PyPI - pulumi-tls - Versions diffs - 5.1.0a1709368259__py3-none-any.whl → 5.1.0a1736835965__py3-none-any.whl - Mend

pulumi-tls 5.1.0a1709368259py3-none-any.whl → 5.1.0a1736835965py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

pulumi_tls/_inputs.py +113 -0
pulumi_tls/_utilities.py +41 -5
pulumi_tls/cert_request.py +33 -26
pulumi_tls/config/__init__.pyi +5 -0
pulumi_tls/config/outputs.py +5 -0
pulumi_tls/config/vars.py +5 -0
pulumi_tls/get_certificate.py +18 -5
pulumi_tls/get_public_key.py +30 -9
pulumi_tls/locally_signed_cert.py +9 -45
pulumi_tls/outputs.py +7 -2
pulumi_tls/private_key.py +13 -8
pulumi_tls/provider.py +8 -3
pulumi_tls/pulumi-plugin.json +2 -1
pulumi_tls/self_signed_cert.py +21 -57
{pulumi_tls-5.1.0a1709368259.dist-info → pulumi_tls-5.1.0a1736835965.dist-info}/METADATA +7 -6
pulumi_tls-5.1.0a1736835965.dist-info/RECORD +21 -0
{pulumi_tls-5.1.0a1709368259.dist-info → pulumi_tls-5.1.0a1736835965.dist-info}/WHEEL +1 -1
pulumi_tls-5.1.0a1709368259.dist-info/RECORD +0 -21
{pulumi_tls-5.1.0a1709368259.dist-info → pulumi_tls-5.1.0a1736835965.dist-info}/top_level.txt +0 -0

pulumi_tls/_inputs.py CHANGED Viewed

@@ -4,17 +4,68 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = [
     'CertRequestSubjectArgs',
+    'CertRequestSubjectArgsDict',
     'ProviderProxyArgs',
+    'ProviderProxyArgsDict',
     'SelfSignedCertSubjectArgs',
+    'SelfSignedCertSubjectArgsDict',
 ]
+MYPY = False
+if not MYPY:
+    class CertRequestSubjectArgsDict(TypedDict):
+        common_name: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `CN`
+        """
+        country: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `C`
+        """
+        locality: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `L`
+        """
+        organization: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `O`
+        """
+        organizational_unit: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `OU`
+        """
+        postal_code: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `PC`
+        """
+        province: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `ST`
+        """
+        serial_number: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `SERIALNUMBER`
+        """
+        street_addresses: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Distinguished name: `STREET`
+        """
+elif False:
+    CertRequestSubjectArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class CertRequestSubjectArgs:
     def __init__(__self__, *,
@@ -166,6 +217,27 @@ class CertRequestSubjectArgs:
         pulumi.set(self, "street_addresses", value)
+if not MYPY:
+    class ProviderProxyArgsDict(TypedDict):
+        from_env: NotRequired[pulumi.Input[bool]]
+        """
+        When `true` the provider will discover the proxy configuration from environment variables. This is based upon [`http.ProxyFromEnvironment`](https://pkg.go.dev/net/http#ProxyFromEnvironment) and it supports the same environment variables (default: `true`).
+        """
+        password: NotRequired[pulumi.Input[str]]
+        """
+        Password used for Basic authentication against the Proxy.
+        """
+        url: NotRequired[pulumi.Input[str]]
+        """
+        URL used to connect to the Proxy. Accepted schemes are: `http`, `https`, `socks5`.
+        """
+        username: NotRequired[pulumi.Input[str]]
+        """
+        Username (or Token) used for Basic authentication against the Proxy.
+        """
+elif False:
+    ProviderProxyArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class ProviderProxyArgs:
     def __init__(__self__, *,
@@ -237,6 +309,47 @@ class ProviderProxyArgs:
         pulumi.set(self, "username", value)
+if not MYPY:
+    class SelfSignedCertSubjectArgsDict(TypedDict):
+        common_name: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `CN`
+        """
+        country: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `C`
+        """
+        locality: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `L`
+        """
+        organization: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `O`
+        """
+        organizational_unit: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `OU`
+        """
+        postal_code: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `PC`
+        """
+        province: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `ST`
+        """
+        serial_number: NotRequired[pulumi.Input[str]]
+        """
+        Distinguished name: `SERIALNUMBER`
+        """
+        street_addresses: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Distinguished name: `STREET`
+        """
+elif False:
+    SelfSignedCertSubjectArgsDict: TypeAlias = Mapping[str, Any]
 @pulumi.input_type
 class SelfSignedCertSubjectArgs:
     def __init__(__self__, *,

