pulumi-tls 4.11.0a1678132302__tar.gz → 5.0.0a0__tar.gz

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pulumi_tls
-Version: 4.11.0a1678132302
+Version: 5.0.0a0
 Summary: A Pulumi package to create TLS resources in Pulumi programs.
 Home-page: https://pulumi.io
 License: Apache-2.0
@@ -14,7 +14,7 @@ Description-Content-Type: text/markdown
 [![NPM version](https://badge.fury.io/js/%40pulumi%2Ftls.svg)](https://www.npmjs.com/package/@pulumi/tls)
 [![Python version](https://badge.fury.io/py/pulumi-tls.svg)](https://pypi.org/project/pulumi-tls)
 [![NuGet version](https://badge.fury.io/nu/pulumi.tls.svg)](https://badge.fury.io/nu/pulumi.tls)
-[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-tls/sdk/v4/go)](https://pkg.go.dev/github.com/pulumi/pulumi-tls/sdk/v4/go)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-tls/sdk/v5/go)](https://pkg.go.dev/github.com/pulumi/pulumi-tls/sdk/v5/go)
 [![License](https://img.shields.io/npm/l/%40pulumi%2Fpulumi.svg)](https://github.com/pulumi/pulumi-tls/blob/master/LICENSE)
 
 # TLS Resource Provider
@@ -46,7 +46,7 @@ To use from Python, install using `pip`:
 
 To use from Go, use `go get` to grab the latest version of the library
 
-    $ go get github.com/pulumi/pulumi-tls/sdk/v4
+    $ go get github.com/pulumi/pulumi-tls/sdk/v5
 
 ### .NET
 

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/README.md

@@ -3,7 +3,7 @@
 [![NPM version](https://badge.fury.io/js/%40pulumi%2Ftls.svg)](https://www.npmjs.com/package/@pulumi/tls)
 [![Python version](https://badge.fury.io/py/pulumi-tls.svg)](https://pypi.org/project/pulumi-tls)
 [![NuGet version](https://badge.fury.io/nu/pulumi.tls.svg)](https://badge.fury.io/nu/pulumi.tls)
-[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-tls/sdk/v4/go)](https://pkg.go.dev/github.com/pulumi/pulumi-tls/sdk/v4/go)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-tls/sdk/v5/go)](https://pkg.go.dev/github.com/pulumi/pulumi-tls/sdk/v5/go)
 [![License](https://img.shields.io/npm/l/%40pulumi%2Fpulumi.svg)](https://github.com/pulumi/pulumi-tls/blob/master/LICENSE)
 
 # TLS Resource Provider
@@ -35,7 +35,7 @@ To use from Python, install using `pip`:
 
 To use from Go, use `go get` to grab the latest version of the library
 
-    $ go get github.com/pulumi/pulumi-tls/sdk/v4
+    $ go get github.com/pulumi/pulumi-tls/sdk/v5
 
 ### .NET
 

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/pulumi_tls/cert_request.py

@@ -19,7 +19,6 @@ class CertRequestArgs:
                  private_key_pem: pulumi.Input[str],
                  dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 key_algorithm: Optional[pulumi.Input[str]] = None,
                  subject: Optional[pulumi.Input['CertRequestSubjectArgs']] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
@@ -29,7 +28,6 @@ class CertRequestArgs:
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
         :param pulumi.Input['CertRequestSubjectArgs'] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
         """
@@ -38,11 +36,6 @@ class CertRequestArgs:
             pulumi.set(__self__, "dns_names", dns_names)
         if ip_addresses is not None:
             pulumi.set(__self__, "ip_addresses", ip_addresses)
-        if key_algorithm is not None:
-            warnings.warn("""This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""", DeprecationWarning)
-            pulumi.log.warn("""key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""")
-        if key_algorithm is not None:
-            pulumi.set(__self__, "key_algorithm", key_algorithm)
         if subject is not None:
             pulumi.set(__self__, "subject", subject)
         if uris is not None:
@@ -86,18 +79,6 @@ class CertRequestArgs:
     def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "ip_addresses", value)
 
-    @property
-    @pulumi.getter(name="keyAlgorithm")
-    def key_algorithm(self) -> Optional[pulumi.Input[str]]:
-        """
-        Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
-        """
-        return pulumi.get(self, "key_algorithm")
-
-    @key_algorithm.setter
-    def key_algorithm(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "key_algorithm", value)
-
     @property
     @pulumi.getter
     def subject(self) -> Optional[pulumi.Input['CertRequestSubjectArgs']]:
@@ -142,7 +123,7 @@ class _CertRequestState:
                [`trimspace()`](https://www.terraform.io/language/functions/trimspace).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
         :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong
                to. This can be read from a separate file using the [`file`](https://www.terraform.io/language/functions/file)
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
@@ -155,9 +136,6 @@ class _CertRequestState:
             pulumi.set(__self__, "dns_names", dns_names)
         if ip_addresses is not None:
             pulumi.set(__self__, "ip_addresses", ip_addresses)
-        if key_algorithm is not None:
-            warnings.warn("""This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""", DeprecationWarning)
-            pulumi.log.warn("""key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""")
         if key_algorithm is not None:
             pulumi.set(__self__, "key_algorithm", key_algorithm)
         if private_key_pem is not None:
@@ -211,7 +189,7 @@ class _CertRequestState:
     @pulumi.getter(name="keyAlgorithm")
     def key_algorithm(self) -> Optional[pulumi.Input[str]]:
         """
-        Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        Name of the algorithm used when generating the private key provided in `private_key_pem`.
         """
         return pulumi.get(self, "key_algorithm")
 
