount(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter(name="rollbackLdif")
+    def rollback_ldif(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A templatized LDIF string used to attempt to
+        rollback any changes in the event that execution of the `creation_ldif` results
+        in an error. This may contain multiple LDIF entries. All LDIF entries are
+        performed in order. If Vault encounters an error while executing an entry in
+        the `rollback_ldif` it will attempt to continue executing any remaining
+        entries. This field may optionally be provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "rollback_ldif")
+    @rollback_ldif.setter
+    def rollback_ldif(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "rollback_ldif", value)
+    @_builtins.property
+    @pulumi.getter(name="usernameTemplate")
+    def username_template(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A template used to generate a dynamic
+        username. This will be used to fill in the `.Username` field within the
+        `creation_ldif` string.
+        """
+        return pulumi.get(self, "username_template")
+    @username_template.setter
+    def username_template(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "username_template", value)
+@pulumi.input_type
+class _SecretBackendDynamicRoleState:
+    def __init__(__self__, *,
+                 creation_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 default_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 deletion_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 rollback_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 username_template: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        Input properties used for looking up and filtering SecretBackendDynamicRole resources.
+        :param pulumi.Input[_builtins.str] creation_ldif: A templatized LDIF string used to create a user
+               account. This may contain multiple LDIF entries. The `creation_ldif` can also
+               be used to add the user account to an existing group. All LDIF entries are
+               performed in order. If Vault encounters an error while executing the
+               `creation_ldif` it will stop at the first error and not execute any remaining
+               LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+               entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+               details. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.int] default_ttl: Specifies the TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] deletion_ldif: A templatized LDIF string used to delete the
+               user account once its TTL has expired. This may contain multiple LDIF
+               entries. All LDIF entries are performed in order. If Vault encounters an
+               error while executing an entry in the `deletion_ldif` it will attempt to
+               continue executing any remaining entries. This field may optionally be
+               provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.int] max_ttl: Specifies the maximum TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] mount: The unique path this backend should be mounted at. Must
+               not begin or end with a `/`. Defaults to `ldap`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.str] role_name: Name of the role.
+        :param pulumi.Input[_builtins.str] rollback_ldif: A templatized LDIF string used to attempt to
+               rollback any changes in the event that execution of the `creation_ldif` results
+               in an error. This may contain multiple LDIF entries. All LDIF entries are
+               performed in order. If Vault encounters an error while executing an entry in
+               the `rollback_ldif` it will attempt to continue executing any remaining
+               entries. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.str] username_template: A template used to generate a dynamic
+               username. This will be used to fill in the `.Username` field within the
+               `creation_ldif` string.
+        """
+        if creation_ldif is not None:
+            pulumi.set(__self__, "creation_ldif", creation_ldif)
+        if default_ttl is not None:
+            pulumi.set(__self__, "default_ttl", default_ttl)
+        if deletion_ldif is not None:
+            pulumi.set(__self__, "deletion_ldif", deletion_ldif)
+        if max_ttl is not None:
+            pulumi.set(__self__, "max_ttl", max_ttl)
+        if mount is not None:
+            pulumi.set(__self__, "mount", mount)
+        if namespace is not None:
+            pulumi.set(__self__, "namespace", namespace)
+        if role_name is not None:
+            pulumi.set(__self__, "role_name", role_name)
+        if rollback_ldif is not None:
+            pulumi.set(__self__, "rollback_ldif", rollback_ldif)
+        if username_template is not None:
+            pulumi.set(__self__, "username_template", username_template)
+    @_builtins.property
+    @pulumi.getter(name="creationLdif")
+    def creation_ldif(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A templatized LDIF string used to create a user
+        account. This may contain multiple LDIF entries. The `creation_ldif` can also
+        be used to add the user account to an existing group. All LDIF entries are
+        performed in order. If Vault encounters an error while executing the
+        `creation_ldif` it will stop at the first error and not execute any remaining
+        LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+        entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+        details. This field may optionally be provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "creation_ldif")
+    @creation_ldif.setter
+    def creation_ldif(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "creation_ldif", value)
+    @_builtins.property
+    @pulumi.getter(name="defaultTtl")
+    def default_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Specifies the TTL for the leases associated with this role.
+        """
+        return pulumi.get(self, "default_ttl")
+    @default_ttl.setter
+    def default_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "default_ttl", value)
+    @_builtins.property
+    @pulumi.getter(name="deletionLdif")
+    def deletion_ldif(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A templatized LDIF string used to delete the
+        user account once its TTL has expired. This may contain multiple LDIF
+        entries. All LDIF entries are performed in order. If Vault encounters an
+        error while executing an entry in the `deletion_ldif` it will attempt to
+        continue executing any remaining entries. This field may optionally be
+        provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "deletion_ldif")
+    @deletion_ldif.setter
+    def deletion_ldif(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "deletion_ldif", value)
+    @_builtins.property
+    @pulumi.getter(name="maxTtl")
+    def max_ttl(self) -> Optional[pulumi.Input[_builtins.int]]:
+        """
+        Specifies the maximum TTL for the leases associated with this role.