pulumi_tls/_utilities.py CHANGED Viewed

@@ -4,6 +4,7 @@
 import asyncio
+import functools
 import importlib.metadata
 import importlib.util
 import inspect
@@ -11,14 +12,19 @@ import json
 import os
 import sys
 import typing
+import warnings
+import base64
 import pulumi
 import pulumi.runtime
 from pulumi.runtime.sync_await import _sync_await
+from pulumi.runtime.proto import resource_pb2
 from semver import VersionInfo as SemverVersion
 from parver import Version as PEP440Version
+C = typing.TypeVar("C", bound=typing.Callable)
 def get_env(*args):
     for v in args:
@@ -96,10 +102,6 @@ def _get_semver_version():
 _version = _get_semver_version()
 _version_str = str(_version)
-def get_version():
-    return _version_str
 def get_resource_opts_defaults() -> pulumi.ResourceOptions:
     return pulumi.ResourceOptions(
         version=get_version(),
@@ -262,7 +264,7 @@ def call_plain(
     output = pulumi.runtime.call(tok, props, res, typ)
     # Ingoring deps silently. They are typically non-empty, r.f() calls include r as a dependency.
-    result, known, secret, _ = _sync_await(asyncio.ensure_future(_await_output(output)))
+    result, known, secret, _ = _sync_await(asyncio.create_task(_await_output(output)))
     problem = None
     if not known:
@@ -287,5 +289,39 @@ async def _await_output(o: pulumi.Output[typing.Any]) -> typing.Tuple[object, bo
         await o._resources,
     )
+# This is included to provide an upgrade path for users who are using a version
+# of the Pulumi SDK (<3.121.0) that does not include the `deprecated` decorator.
+def deprecated(message: str) -> typing.Callable[[C], C]:
+    """
+    Decorator to indicate a function is deprecated.
+    As well as inserting appropriate statements to indicate that the function is
+    deprecated, this decorator also tags the function with a special attribute
+    so that Pulumi code can detect that it is deprecated and react appropriately
+    in certain situations.
+    message is the deprecation message that should be printed if the function is called.
+    """
+    def decorator(fn: C) -> C:
+        if not callable(fn):
+            raise TypeError("Expected fn to be callable")
+        @functools.wraps(fn)
+        def deprecated_fn(*args, **kwargs):
+            warnings.warn(message)
+            pulumi.warn(f"{fn.__name__} is deprecated: {message}")
+            return fn(*args, **kwargs)
+        deprecated_fn.__dict__["_pulumi_deprecated_callable"] = fn
+        return typing.cast(C, deprecated_fn)
+    return decorator
 def get_plugin_download_url():
 	return None
+def get_version():
+     return _version_str

pulumi_tls/cert_request.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from . import outputs
 from ._inputs import *
@@ -23,7 +28,7 @@ class CertRequestArgs:
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         The set of arguments for constructing a CertRequest resource.
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input['CertRequestSubjectArgs'] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
@@ -43,7 +48,7 @@ class CertRequestArgs:
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> pulumi.Input[str]:
         """
-        Private key in PEM (RFC 1421) interpolation function.
+        Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         """
         return pulumi.get(self, "private_key_pem")
@@ -112,11 +117,11 @@ class _CertRequestState:
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         Input properties used for looking up and filtering CertRequest resources.
-        :param pulumi.Input[str] cert_request_pem: The certificate request data in PEM (RFC 1421).
+        :param pulumi.Input[str] cert_request_pem: The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         :param pulumi.Input['CertRequestSubjectArgs'] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
         """
@@ -139,7 +144,7 @@ class _CertRequestState:
     @pulumi.getter(name="certRequestPem")
     def cert_request_pem(self) -> Optional[pulumi.Input[str]]:
         """
-        The certificate request data in PEM (RFC 1421).
+        The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_request_pem")
@@ -187,7 +192,7 @@ class _CertRequestState:
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> Optional[pulumi.Input[str]]:
         """
-        Private key in PEM (RFC 1421) interpolation function.
+        Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         """