@@ -265,7 +243,6 @@ class CertRequest(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 key_algorithm: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
                  subject: Optional[pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']]] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -289,7 +266,6 @@ class CertRequest(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
         :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong
                to. This can be read from a separate file using the [`file`](https://www.terraform.io/language/functions/file)
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
@@ -334,7 +310,6 @@ class CertRequest(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 key_algorithm: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
                  subject: Optional[pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']]] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -349,16 +324,13 @@ class CertRequest(pulumi.CustomResource):
 
             __props__.__dict__["dns_names"] = dns_names
             __props__.__dict__["ip_addresses"] = ip_addresses
-            if key_algorithm is not None and not opts.urn:
-                warnings.warn("""This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""", DeprecationWarning)
-                pulumi.log.warn("""key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""")
-            __props__.__dict__["key_algorithm"] = key_algorithm
             if private_key_pem is None and not opts.urn:
                 raise TypeError("Missing required property 'private_key_pem'")
             __props__.__dict__["private_key_pem"] = None if private_key_pem is None else pulumi.Output.secret(private_key_pem)
             __props__.__dict__["subject"] = subject
             __props__.__dict__["uris"] = uris
             __props__.__dict__["cert_request_pem"] = None
+            __props__.__dict__["key_algorithm"] = None
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["privateKeyPem"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
         super(CertRequest, __self__).__init__(
@@ -392,7 +364,7 @@ class CertRequest(pulumi.CustomResource):
                [`trimspace()`](https://www.terraform.io/language/functions/trimspace).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
         :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong
                to. This can be read from a separate file using the [`file`](https://www.terraform.io/language/functions/file)
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
@@ -444,7 +416,7 @@ class CertRequest(pulumi.CustomResource):
     @pulumi.getter(name="keyAlgorithm")
     def key_algorithm(self) -> pulumi.Output[str]:
         """
-        Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        Name of the algorithm used when generating the private key provided in `private_key_pem`.
         """
         return pulumi.get(self, "key_algorithm")
 

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/pulumi_tls/get_public_key.py

@@ -51,7 +51,7 @@ class GetPublicKeyResult:
     @pulumi.getter
     def algorithm(self) -> str:
         """
-        The name of the algorithm used by the given private key. Possible values are: `RSA`, `ECDSA` and `ED25519`.
+        The name of the algorithm used by the given private key. Possible values are: `RSA`, `ECDSA`, `ED25519`.
         """
         return pulumi.get(self, "algorithm")
 
@@ -67,7 +67,7 @@ class GetPublicKeyResult:
     @pulumi.getter(name="privateKeyOpenssh")
     def private_key_openssh(self) -> Optional[str]:
         """
-        The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. Currently-supported algorithms for keys are `RSA`, `ECDSA` and `ED25519`. This is *mutually exclusive* with `private_key_pem`.
+        The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with `private_key_pem`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
         """
         return pulumi.get(self, "private_key_openssh")
 
@@ -75,7 +75,7 @@ class GetPublicKeyResult:
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> Optional[str]:
         """
-        The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. Currently-supported algorithms for keys are `RSA`, `ECDSA` and `ED25519`. This is *mutually exclusive* with `private_key_openssh`.
+        The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with `private_key_openssh`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
         """
         return pulumi.get(self, "private_key_pem")
 
@@ -142,8 +142,8 @@ def get_public_key(private_key_openssh: Optional[str] = None,
     ```
 
 
-    :param str private_key_openssh: The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. Currently-supported algorithms for keys are `RSA`, `ECDSA` and `ED25519`. This is *mutually exclusive* with `private_key_pem`.
-    :param str private_key_pem: The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. Currently-supported algorithms for keys are `RSA`, `ECDSA` and `ED25519`. This is *mutually exclusive* with `private_key_openssh`.
+    :param str private_key_openssh: The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with `private_key_pem`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
+    :param str private_key_pem: The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with `private_key_openssh`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
     """
     __args__ = dict()
     __args__['privateKeyOpenssh'] = private_key_openssh
@@ -183,7 +183,7 @@ def get_public_key_output(private_key_openssh: Optional[pulumi.Input[Optional[st
     ```
 
 
-    :param str private_key_openssh: The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. Currently-supported algorithms for keys are `RSA`, `ECDSA` and `ED25519`. This is *mutually exclusive* with `private_key_pem`.
-    :param str private_key_pem: The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. Currently-supported algorithms for keys are `RSA`, `ECDSA` and `ED25519`. This is *mutually exclusive* with `private_key_openssh`.
+    :param str private_key_openssh: The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with `private_key_pem`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
+    :param str private_key_pem: The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with `private_key_openssh`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
     """
     ...