+        """
+        return pulumi.get(self, "max_ttl")
+    @max_ttl.setter
+    def max_ttl(self, value: Optional[pulumi.Input[_builtins.int]]):
+        pulumi.set(self, "max_ttl", value)
+    @_builtins.property
+    @pulumi.getter
+    def mount(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The unique path this backend should be mounted at. Must
+        not begin or end with a `/`. Defaults to `ldap`.
+        """
+        return pulumi.get(self, "mount")
+    @mount.setter
+    def mount(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "mount", value)
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @namespace.setter
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "namespace", value)
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the role.
+        """
+        return pulumi.get(self, "role_name")
+    @role_name.setter
+    def role_name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "role_name", value)
+    @_builtins.property
+    @pulumi.getter(name="rollbackLdif")
+    def rollback_ldif(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A templatized LDIF string used to attempt to
+        rollback any changes in the event that execution of the `creation_ldif` results
+        in an error. This may contain multiple LDIF entries. All LDIF entries are
+        performed in order. If Vault encounters an error while executing an entry in
+        the `rollback_ldif` it will attempt to continue executing any remaining
+        entries. This field may optionally be provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "rollback_ldif")
+    @rollback_ldif.setter
+    def rollback_ldif(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "rollback_ldif", value)
+    @_builtins.property
+    @pulumi.getter(name="usernameTemplate")
+    def username_template(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A template used to generate a dynamic
+        username. This will be used to fill in the `.Username` field within the
+        `creation_ldif` string.
+        """
+        return pulumi.get(self, "username_template")
+    @username_template.setter
+    def username_template(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "username_template", value)
+@pulumi.type_token("vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole")
+class SecretBackendDynamicRole(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 creation_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 default_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 deletion_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 rollback_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 username_template: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        """
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        config = vault.ldap.SecretBackend("config",
+            path="my-custom-ldap",
+            binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
+            bindpass="SuperSecretPassw0rd",
+            url="ldaps://localhost",
+            userdn="CN=Users,DC=corp,DC=example,DC=net")
+        role = vault.ldap.SecretBackendDynamicRole("role",
+            mount=config.path,
+            role_name="alice",
+            creation_ldif=\"\"\"dn: cn={{.Username}},ou=users,dc=learn,dc=example
+        objectClass: person
+        objectClass: top
+        cn: learn
+        sn: {{.Password | utf16le | base64}}
+        memberOf: cn=dev,ou=groups,dc=learn,dc=example
+        userPassword: {{.Password}}
+        \"\"\",
+            deletion_ldif=\"\"\"dn: cn={{.Username}},ou=users,dc=learn,dc=example
+        changetype: delete
+          rollback_ldif = <<EOT
+        dn: cn={{.Username}},ou=users,dc=learn,dc=example
+        changetype: delete
+        \"\"\")
+        ```
+        ## Import
+        LDAP secret backend dynamic role can be imported using the full path to the role
+        of the form: `<mount_path>/dynamic-role/<role_name>` e.g.
+        ```sh
+        $ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
+        ```
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] creation_ldif: A templatized LDIF string used to create a user
+               account. This may contain multiple LDIF entries. The `creation_ldif` can also
+               be used to add the user account to an existing group. All LDIF entries are
+               performed in order. If Vault encounters an error while executing the
+               `creation_ldif` it will stop at the first error and not execute any remaining
+               LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+               entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+               details. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.int] default_ttl: Specifies the TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] deletion_ldif: A templatized LDIF string used to delete the
+               user account once its TTL has expired. This may contain multiple LDIF
+               entries. All LDIF entries are performed in order. If Vault encounters an
+               error while executing an entry in the `deletion_ldif` it will attempt to
+               continue executing any remaining entries. This field may optionally be
+               provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.int] max_ttl: Specifies the maximum TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] mount: The unique path this backend should be mounted at. Must
+               not begin or end with a `/`. Defaults to `ldap`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.str] role_name: Name of the role.