         return pulumi.get(self, "private_key_pem")
@@ -228,7 +233,7 @@ class CertRequest(pulumi.CustomResource):
                  dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
-                 subject: Optional[pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']]] = None,
+                 subject: Optional[pulumi.Input[Union['CertRequestSubjectArgs', 'CertRequestSubjectArgsDict']]] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  __props__=None):
         """
@@ -236,22 +241,23 @@ class CertRequest(pulumi.CustomResource):
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_tls as tls
         example = tls.CertRequest("example",
-            private_key_pem=(lambda path: open(path).read())("private_key.pem"),
-            subject=tls.CertRequestSubjectArgs(
-                common_name="example.com",
-                organization="ACME Examples, Inc",
-            ))
+            private_key_pem=std.file(input="private_key.pem").result,
+            subject={
+                "common_name": "example.com",
+                "organization": "ACME Examples, Inc",
+            })
         ```
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
-        :param pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
+        :param pulumi.Input[Union['CertRequestSubjectArgs', 'CertRequestSubjectArgsDict']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
         """
         ...
@@ -265,14 +271,15 @@ class CertRequest(pulumi.CustomResource):
         ```python
         import pulumi
+        import pulumi_std as std
         import pulumi_tls as tls
         example = tls.CertRequest("example",
-            private_key_pem=(lambda path: open(path).read())("private_key.pem"),
-            subject=tls.CertRequestSubjectArgs(
-                common_name="example.com",
-                organization="ACME Examples, Inc",
-            ))
+            private_key_pem=std.file(input="private_key.pem").result,
+            subject={
+                "common_name": "example.com",
+                "organization": "ACME Examples, Inc",
+            })
         ```
         :param str resource_name: The name of the resource.
@@ -293,7 +300,7 @@ class CertRequest(pulumi.CustomResource):
                  dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
-                 subject: Optional[pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']]] = None,
+                 subject: Optional[pulumi.Input[Union['CertRequestSubjectArgs', 'CertRequestSubjectArgsDict']]] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -330,7 +337,7 @@ class CertRequest(pulumi.CustomResource):
             ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             key_algorithm: Optional[pulumi.Input[str]] = None,
             private_key_pem: Optional[pulumi.Input[str]] = None,
-            subject: Optional[pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']]] = None,
+            subject: Optional[pulumi.Input[Union['CertRequestSubjectArgs', 'CertRequestSubjectArgsDict']]] = None,
             uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'CertRequest':
         """
         Get an existing CertRequest resource's state with the given name, id, and optional extra
@@ -339,12 +346,12 @@ class CertRequest(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] cert_request_pem: The certificate request data in PEM (RFC 1421).
+        :param pulumi.Input[str] cert_request_pem: The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
-        :param pulumi.Input[pulumi.InputType['CertRequestSubjectArgs']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
+        :param pulumi.Input[Union['CertRequestSubjectArgs', 'CertRequestSubjectArgsDict']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -364,7 +371,7 @@ class CertRequest(pulumi.CustomResource):
     @pulumi.getter(name="certRequestPem")
     def cert_request_pem(self) -> pulumi.Output[str]:
         """
-        The certificate request data in PEM (RFC 1421).
+        The certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_request_pem")
@@ -396,7 +403,7 @@ class CertRequest(pulumi.CustomResource):
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> pulumi.Output[str]:
         """
-        Private key in PEM (RFC 1421) interpolation function.
+        Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         """
         return pulumi.get(self, "private_key_pem")