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/pulumi_tls/locally_signed_cert.py

@@ -19,7 +19,6 @@ class LocallySignedCertArgs:
                  ca_private_key_pem: pulumi.Input[str],
                  cert_request_pem: pulumi.Input[str],
                  validity_period_hours: pulumi.Input[int],
-                 ca_key_algorithm: Optional[pulumi.Input[str]] = None,
                  early_renewal_hours: Optional[pulumi.Input[int]] = None,
                  is_ca_certificate: Optional[pulumi.Input[bool]] = None,
                  set_subject_key_id: Optional[pulumi.Input[bool]] = None):
@@ -30,7 +29,6 @@ class LocallySignedCertArgs:
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
-        :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
         :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
                can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
                certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
@@ -44,11 +42,6 @@ class LocallySignedCertArgs:
         pulumi.set(__self__, "ca_private_key_pem", ca_private_key_pem)
         pulumi.set(__self__, "cert_request_pem", cert_request_pem)
         pulumi.set(__self__, "validity_period_hours", validity_period_hours)
-        if ca_key_algorithm is not None:
-            warnings.warn("""This is now ignored, as the key algorithm is inferred from the `ca_private_key_pem`.""", DeprecationWarning)
-            pulumi.log.warn("""ca_key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `ca_private_key_pem`.""")
-        if ca_key_algorithm is not None:
-            pulumi.set(__self__, "ca_key_algorithm", ca_key_algorithm)
         if early_renewal_hours is not None:
             pulumi.set(__self__, "early_renewal_hours", early_renewal_hours)
         if is_ca_certificate is not None:
@@ -116,18 +109,6 @@ class LocallySignedCertArgs:
     def validity_period_hours(self, value: pulumi.Input[int]):
         pulumi.set(self, "validity_period_hours", value)
 
-    @property
-    @pulumi.getter(name="caKeyAlgorithm")
-    def ca_key_algorithm(self) -> Optional[pulumi.Input[str]]:
-        """
-        Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
-        """
-        return pulumi.get(self, "ca_key_algorithm")
-
-    @ca_key_algorithm.setter
-    def ca_key_algorithm(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "ca_key_algorithm", value)
-
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
@@ -189,7 +170,7 @@ class _LocallySignedCertState:
         Input properties used for looking up and filtering LocallySignedCert resources.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
         :param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the
                [underlying](https://pkg.go.dev/encoding/pem#Encode)
@@ -213,9 +194,6 @@ class _LocallySignedCertState:
             pulumi.set(__self__, "allowed_uses", allowed_uses)
         if ca_cert_pem is not None:
             pulumi.set(__self__, "ca_cert_pem", ca_cert_pem)
-        if ca_key_algorithm is not None:
-            warnings.warn("""This is now ignored, as the key algorithm is inferred from the `ca_private_key_pem`.""", DeprecationWarning)
-            pulumi.log.warn("""ca_key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `ca_private_key_pem`.""")
         if ca_key_algorithm is not None:
             pulumi.set(__self__, "ca_key_algorithm", ca_key_algorithm)
         if ca_private_key_pem is not None:
@@ -267,7 +245,7 @@ class _LocallySignedCertState:
     @pulumi.getter(name="caKeyAlgorithm")
     def ca_key_algorithm(self) -> Optional[pulumi.Input[str]]:
         """
-        Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
         """
         return pulumi.get(self, "ca_key_algorithm")
 