+        :param pulumi.Input[_builtins.str] rollback_ldif: A templatized LDIF string used to attempt to
+               rollback any changes in the event that execution of the `creation_ldif` results
+               in an error. This may contain multiple LDIF entries. All LDIF entries are
+               performed in order. If Vault encounters an error while executing an entry in
+               the `rollback_ldif` it will attempt to continue executing any remaining
+               entries. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.str] username_template: A template used to generate a dynamic
+               username. This will be used to fill in the `.Username` field within the
+               `creation_ldif` string.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SecretBackendDynamicRoleArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        ## Example Usage
+        ```python
+        import pulumi
+        import pulumi_vault as vault
+        config = vault.ldap.SecretBackend("config",
+            path="my-custom-ldap",
+            binddn="CN=Administrator,CN=Users,DC=corp,DC=example,DC=net",
+            bindpass="SuperSecretPassw0rd",
+            url="ldaps://localhost",
+            userdn="CN=Users,DC=corp,DC=example,DC=net")
+        role = vault.ldap.SecretBackendDynamicRole("role",
+            mount=config.path,
+            role_name="alice",
+            creation_ldif=\"\"\"dn: cn={{.Username}},ou=users,dc=learn,dc=example
+        objectClass: person
+        objectClass: top
+        cn: learn
+        sn: {{.Password | utf16le | base64}}
+        memberOf: cn=dev,ou=groups,dc=learn,dc=example
+        userPassword: {{.Password}}
+        \"\"\",
+            deletion_ldif=\"\"\"dn: cn={{.Username}},ou=users,dc=learn,dc=example
+        changetype: delete
+          rollback_ldif = <<EOT
+        dn: cn={{.Username}},ou=users,dc=learn,dc=example
+        changetype: delete
+        \"\"\")
+        ```
+        ## Import
+        LDAP secret backend dynamic role can be imported using the full path to the role
+        of the form: `<mount_path>/dynamic-role/<role_name>` e.g.
+        ```sh
+        $ pulumi import vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole role ldap/role/dynamic-role
+        ```
+        :param str resource_name: The name of the resource.
+        :param SecretBackendDynamicRoleArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SecretBackendDynamicRoleArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 creation_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 default_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 deletion_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+                 mount: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 role_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 rollback_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+                 username_template: Optional[pulumi.Input[_builtins.str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SecretBackendDynamicRoleArgs.__new__(SecretBackendDynamicRoleArgs)
+            if creation_ldif is None and not opts.urn:
+                raise TypeError("Missing required property 'creation_ldif'")
+            __props__.__dict__["creation_ldif"] = creation_ldif
+            __props__.__dict__["default_ttl"] = default_ttl
+            if deletion_ldif is None and not opts.urn:
+                raise TypeError("Missing required property 'deletion_ldif'")
+            __props__.__dict__["deletion_ldif"] = deletion_ldif
+            __props__.__dict__["max_ttl"] = max_ttl
+            __props__.__dict__["mount"] = mount
+            __props__.__dict__["namespace"] = namespace
+            if role_name is None and not opts.urn:
+                raise TypeError("Missing required property 'role_name'")
+            __props__.__dict__["role_name"] = role_name
+            __props__.__dict__["rollback_ldif"] = rollback_ldif
+            __props__.__dict__["username_template"] = username_template
+        super(SecretBackendDynamicRole, __self__).__init__(
+            'vault:ldap/secretBackendDynamicRole:SecretBackendDynamicRole',
+            resource_name,
+            __props__,
+            opts)
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            creation_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+            default_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+            deletion_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+            max_ttl: Optional[pulumi.Input[_builtins.int]] = None,
+            mount: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            role_name: Optional[pulumi.Input[_builtins.str]] = None,
+            rollback_ldif: Optional[pulumi.Input[_builtins.str]] = None,
+            username_template: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackendDynamicRole':
+        """
+        Get an existing SecretBackendDynamicRole resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[_builtins.str] creation_ldif: A templatized LDIF string used to create a user
+               account. This may contain multiple LDIF entries. The `creation_ldif` can also
+               be used to add the user account to an existing group. All LDIF entries are
+               performed in order. If Vault encounters an error while executing the
+               `creation_ldif` it will stop at the first error and not execute any remaining
+               LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+               entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+               details. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.int] default_ttl: Specifies the TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] deletion_ldif: A templatized LDIF string used to delete the
+               user account once its TTL has expired. This may contain multiple LDIF
+               entries. All LDIF entries are performed in order. If Vault encounters an
+               error while executing an entry in the `deletion_ldif` it will attempt to
+               continue executing any remaining entries. This field may optionally be
+               provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.int] max_ttl: Specifies the maximum TTL for the leases associated with this role.
+        :param pulumi.Input[_builtins.str] mount: The unique path this backend should be mounted at. Must
+               not begin or end with a `/`. Defaults to `ldap`.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
+               The value should not contain leading or trailing forward slashes.
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+               *Available only for Vault Enterprise*.
+        :param pulumi.Input[_builtins.str] role_name: Name of the role.