pulumi_tls/config/__init__.pyi CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs

pulumi_tls/config/outputs.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 __all__ = [

pulumi_tls/config/vars.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs

pulumi_tls/get_certificate.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from . import outputs
@@ -117,13 +122,10 @@ def get_certificate(content: Optional[str] = None,
         id=pulumi.get(__ret__, 'id'),
         url=pulumi.get(__ret__, 'url'),
         verify_chain=pulumi.get(__ret__, 'verify_chain'))
-@_utilities.lift_output_func(get_certificate)
 def get_certificate_output(content: Optional[pulumi.Input[Optional[str]]] = None,
                            url: Optional[pulumi.Input[Optional[str]]] = None,
                            verify_chain: Optional[pulumi.Input[Optional[bool]]] = None,
-                           opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCertificateResult]:
+                           opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetCertificateResult]:
     """
     Use this data source to access information about an existing resource.
@@ -131,4 +133,15 @@ def get_certificate_output(content: Optional[pulumi.Input[Optional[str]]] = None
     :param str url: The URL of the website to get the certificates from. Cannot be used with `content`.
     :param bool verify_chain: Whether to verify the certificate chain while parsing it or not (default: `true`). Cannot be used with `content`.
     """
-    ...
+    __args__ = dict()
+    __args__['content'] = content
+    __args__['url'] = url
+    __args__['verifyChain'] = verify_chain
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('tls:index/getCertificate:getCertificate', __args__, opts=opts, typ=GetCertificateResult)
+    return __ret__.apply(lambda __response__: GetCertificateResult(
+        certificates=pulumi.get(__response__, 'certificates'),
+        content=pulumi.get(__response__, 'content'),
+        id=pulumi.get(__response__, 'id'),
+        url=pulumi.get(__response__, 'url'),
+        verify_chain=pulumi.get(__response__, 'verify_chain')))