@@ -411,7 +389,6 @@ class LocallySignedCert(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ca_cert_pem: Optional[pulumi.Input[str]] = None,
-                 ca_key_algorithm: Optional[pulumi.Input[str]] = None,
                  ca_private_key_pem: Optional[pulumi.Input[str]] = None,
                  cert_request_pem: Optional[pulumi.Input[str]] = None,
                  early_renewal_hours: Optional[pulumi.Input[int]] = None,
@@ -425,7 +402,6 @@ class LocallySignedCert(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
         :param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
@@ -462,7 +438,6 @@ class LocallySignedCert(pulumi.CustomResource):
                  opts: Optional[pulumi.ResourceOptions] = None,
                  allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ca_cert_pem: Optional[pulumi.Input[str]] = None,
-                 ca_key_algorithm: Optional[pulumi.Input[str]] = None,
                  ca_private_key_pem: Optional[pulumi.Input[str]] = None,
                  cert_request_pem: Optional[pulumi.Input[str]] = None,
                  early_renewal_hours: Optional[pulumi.Input[int]] = None,
@@ -484,10 +459,6 @@ class LocallySignedCert(pulumi.CustomResource):
             if ca_cert_pem is None and not opts.urn:
                 raise TypeError("Missing required property 'ca_cert_pem'")
             __props__.__dict__["ca_cert_pem"] = ca_cert_pem
-            if ca_key_algorithm is not None and not opts.urn:
-                warnings.warn("""This is now ignored, as the key algorithm is inferred from the `ca_private_key_pem`.""", DeprecationWarning)
-                pulumi.log.warn("""ca_key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `ca_private_key_pem`.""")
-            __props__.__dict__["ca_key_algorithm"] = ca_key_algorithm
             if ca_private_key_pem is None and not opts.urn:
                 raise TypeError("Missing required property 'ca_private_key_pem'")
             __props__.__dict__["ca_private_key_pem"] = None if ca_private_key_pem is None else pulumi.Output.secret(ca_private_key_pem)
@@ -500,6 +471,7 @@ class LocallySignedCert(pulumi.CustomResource):
             if validity_period_hours is None and not opts.urn:
                 raise TypeError("Missing required property 'validity_period_hours'")
             __props__.__dict__["validity_period_hours"] = validity_period_hours
+            __props__.__dict__["ca_key_algorithm"] = None
             __props__.__dict__["cert_pem"] = None
             __props__.__dict__["ready_for_renewal"] = None
             __props__.__dict__["validity_end_time"] = None
@@ -538,7 +510,7 @@ class LocallySignedCert(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
         :param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the
                [underlying](https://pkg.go.dev/encoding/pem#Encode)
@@ -597,7 +569,7 @@ class LocallySignedCert(pulumi.CustomResource):
     @pulumi.getter(name="caKeyAlgorithm")
     def ca_key_algorithm(self) -> pulumi.Output[str]:
         """
-        Name of the algorithm used when generating the private key provided in `ca_private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
         """
         return pulumi.get(self, "ca_key_algorithm")
 
@@ -631,7 +603,7 @@ class LocallySignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="earlyRenewalHours")
-    def early_renewal_hours(self) -> pulumi.Output[Optional[int]]:
+    def early_renewal_hours(self) -> pulumi.Output[int]:
         """
         The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
         can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
@@ -643,7 +615,7 @@ class LocallySignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="isCaCertificate")
-    def is_ca_certificate(self) -> pulumi.Output[Optional[bool]]:
+    def is_ca_certificate(self) -> pulumi.Output[bool]:
         """
         Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         """
@@ -659,7 +631,7 @@ class LocallySignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="setSubjectKeyId")
-    def set_subject_key_id(self) -> pulumi.Output[Optional[bool]]:
+    def set_subject_key_id(self) -> pulumi.Output[bool]:
         """
         Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         """

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/pulumi_tls/private_key.py

@@ -19,8 +19,8 @@ class PrivateKeyArgs:
                  rsa_bits: Optional[pulumi.Input[int]] = None):
         """
         The set of arguments for constructing a PrivateKey resource.
-        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
-        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
+        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         :param pulumi.Input[int] rsa_bits: When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`).
         """
         pulumi.set(__self__, "algorithm", algorithm)
@@ -33,7 +33,7 @@ class PrivateKeyArgs:
     @pulumi.getter
     def algorithm(self) -> pulumi.Input[str]:
         """
-        Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
+        Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
         """
         return pulumi.get(self, "algorithm")
 
@@ -45,7 +45,7 @@ class PrivateKeyArgs:
     @pulumi.getter(name="ecdsaCurve")
     def ecdsa_curve(self) -> Optional[pulumi.Input[str]]:
         """
-        When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         """
         return pulumi.get(self, "ecdsa_curve")
 