+        :param pulumi.Input[_builtins.str] rollback_ldif: A templatized LDIF string used to attempt to
+               rollback any changes in the event that execution of the `creation_ldif` results
+               in an error. This may contain multiple LDIF entries. All LDIF entries are
+               performed in order. If Vault encounters an error while executing an entry in
+               the `rollback_ldif` it will attempt to continue executing any remaining
+               entries. This field may optionally be provided as a base64 encoded string.
+        :param pulumi.Input[_builtins.str] username_template: A template used to generate a dynamic
+               username. This will be used to fill in the `.Username` field within the
+               `creation_ldif` string.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+        __props__ = _SecretBackendDynamicRoleState.__new__(_SecretBackendDynamicRoleState)
+        __props__.__dict__["creation_ldif"] = creation_ldif
+        __props__.__dict__["default_ttl"] = default_ttl
+        __props__.__dict__["deletion_ldif"] = deletion_ldif
+        __props__.__dict__["max_ttl"] = max_ttl
+        __props__.__dict__["mount"] = mount
+        __props__.__dict__["namespace"] = namespace
+        __props__.__dict__["role_name"] = role_name
+        __props__.__dict__["rollback_ldif"] = rollback_ldif
+        __props__.__dict__["username_template"] = username_template
+        return SecretBackendDynamicRole(resource_name, opts=opts, __props__=__props__)
+    @_builtins.property
+    @pulumi.getter(name="creationLdif")
+    def creation_ldif(self) -> pulumi.Output[_builtins.str]:
+        """
+        A templatized LDIF string used to create a user
+        account. This may contain multiple LDIF entries. The `creation_ldif` can also
+        be used to add the user account to an existing group. All LDIF entries are
+        performed in order. If Vault encounters an error while executing the
+        `creation_ldif` it will stop at the first error and not execute any remaining
+        LDIF entries. If an error occurs and `rollback_ldif` is specified, the LDIF
+        entries in `rollback_ldif` will be executed. See `rollback_ldif` for more
+        details. This field may optionally be provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "creation_ldif")
+    @_builtins.property
+    @pulumi.getter(name="defaultTtl")
+    def default_ttl(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        Specifies the TTL for the leases associated with this role.
+        """
+        return pulumi.get(self, "default_ttl")
+    @_builtins.property
+    @pulumi.getter(name="deletionLdif")
+    def deletion_ldif(self) -> pulumi.Output[_builtins.str]:
+        """
+        A templatized LDIF string used to delete the
+        user account once its TTL has expired. This may contain multiple LDIF
+        entries. All LDIF entries are performed in order. If Vault encounters an
+        error while executing an entry in the `deletion_ldif` it will attempt to
+        continue executing any remaining entries. This field may optionally be
+        provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "deletion_ldif")
+    @_builtins.property
+    @pulumi.getter(name="maxTtl")
+    def max_ttl(self) -> pulumi.Output[Optional[_builtins.int]]:
+        """
+        Specifies the maximum TTL for the leases associated with this role.
+        """
+        return pulumi.get(self, "max_ttl")
+    @_builtins.property
+    @pulumi.getter
+    def mount(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The unique path this backend should be mounted at. Must
+        not begin or end with a `/`. Defaults to `ldap`.
+        """
+        return pulumi.get(self, "mount")
+    @_builtins.property
+    @pulumi.getter
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        The namespace to provision the resource in.
+        The value should not contain leading or trailing forward slashes.
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+        *Available only for Vault Enterprise*.
+        """
+        return pulumi.get(self, "namespace")
+    @_builtins.property
+    @pulumi.getter(name="roleName")
+    def role_name(self) -> pulumi.Output[_builtins.str]:
+        """
+        Name of the role.
+        """
+        return pulumi.get(self, "role_name")
+    @_builtins.property
+    @pulumi.getter(name="rollbackLdif")
+    def rollback_ldif(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        A templatized LDIF string used to attempt to
+        rollback any changes in the event that execution of the `creation_ldif` results
+        in an error. This may contain multiple LDIF entries. All LDIF entries are
+        performed in order. If Vault encounters an error while executing an entry in
+        the `rollback_ldif` it will attempt to continue executing any remaining
+        entries. This field may optionally be provided as a base64 encoded string.
+        """
+        return pulumi.get(self, "rollback_ldif")
+    @_builtins.property
+    @pulumi.getter(name="usernameTemplate")
+    def username_template(self) -> pulumi.Output[Optional[_builtins.str]]:
+        """
+        A template used to generate a dynamic
+        username. This will be used to fill in the `.Username` field within the
+        `creation_ldif` string.
+        """
+        return pulumi.get(self, "username_template")