pulumi_tls/get_public_key.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = [
@@ -99,7 +104,7 @@ class GetPublicKeyResult:
     @pulumi.getter(name="publicKeyOpenssh")
     def public_key_openssh(self) -> str:
         """
-        The public key, in  OpenSSH PEM (RFC 4716).
+        The public key, in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format. This is also known as ['Authorized Keys'](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "public_key_openssh")
@@ -107,7 +112,7 @@ class GetPublicKeyResult:
     @pulumi.getter(name="publicKeyPem")
     def public_key_pem(self) -> str:
         """
-        The public key, in PEM (RFC 1421).
+        The public key, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "public_key_pem")
@@ -140,11 +145,14 @@ def get_public_key(private_key_openssh: Optional[str] = None,
     ```python
     import pulumi
+    import pulumi_std as std
     import pulumi_tls as tls
     ed25519_example = tls.PrivateKey("ed25519-example", algorithm="ED25519")
+    # Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
     private_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)
-    private_key_openssh_example = tls.get_public_key(private_key_openssh=(lambda path: open(path).read())("~/.ssh/id_rsa_rfc4716"))
+    # Public key loaded from filesystem, using the Open SSH (RFC 4716) format
+    private_key_openssh_example = tls.get_public_key(private_key_openssh=std.file(input="~/.ssh/id_rsa_rfc4716").result)
     ```
@@ -166,12 +174,9 @@ def get_public_key(private_key_openssh: Optional[str] = None,
         public_key_fingerprint_sha256=pulumi.get(__ret__, 'public_key_fingerprint_sha256'),
         public_key_openssh=pulumi.get(__ret__, 'public_key_openssh'),
         public_key_pem=pulumi.get(__ret__, 'public_key_pem'))
-@_utilities.lift_output_func(get_public_key)
 def get_public_key_output(private_key_openssh: Optional[pulumi.Input[Optional[str]]] = None,
                           private_key_pem: Optional[pulumi.Input[Optional[str]]] = None,
-                          opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetPublicKeyResult]:
+                          opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetPublicKeyResult]:
     """
     Get a public key from a PEM-encoded private key.
@@ -181,15 +186,31 @@ def get_public_key_output(private_key_openssh: Optional[pulumi.Input[Optional[st
     ```python
     import pulumi
+    import pulumi_std as std
     import pulumi_tls as tls
     ed25519_example = tls.PrivateKey("ed25519-example", algorithm="ED25519")
+    # Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
     private_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)
-    private_key_openssh_example = tls.get_public_key(private_key_openssh=(lambda path: open(path).read())("~/.ssh/id_rsa_rfc4716"))
+    # Public key loaded from filesystem, using the Open SSH (RFC 4716) format
+    private_key_openssh_example = tls.get_public_key(private_key_openssh=std.file(input="~/.ssh/id_rsa_rfc4716").result)
     ```
     :param str private_key_openssh: The private key (in  [OpenSSH PEM (RFC 4716)](https://datatracker.ietf.org/doc/html/rfc4716) format) to extract the public key from. This is *mutually exclusive* with `private_key_pem`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
     :param str private_key_pem: The private key (in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format) to extract the public key from. This is *mutually exclusive* with `private_key_openssh`. Currently-supported algorithms for keys are: `RSA`, `ECDSA`, `ED25519`.
     """
-    ...
+    __args__ = dict()
+    __args__['privateKeyOpenssh'] = private_key_openssh
+    __args__['privateKeyPem'] = private_key_pem
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('tls:index/getPublicKey:getPublicKey', __args__, opts=opts, typ=GetPublicKeyResult)
+    return __ret__.apply(lambda __response__: GetPublicKeyResult(
+        algorithm=pulumi.get(__response__, 'algorithm'),
+        id=pulumi.get(__response__, 'id'),
+        private_key_openssh=pulumi.get(__response__, 'private_key_openssh'),
+        private_key_pem=pulumi.get(__response__, 'private_key_pem'),
+        public_key_fingerprint_md5=pulumi.get(__response__, 'public_key_fingerprint_md5'),
+        public_key_fingerprint_sha256=pulumi.get(__response__, 'public_key_fingerprint_sha256'),
+        public_key_openssh=pulumi.get(__response__, 'public_key_openssh'),
+        public_key_pem=pulumi.get(__response__, 'public_key_pem')))

pulumi_tls/locally_signed_cert.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = ['LocallySignedCertArgs', 'LocallySignedCert']
@@ -29,11 +34,6 @@ class LocallySignedCertArgs:
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         """
@@ -112,13 +112,6 @@ class LocallySignedCertArgs:
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
-        """
-        The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-        can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-        certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-        revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-        early renewal period. (default: `0`)
-        """
         return pulumi.get(self, "early_renewal_hours")
     @early_renewal_hours.setter
@@ -172,13 +165,8 @@ class _LocallySignedCertState:
         :param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[str] cert_pem: Certificate data in PEM (RFC 1421).
+        :param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
@@ -265,7 +253,7 @@ class _LocallySignedCertState:
     @pulumi.getter(name="certPem")
     def cert_pem(self) -> Optional[pulumi.Input[str]]:
         """
-        Certificate data in PEM (RFC 1421).
+        Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_pem")
@@ -288,13 +276,6 @@ class _LocallySignedCertState:
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
-        """
-        The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-        can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-        certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-        revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-        early renewal period. (default: `0`)
-        """
         return pulumi.get(self, "early_renewal_hours")
     @early_renewal_hours.setter
@@ -396,11 +377,6 @@ class LocallySignedCert(pulumi.CustomResource):
         :param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         :param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
@@ -504,13 +480,8 @@ class LocallySignedCert(pulumi.CustomResource):
         :param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
         :param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
         :param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[str] cert_pem: Certificate data in PEM (RFC 1421).
+        :param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
@@ -573,7 +544,7 @@ class LocallySignedCert(pulumi.CustomResource):
     @pulumi.getter(name="certPem")
     def cert_pem(self) -> pulumi.Output[str]:
         """
-        Certificate data in PEM (RFC 1421).
+        Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_pem")
@@ -588,13 +559,6 @@ class LocallySignedCert(pulumi.CustomResource):
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> pulumi.Output[int]:
-        """
-        The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-        can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-        certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-        revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-        early renewal period. (default: `0`)
-        """
         return pulumi.get(self, "early_renewal_hours")
     @property