@@ -73,6 +73,7 @@ class _PrivateKeyState:
                  ecdsa_curve: Optional[pulumi.Input[str]] = None,
                  private_key_openssh: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
+                 private_key_pem_pkcs8: Optional[pulumi.Input[str]] = None,
                  public_key_fingerprint_md5: Optional[pulumi.Input[str]] = None,
                  public_key_fingerprint_sha256: Optional[pulumi.Input[str]] = None,
                  public_key_openssh: Optional[pulumi.Input[str]] = None,
@@ -80,17 +81,17 @@ class _PrivateKeyState:
                  rsa_bits: Optional[pulumi.Input[int]] = None):
         """
         Input properties used for looking up and filtering PrivateKey resources.
-        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
-        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
+        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         :param pulumi.Input[str] private_key_openssh: Private key data in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format.
         :param pulumi.Input[str] private_key_pem: Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+        :param pulumi.Input[str] private_key_pem_pkcs8: Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.
         :param pulumi.Input[str] public_key_fingerprint_md5: The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
         :param pulumi.Input[str] public_key_fingerprint_sha256: The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
         :param pulumi.Input[str] public_key_openssh: The public key data in ["Authorized
-               Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is
-               populated only if the configured private key is supported: this includes all `RSA` and `ED25519` keys, as well as
-               `ECDSA` keys with curves `P256`, `P384` and `P521`. `ECDSA` with curve `P224` [is not
-               supported](../../docs#limitations). **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode)
+               Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not
+               populated for `ECDSA` with curve `P224`, as it is [not supported](../../docs#limitations). **NOTE**: the
+               [underlying](https://pkg.go.dev/encoding/pem#Encode)
                [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at
                the end of the PEM. In case this disrupts your use case, we recommend using
                [`trimspace()`](https://www.terraform.io/language/functions/trimspace).
@@ -109,6 +110,8 @@ class _PrivateKeyState:
             pulumi.set(__self__, "private_key_openssh", private_key_openssh)
         if private_key_pem is not None:
             pulumi.set(__self__, "private_key_pem", private_key_pem)
+        if private_key_pem_pkcs8 is not None:
+            pulumi.set(__self__, "private_key_pem_pkcs8", private_key_pem_pkcs8)
         if public_key_fingerprint_md5 is not None:
             pulumi.set(__self__, "public_key_fingerprint_md5", public_key_fingerprint_md5)
         if public_key_fingerprint_sha256 is not None:
@@ -124,7 +127,7 @@ class _PrivateKeyState:
     @pulumi.getter
     def algorithm(self) -> Optional[pulumi.Input[str]]:
         """
-        Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
+        Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
         """
         return pulumi.get(self, "algorithm")
 
@@ -136,7 +139,7 @@ class _PrivateKeyState:
     @pulumi.getter(name="ecdsaCurve")
     def ecdsa_curve(self) -> Optional[pulumi.Input[str]]:
         """
-        When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         """
         return pulumi.get(self, "ecdsa_curve")
 
@@ -168,6 +171,18 @@ class _PrivateKeyState:
     def private_key_pem(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "private_key_pem", value)
 
+    @property
+    @pulumi.getter(name="privateKeyPemPkcs8")
+    def private_key_pem_pkcs8(self) -> Optional[pulumi.Input[str]]:
+        """
+        Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.
+        """
+        return pulumi.get(self, "private_key_pem_pkcs8")
+
+    @private_key_pem_pkcs8.setter
+    def private_key_pem_pkcs8(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "private_key_pem_pkcs8", value)
+
     @property
     @pulumi.getter(name="publicKeyFingerprintMd5")
     def public_key_fingerprint_md5(self) -> Optional[pulumi.Input[str]]:
@@ -197,10 +212,9 @@ class _PrivateKeyState:
     def public_key_openssh(self) -> Optional[pulumi.Input[str]]:
         """
         The public key data in ["Authorized
-        Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is
-        populated only if the configured private key is supported: this includes all `RSA` and `ED25519` keys, as well as
-        `ECDSA` keys with curves `P256`, `P384` and `P521`. `ECDSA` with curve `P224` [is not
-        supported](../../docs#limitations). **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode)
+        Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not
+        populated for `ECDSA` with curve `P224`, as it is [not supported](../../docs#limitations). **NOTE**: the
+        [underlying](https://pkg.go.dev/encoding/pem#Encode)
         [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at
         the end of the PEM. In case this disrupts your use case, we recommend using
         [`trimspace()`](https://www.terraform.io/language/functions/trimspace).
@@ -253,8 +267,8 @@ class PrivateKey(pulumi.CustomResource):
         Create a PrivateKey resource with the given unique name, props, and options.
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
-        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
+        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         :param pulumi.Input[int] rsa_bits: When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`).
         """
         ...
@@ -299,11 +313,12 @@ class PrivateKey(pulumi.CustomResource):
             __props__.__dict__["rsa_bits"] = rsa_bits
             __props__.__dict__["private_key_openssh"] = None
             __props__.__dict__["private_key_pem"] = None
+            __props__.__dict__["private_key_pem_pkcs8"] = None
             __props__.__dict__["public_key_fingerprint_md5"] = None
             __props__.__dict__["public_key_fingerprint_sha256"] = None
             __props__.__dict__["public_key_openssh"] = None
             __props__.__dict__["public_key_pem"] = None
-        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["privateKeyOpenssh", "privateKeyPem"])
+        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["privateKeyOpenssh", "privateKeyPem", "privateKeyPemPkcs8"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
         super(PrivateKey, __self__).__init__(
             'tls:index/privateKey:PrivateKey',
@@ -319,6 +334,7 @@ class PrivateKey(pulumi.CustomResource):
             ecdsa_curve: Optional[pulumi.Input[str]] = None,
             private_key_openssh: Optional[pulumi.Input[str]] = None,
             private_key_pem: Optional[pulumi.Input[str]] = None,
+            private_key_pem_pkcs8: Optional[pulumi.Input[str]] = None,
             public_key_fingerprint_md5: Optional[pulumi.Input[str]] = None,
             public_key_fingerprint_sha256: Optional[pulumi.Input[str]] = None,
             public_key_openssh: Optional[pulumi.Input[str]] = None,
@@ -331,17 +347,17 @@ class PrivateKey(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
-        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        :param pulumi.Input[str] algorithm: Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
+        :param pulumi.Input[str] ecdsa_curve: When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         :param pulumi.Input[str] private_key_openssh: Private key data in [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format.
         :param pulumi.Input[str] private_key_pem: Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
+        :param pulumi.Input[str] private_key_pem_pkcs8: Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.
         :param pulumi.Input[str] public_key_fingerprint_md5: The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
         :param pulumi.Input[str] public_key_fingerprint_sha256: The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
         :param pulumi.Input[str] public_key_openssh: The public key data in ["Authorized
-               Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is
-               populated only if the configured private key is supported: this includes all `RSA` and `ED25519` keys, as well as
-               `ECDSA` keys with curves `P256`, `P384` and `P521`. `ECDSA` with curve `P224` [is not
-               supported](../../docs#limitations). **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode)
+               Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not
+               populated for `ECDSA` with curve `P224`, as it is [not supported](../../docs#limitations). **NOTE**: the
+               [underlying](https://pkg.go.dev/encoding/pem#Encode)
                [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at
                the end of the PEM. In case this disrupts your use case, we recommend using
                [`trimspace()`](https://www.terraform.io/language/functions/trimspace).
@@ -360,6 +376,7 @@ class PrivateKey(pulumi.CustomResource):
         __props__.__dict__["ecdsa_curve"] = ecdsa_curve
         __props__.__dict__["private_key_openssh"] = private_key_openssh
         __props__.__dict__["private_key_pem"] = private_key_pem
+        __props__.__dict__["private_key_pem_pkcs8"] = private_key_pem_pkcs8
         __props__.__dict__["public_key_fingerprint_md5"] = public_key_fingerprint_md5
         __props__.__dict__["public_key_fingerprint_sha256"] = public_key_fingerprint_sha256
         __props__.__dict__["public_key_openssh"] = public_key_openssh
@@ -371,15 +388,15 @@ class PrivateKey(pulumi.CustomResource):
     @pulumi.getter
     def algorithm(self) -> pulumi.Output[str]:
         """
-        Name of the algorithm to use when generating the private key. Currently-supported values are `RSA`, `ECDSA` and `ED25519`.
+        Name of the algorithm to use when generating the private key. Currently-supported values are: `RSA`, `ECDSA`, `ED25519`.
         """
         return pulumi.get(self, "algorithm")
 