pulumi_tls/outputs.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = [
@@ -310,7 +315,7 @@ class GetCertificateCertificateResult(dict):
                  subject: str,
                  version: int):
         """
-        :param str cert_pem: Certificate data in PEM (RFC 1421).
+        :param str cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param bool is_ca: `true` if the certificate is of a CA (Certificate Authority).
         :param str issuer: Who verified and signed the certificate, roughly following [RFC2253](https://tools.ietf.org/html/rfc2253).
         :param str not_after: The time until which the certificate is invalid, as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
@@ -339,7 +344,7 @@ class GetCertificateCertificateResult(dict):
     @pulumi.getter(name="certPem")
     def cert_pem(self) -> str:
         """
-        Certificate data in PEM (RFC 1421).
+        Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_pem")

pulumi_tls/private_key.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = ['PrivateKeyArgs', 'PrivateKey']
@@ -88,8 +93,8 @@ class _PrivateKeyState:
         :param pulumi.Input[str] private_key_pem_pkcs8: Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.
         :param pulumi.Input[str] public_key_fingerprint_md5: The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
         :param pulumi.Input[str] public_key_fingerprint_sha256: The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
-        :param pulumi.Input[str] public_key_openssh: The public key data in "Authorized Keys".
-        :param pulumi.Input[str] public_key_pem: Public key data in PEM (RFC 1421).
+        :param pulumi.Input[str] public_key_openssh: The public key data in ["Authorized Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
+        :param pulumi.Input[str] public_key_pem: Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[int] rsa_bits: When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`).
         """
         if algorithm is not None:
@@ -201,7 +206,7 @@ class _PrivateKeyState:
     @pulumi.getter(name="publicKeyOpenssh")
     def public_key_openssh(self) -> Optional[pulumi.Input[str]]:
         """
-        The public key data in "Authorized Keys".
+        The public key data in ["Authorized Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "public_key_openssh")
@@ -213,7 +218,7 @@ class _PrivateKeyState:
     @pulumi.getter(name="publicKeyPem")
     def public_key_pem(self) -> Optional[pulumi.Input[str]]:
         """
-        Public key data in PEM (RFC 1421).
+        Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "public_key_pem")
@@ -334,8 +339,8 @@ class PrivateKey(pulumi.CustomResource):
         :param pulumi.Input[str] private_key_pem_pkcs8: Private key data in [PKCS#8 PEM (RFC 5208)](https://datatracker.ietf.org/doc/html/rfc5208) format.
         :param pulumi.Input[str] public_key_fingerprint_md5: The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
         :param pulumi.Input[str] public_key_fingerprint_sha256: The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. `SHA256:...`. Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the ECDSA P224 limitations.
-        :param pulumi.Input[str] public_key_openssh: The public key data in "Authorized Keys".
-        :param pulumi.Input[str] public_key_pem: Public key data in PEM (RFC 1421).
+        :param pulumi.Input[str] public_key_openssh: The public key data in ["Authorized Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
+        :param pulumi.Input[str] public_key_pem: Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[int] rsa_bits: When `algorithm` is `RSA`, the size of the generated RSA key, in bits (default: `2048`).
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -414,7 +419,7 @@ class PrivateKey(pulumi.CustomResource):
     @pulumi.getter(name="publicKeyOpenssh")
     def public_key_openssh(self) -> pulumi.Output[str]:
         """
-        The public key data in "Authorized Keys".
+        The public key data in ["Authorized Keys"](https://www.ssh.com/academy/ssh/authorized_keys/openssh#format-of-the-authorized-keys-file) format. This is not populated for `ECDSA` with curve `P224`, as it is not supported. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "public_key_openssh")
@@ -422,7 +427,7 @@ class PrivateKey(pulumi.CustomResource):
     @pulumi.getter(name="publicKeyPem")
     def public_key_pem(self) -> pulumi.Output[str]:
         """
-        Public key data in PEM (RFC 1421).
+        Public key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "public_key_pem")

pulumi_tls/provider.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from ._inputs import *
@@ -41,7 +46,7 @@ class Provider(pulumi.ProviderResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 proxy: Optional[pulumi.Input[pulumi.InputType['ProviderProxyArgs']]] = None,
+                 proxy: Optional[pulumi.Input[Union['ProviderProxyArgs', 'ProviderProxyArgsDict']]] = None,
                  __props__=None):
         """
         The provider type for the tls package. By default, resources use package-wide configuration
@@ -51,7 +56,7 @@ class Provider(pulumi.ProviderResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[pulumi.InputType['ProviderProxyArgs']] proxy: Proxy used by resources and data sources that connect to external endpoints.
+        :param pulumi.Input[Union['ProviderProxyArgs', 'ProviderProxyArgsDict']] proxy: Proxy used by resources and data sources that connect to external endpoints.
         """
         ...
     @overload
@@ -80,7 +85,7 @@ class Provider(pulumi.ProviderResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 proxy: Optional[pulumi.Input[pulumi.InputType['ProviderProxyArgs']]] = None,
+                 proxy: Optional[pulumi.Input[Union['ProviderProxyArgs', 'ProviderProxyArgsDict']]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):

pulumi_tls/pulumi-plugin.json CHANGED Viewed

@@ -1,4 +1,5 @@
 {
   "resource": true,
-  "name": "tls"
+  "name": "tls",
+  "version": "5.1.0-alpha.1736835965"
 }

pulumi_tls/self_signed_cert.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 from . import outputs
 from ._inputs import *
@@ -30,14 +35,9 @@ class SelfSignedCertArgs:
         """
         The set of arguments for constructing a SelfSignedCert resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         :param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
@@ -81,7 +81,7 @@ class SelfSignedCertArgs:
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> pulumi.Input[str]:
         """
-        Private key in PEM (RFC 1421) interpolation function.
+        Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         """
         return pulumi.get(self, "private_key_pem")
@@ -116,13 +116,6 @@ class SelfSignedCertArgs:
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
-        """
-        The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-        can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-        certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-        revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-        early renewal period. (default: `0`)
-        """
         return pulumi.get(self, "early_renewal_hours")
     @early_renewal_hours.setter
@@ -224,17 +217,12 @@ class _SelfSignedCertState:
         """
         Input properties used for looking up and filtering SelfSignedCert resources.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
-        :param pulumi.Input[str] cert_pem: Certificate data in PEM (RFC 1421).
+        :param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         :param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
         :param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
@@ -293,7 +281,7 @@ class _SelfSignedCertState:
     @pulumi.getter(name="certPem")
     def cert_pem(self) -> Optional[pulumi.Input[str]]:
         """
-        Certificate data in PEM (RFC 1421).
+        Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_pem")
@@ -316,13 +304,6 @@ class _SelfSignedCertState:
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
-        """
-        The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-        can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-        certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-        revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-        early renewal period. (default: `0`)
-        """
         return pulumi.get(self, "early_renewal_hours")
     @early_renewal_hours.setter
@@ -369,7 +350,7 @@ class _SelfSignedCertState:
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> Optional[pulumi.Input[str]]:
         """
-        Private key in PEM (RFC 1421) interpolation function.
+        Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         """
         return pulumi.get(self, "private_key_pem")
@@ -487,7 +468,7 @@ class SelfSignedCert(pulumi.CustomResource):
                  private_key_pem: Optional[pulumi.Input[str]] = None,
                  set_authority_key_id: Optional[pulumi.Input[bool]] = None,
                  set_subject_key_id: Optional[pulumi.Input[bool]] = None,
-                 subject: Optional[pulumi.Input[pulumi.InputType['SelfSignedCertSubjectArgs']]] = None,
+                 subject: Optional[pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']]] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  validity_period_hours: Optional[pulumi.Input[int]] = None,
                  __props__=None):
@@ -497,17 +478,12 @@ class SelfSignedCert(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         :param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
-        :param pulumi.Input[pulumi.InputType['SelfSignedCertSubjectArgs']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
+        :param pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
         """
@@ -542,7 +518,7 @@ class SelfSignedCert(pulumi.CustomResource):
                  private_key_pem: Optional[pulumi.Input[str]] = None,
                  set_authority_key_id: Optional[pulumi.Input[bool]] = None,
                  set_subject_key_id: Optional[pulumi.Input[bool]] = None,
-                 subject: Optional[pulumi.Input[pulumi.InputType['SelfSignedCertSubjectArgs']]] = None,
+                 subject: Optional[pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']]] = None,
                  uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  validity_period_hours: Optional[pulumi.Input[int]] = None,
                  __props__=None):
@@ -599,7 +575,7 @@ class SelfSignedCert(pulumi.CustomResource):
             ready_for_renewal: Optional[pulumi.Input[bool]] = None,
             set_authority_key_id: Optional[pulumi.Input[bool]] = None,
             set_subject_key_id: Optional[pulumi.Input[bool]] = None,
-            subject: Optional[pulumi.Input[pulumi.InputType['SelfSignedCertSubjectArgs']]] = None,
+            subject: Optional[pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']]] = None,
             uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             validity_end_time: Optional[pulumi.Input[str]] = None,
             validity_period_hours: Optional[pulumi.Input[int]] = None,
@@ -612,21 +588,16 @@ class SelfSignedCert(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
-        :param pulumi.Input[str] cert_pem: Certificate data in PEM (RFC 1421).
+        :param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
-        :param pulumi.Input[int] early_renewal_hours: The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-               can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-               certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-               revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-               early renewal period. (default: `0`)
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
         :param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
-        :param pulumi.Input[str] private_key_pem: Private key in PEM (RFC 1421) interpolation function.
+        :param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         :param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
         :param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
         :param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
-        :param pulumi.Input[pulumi.InputType['SelfSignedCertSubjectArgs']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
+        :param pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
         :param pulumi.Input[str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
         :param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
@@ -666,7 +637,7 @@ class SelfSignedCert(pulumi.CustomResource):
     @pulumi.getter(name="certPem")
     def cert_pem(self) -> pulumi.Output[str]:
         """
-        Certificate data in PEM (RFC 1421).
+        Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
         """
         return pulumi.get(self, "cert_pem")
@@ -681,13 +652,6 @@ class SelfSignedCert(pulumi.CustomResource):
     @property
     @pulumi.getter(name="earlyRenewalHours")
     def early_renewal_hours(self) -> pulumi.Output[int]:
-        """
-        The resource will consider the certificate to have expired the given number of hours before its actual expiry time. This
-        can be useful to deploy an updated certificate in advance of the expiration of the current certificate. However, the old
-        certificate remains valid until its true expiration time, since this resource does not (and cannot) support certificate
-        revocation. Also, this advance update can only be performed should the Terraform configuration be applied during the
-        early renewal period. (default: `0`)
-        """
         return pulumi.get(self, "early_renewal_hours")
     @property
@@ -718,7 +682,7 @@ class SelfSignedCert(pulumi.CustomResource):
     @pulumi.getter(name="privateKeyPem")
     def private_key_pem(self) -> pulumi.Output[str]:
         """
-        Private key in PEM (RFC 1421) interpolation function.
+        Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to. This can be read from a separate file using the `file` interpolation function.
         """
         return pulumi.get(self, "private_key_pem")