     @property
     @pulumi.getter(name="ecdsaCurve")
-    def ecdsa_curve(self) -> pulumi.Output[Optional[str]]:
+    def ecdsa_curve(self) -> pulumi.Output[str]:
         """
-        When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are `P224`, `P256`, `P384` or `P521` (default: `P224`).
+        When `algorithm` is `ECDSA`, the name of the elliptic curve to use. Currently-supported values are: `P224`, `P256`, `P384`, `P521`. (default: `P224`).
         """
         return pulumi.get(self, "ecdsa_curve")
 
@@ -399,6 +416,14 @@ class PrivateKey(pulumi.CustomResource):
         """
         return pulumi.get(self, "private_key_pem")
 
+    @property
+    @pulumi.getter(name="privateKeyPemPkcs8")
+    def private_key_pem_pkcs8(self) -> pulumi.Output[str]:
+        """
+        Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.
+        """
+        return pulumi.get(self, "private_key_pem_pkcs8")
+
     @property
     @pulumi.getter(name="publicKeyFingerprintMd5")
     def public_key_fingerprint_md5(self) -> pulumi.Output[str]:
@@ -420,10 +445,9 @@ class PrivateKey(pulumi.CustomResource):
     def public_key_openssh(self) -> pulumi.Output[str]:
         """
         The public key data in ["Authorized
-        Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is
-        populated only if the configured private key is supported: this includes all `RSA` and `ED25519` keys, as well as
-        `ECDSA` keys with curves `P256`, `P384` and `P521`. `ECDSA` with curve `P224` [is not
-        supported](../../docs#limitations). **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode)
+        Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not
+        populated for `ECDSA` with curve `P224`, as it is [not supported](../../docs#limitations). **NOTE**: the
+        [underlying](https://pkg.go.dev/encoding/pem#Encode)
         [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at
         the end of the PEM. In case this disrupts your use case, we recommend using
         [`trimspace()`](https://www.terraform.io/language/functions/trimspace).
@@ -444,7 +468,7 @@ class PrivateKey(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="rsaBits")
-    def rsa_bits(self) -> pulumi.Output[Optional[int]]:
+    def rsa_bits(self) -> pulumi.Output[int]:
         """
         When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`).
         """

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/pulumi_tls/self_signed_cert.py

@@ -23,7 +23,6 @@ class SelfSignedCertArgs:
                  early_renewal_hours: Optional[pulumi.Input[int]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  is_ca_certificate: Optional[pulumi.Input[bool]] = None,
-                 key_algorithm: Optional[pulumi.Input[str]] = None,
                  set_authority_key_id: Optional[pulumi.Input[bool]] = None,
                  set_subject_key_id: Optional[pulumi.Input[bool]] = None,
                  subject: Optional[pulumi.Input['SelfSignedCertSubjectArgs']] = None,
@@ -43,7 +42,6 @@ class SelfSignedCertArgs:
                early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
         :param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         :param pulumi.Input['SelfSignedCertSubjectArgs'] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
@@ -60,11 +58,6 @@ class SelfSignedCertArgs:
             pulumi.set(__self__, "ip_addresses", ip_addresses)
         if is_ca_certificate is not None:
             pulumi.set(__self__, "is_ca_certificate", is_ca_certificate)
-        if key_algorithm is not None:
-            warnings.warn("""This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""", DeprecationWarning)
-            pulumi.log.warn("""key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""")
-        if key_algorithm is not None:
-            pulumi.set(__self__, "key_algorithm", key_algorithm)
         if set_authority_key_id is not None:
             pulumi.set(__self__, "set_authority_key_id", set_authority_key_id)
         if set_subject_key_id is not None:
@@ -164,18 +157,6 @@ class SelfSignedCertArgs:
     def is_ca_certificate(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "is_ca_certificate", value)
 
-    @property
-    @pulumi.getter(name="keyAlgorithm")
-    def key_algorithm(self) -> Optional[pulumi.Input[str]]:
-        """
-        Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
-        """
-        return pulumi.get(self, "key_algorithm")
-
-    @key_algorithm.setter
-    def key_algorithm(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "key_algorithm", value)
-
     @property
     @pulumi.getter(name="setAuthorityKeyId")
     def set_authority_key_id(self) -> Optional[pulumi.Input[bool]]:
@@ -260,7 +241,7 @@ class _SelfSignedCertState:
                early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
         :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong
                to. This can be read from a separate file using the [`file`](https://www.terraform.io/language/functions/file)
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
@@ -285,9 +266,6 @@ class _SelfSignedCertState:
             pulumi.set(__self__, "ip_addresses", ip_addresses)
         if is_ca_certificate is not None:
             pulumi.set(__self__, "is_ca_certificate", is_ca_certificate)
-        if key_algorithm is not None:
-            warnings.warn("""This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""", DeprecationWarning)
-            pulumi.log.warn("""key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""")
         if key_algorithm is not None:
             pulumi.set(__self__, "key_algorithm", key_algorithm)
         if private_key_pem is not None:
@@ -393,7 +371,7 @@ class _SelfSignedCertState:
     @pulumi.getter(name="keyAlgorithm")
     def key_algorithm(self) -> Optional[pulumi.Input[str]]:
         """
-        Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        Name of the algorithm used when generating the private key provided in `private_key_pem`.
         """
         return pulumi.get(self, "key_algorithm")
 
@@ -522,7 +500,6 @@ class SelfSignedCert(pulumi.CustomResource):
                  early_renewal_hours: Optional[pulumi.Input[int]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  is_ca_certificate: Optional[pulumi.Input[bool]] = None,
-                 key_algorithm: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
                  set_authority_key_id: Optional[pulumi.Input[bool]] = None,
                  set_subject_key_id: Optional[pulumi.Input[bool]] = None,
@@ -543,7 +520,6 @@ class SelfSignedCert(pulumi.CustomResource):
                early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
         :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong
                to. This can be read from a separate file using the [`file`](https://www.terraform.io/language/functions/file)
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
@@ -581,7 +557,6 @@ class SelfSignedCert(pulumi.CustomResource):
                  early_renewal_hours: Optional[pulumi.Input[int]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  is_ca_certificate: Optional[pulumi.Input[bool]] = None,
-                 key_algorithm: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
                  set_authority_key_id: Optional[pulumi.Input[bool]] = None,
                  set_subject_key_id: Optional[pulumi.Input[bool]] = None,
@@ -604,10 +579,6 @@ class SelfSignedCert(pulumi.CustomResource):
             __props__.__dict__["early_renewal_hours"] = early_renewal_hours
             __props__.__dict__["ip_addresses"] = ip_addresses
             __props__.__dict__["is_ca_certificate"] = is_ca_certificate
-            if key_algorithm is not None and not opts.urn:
-                warnings.warn("""This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""", DeprecationWarning)
-                pulumi.log.warn("""key_algorithm is deprecated: This is now ignored, as the key algorithm is inferred from the `private_key_pem`.""")
-            __props__.__dict__["key_algorithm"] = key_algorithm
             if private_key_pem is None and not opts.urn:
                 raise TypeError("Missing required property 'private_key_pem'")
             __props__.__dict__["private_key_pem"] = None if private_key_pem is None else pulumi.Output.secret(private_key_pem)
@@ -619,6 +590,7 @@ class SelfSignedCert(pulumi.CustomResource):
                 raise TypeError("Missing required property 'validity_period_hours'")
             __props__.__dict__["validity_period_hours"] = validity_period_hours
             __props__.__dict__["cert_pem"] = None
+            __props__.__dict__["key_algorithm"] = None
             __props__.__dict__["ready_for_renewal"] = None
             __props__.__dict__["validity_end_time"] = None
             __props__.__dict__["validity_start_time"] = None
@@ -671,7 +643,7 @@ class SelfSignedCert(pulumi.CustomResource):
                early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
-        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
         :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong
                to. This can be read from a separate file using the [`file`](https://www.terraform.io/language/functions/file)
                interpolation function. Only an irreversible secure hash of the private key will be stored in the Terraform state.
@@ -736,7 +708,7 @@ class SelfSignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="earlyRenewalHours")
-    def early_renewal_hours(self) -> pulumi.Output[Optional[int]]:
+    def early_renewal_hours(self) -> pulumi.Output[int]:
         """
         The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
         can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
@@ -756,7 +728,7 @@ class SelfSignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="isCaCertificate")
-    def is_ca_certificate(self) -> pulumi.Output[Optional[bool]]:
+    def is_ca_certificate(self) -> pulumi.Output[bool]:
         """
         Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         """
@@ -766,7 +738,7 @@ class SelfSignedCert(pulumi.CustomResource):
     @pulumi.getter(name="keyAlgorithm")
     def key_algorithm(self) -> pulumi.Output[str]:
         """
-        Name of the algorithm used when generating the private key provided in `private_key_pem`. **NOTE**: this is deprecated and ignored, as the key algorithm is now inferred from the key.
+        Name of the algorithm used when generating the private key provided in `private_key_pem`.
         """
         return pulumi.get(self, "key_algorithm")
 
@@ -790,7 +762,7 @@ class SelfSignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="setAuthorityKeyId")
-    def set_authority_key_id(self) -> pulumi.Output[Optional[bool]]:
+    def set_authority_key_id(self) -> pulumi.Output[bool]:
         """
         Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         """
@@ -798,7 +770,7 @@ class SelfSignedCert(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="setSubjectKeyId")
-    def set_subject_key_id(self) -> pulumi.Output[Optional[bool]]:
+    def set_subject_key_id(self) -> pulumi.Output[bool]:
         """
         Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         """

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/pulumi_tls.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pulumi-tls
-Version: 4.11.0a1678132302
+Version: 5.0.0a0
 Summary: A Pulumi package to create TLS resources in Pulumi programs.
 Home-page: https://pulumi.io
 License: Apache-2.0
@@ -14,7 +14,7 @@ Description-Content-Type: text/markdown
 [![NPM version](https://badge.fury.io/js/%40pulumi%2Ftls.svg)](https://www.npmjs.com/package/@pulumi/tls)
 [![Python version](https://badge.fury.io/py/pulumi-tls.svg)](https://pypi.org/project/pulumi-tls)
 [![NuGet version](https://badge.fury.io/nu/pulumi.tls.svg)](https://badge.fury.io/nu/pulumi.tls)
-[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-tls/sdk/v4/go)](https://pkg.go.dev/github.com/pulumi/pulumi-tls/sdk/v4/go)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/pulumi/pulumi-tls/sdk/v5/go)](https://pkg.go.dev/github.com/pulumi/pulumi-tls/sdk/v5/go)
 [![License](https://img.shields.io/npm/l/%40pulumi%2Fpulumi.svg)](https://github.com/pulumi/pulumi-tls/blob/master/LICENSE)
 
 # TLS Resource Provider
@@ -46,7 +46,7 @@ To use from Python, install using `pip`:
 
 To use from Go, use `go get` to grab the latest version of the library
 
-    $ go get github.com/pulumi/pulumi-tls/sdk/v4
+    $ go get github.com/pulumi/pulumi-tls/sdk/v5
 
 ### .NET
 

{pulumi_tls-4.11.0a1678132302 → pulumi_tls-5.0.0a0}/setup.py

@@ -8,8 +8,8 @@ from setuptools.command.install import install
 from subprocess import check_call
 
 
-VERSION = "4.11.0a1678132302"
-PLUGIN_VERSION = "4.11.0-alpha.1678132302+bc36d2fb"
+VERSION = "5.0.0a0"
+PLUGIN_VERSION = "5.0.0-alpha.0+7c9d3d42"
 
 class InstallPluginCommand(install):
     def run(self):