{pulumi_tls-5.1.0a1709368259.dist-info → pulumi_tls-5.1.0a1736835965.dist-info}/METADATA RENAMED Viewed

@@ -1,16 +1,17 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.2
 Name: pulumi_tls
-Version: 5.1.0a1709368259
+Version: 5.1.0a1736835965
 Summary: A Pulumi package to create TLS resources in Pulumi programs.
 License: Apache-2.0
 Project-URL: Homepage, https://pulumi.io
 Project-URL: Repository, https://github.com/pulumi/pulumi-tls
 Keywords: pulumi,tls
-Requires-Python: >=3.8
+Requires-Python: >=3.9
 Description-Content-Type: text/markdown
-Requires-Dist: parver >=0.2.1
-Requires-Dist: pulumi <4.0.0,>=3.0.0
-Requires-Dist: semver >=2.8.1
+Requires-Dist: parver>=0.2.1
+Requires-Dist: pulumi<4.0.0,>=3.142.0
+Requires-Dist: semver>=2.8.1
+Requires-Dist: typing-extensions>=4.11; python_version < "3.11"
 [![Actions Status](https://github.com/pulumi/pulumi-tls/workflows/master/badge.svg)](https://github.com/pulumi/pulumi-tls/actions)
 [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com)

pulumi_tls-5.1.0a1736835965.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,21 @@
+pulumi_tls/__init__.py,sha256=Fk7hjyRIMx42E0iGoNp4d238SBG6PAUxDzvlIndTJck,1523
+pulumi_tls/_inputs.py,sha256=PQxQn6BDHAQwXF-qvyfIdMAbsixOzmzKym5ANi10wIU,17876
+pulumi_tls/_utilities.py,sha256=-gxwnD6__OYdSf8jJgJijNuu-UHUwi5pJ1H7-eIHDhg,10504
+pulumi_tls/cert_request.py,sha256=R5fJPBIewv1tIx7nqOUj9PL9tmxeFgShMmYXeVeXE1U,23043
+pulumi_tls/get_certificate.py,sha256=kbPamAhcT_bW9nL37bHxj48D0LzdLWwSiw4ir5nW7L4,6376
+pulumi_tls/get_public_key.py,sha256=ndZDPFICnzqvcDl1DDfiimtn5ZRJXEb8YHHQGNxCSQI,12375
+pulumi_tls/locally_signed_cert.py,sha256=WStwmPMzTraFvM9hUJ3PQHoug62hkhM_YESzugEtGdU,38405
+pulumi_tls/outputs.py,sha256=9Q2gHOiTBCNAhI7p6J9POXrctjp3avC-89hVlfo8ia4,15751
+pulumi_tls/private_key.py,sha256=isK_78l0Hhm_OKaOq546gDPTkwFDZG_VP7thH1e_YSI,25535
+pulumi_tls/provider.py,sha256=kozHxv6INMJ2zUDv2d8TQmJGr7uFVHPoieddw0M3iPo,4787
+pulumi_tls/pulumi-plugin.json,sha256=P3FcRMRSubBgnjZ4XjYL0iJPFkOikn4_GRT3xfo746g,79
+pulumi_tls/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+pulumi_tls/self_signed_cert.py,sha256=pocshB1RvT2FaDlcKRasq8sbT5lW1-XNkWKwoRttFQw,48642
+pulumi_tls/config/__init__.py,sha256=cfY0smRZD3fDVc93ZIAxEl_IM2pynmXB52n3Ahzi030,285
+pulumi_tls/config/__init__.pyi,sha256=fnsZ-Suvu3YbJRGB-tjcmI1mjoq0AzdZXUZHXdbnNCk,648
+pulumi_tls/config/outputs.py,sha256=zzpj6leD9hzCMjZXOO0Pz53IdeDBUZbiPjr-HrSicWw,2827
+pulumi_tls/config/vars.py,sha256=IIfZBN532Qh-2Z1O5ANibIraohA229yGyNP03b-PmNY,835
+pulumi_tls-5.1.0a1736835965.dist-info/METADATA,sha256=Ib0FB0P72os5Azog_cqczyc1jgjGLVktAld-K1tktBM,2490
+pulumi_tls-5.1.0a1736835965.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+pulumi_tls-5.1.0a1736835965.dist-info/top_level.txt,sha256=w0yJOTuCUb1BpNsSTm0FJZPucueobFIfzPGzjYklx1U,11
+pulumi_tls-5.1.0a1736835965.dist-info/RECORD,,

{pulumi_tls-5.1.0a1709368259.dist-info → pulumi_tls-5.1.0a1736835965.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: setuptools (75.8.0)
 Root-Is-Purelib: true
 Tag: py3-none-any

pulumi_tls-5.1.0a1709368259.dist-info/RECORD DELETED Viewed

@@ -1,21 +0,0 @@
-pulumi_tls/__init__.py,sha256=Fk7hjyRIMx42E0iGoNp4d238SBG6PAUxDzvlIndTJck,1523
-pulumi_tls/_inputs.py,sha256=KVpnu-mvOyzrpVpdrb90KBWDhaN_i67rIkdR3d8qJlw,14351
-pulumi_tls/_utilities.py,sha256=b6gJn0IIeM1t6Q7EVjqw3yhuGyP-uENQhtL5yp7aHR8,9248
-pulumi_tls/cert_request.py,sha256=36qmjbtEgZE6QAqYk0oNVtPjn8VSha50_Tzs8XNR7Mw,20391
-pulumi_tls/get_certificate.py,sha256=lUy1OLl5oA8GbQnOeVy6F7Sfd8pWSgCnZ1g9gV9Jr30,5540
-pulumi_tls/get_public_key.py,sha256=1vo4D1xf6z33AwgCrh4tR6qARrp7PBwUlAEli5Y-ldE,9965
-pulumi_tls/locally_signed_cert.py,sha256=4NvYD8E-YpLQ-rIncp90RC7FDtJoMSYkoOjmuXHm2zM,41155
-pulumi_tls/outputs.py,sha256=3Yjo4iKbFD4gJQhCGGWwocpCAuS3V-d6nvQ9lseB3Qg,14909
-pulumi_tls/private_key.py,sha256=l7YLkUhXlp-lLWST8p34AoR0zMI_Dj2qRlQEf8sjMVg,22201
-pulumi_tls/provider.py,sha256=GAIHbL660HmefqI6S05zA77JT1tVZVpxwSKnONjxqIM,4571
-pulumi_tls/pulumi-plugin.json,sha256=2ADHqCdf08udDO1YqVdDR76NxjDeYeP-Cs1zG4KQmnk,40
-pulumi_tls/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-pulumi_tls/self_signed_cert.py,sha256=t_MyOK6xCSMMiBeCcNZEKdafd5w903BTKt5ufrfKl4M,50239
-pulumi_tls/config/__init__.py,sha256=cfY0smRZD3fDVc93ZIAxEl_IM2pynmXB52n3Ahzi030,285
-pulumi_tls/config/__init__.pyi,sha256=kaPJpeRs8A7zNA-3MY-QL0zyxMV0oqUrYrsLj3HpqEg,474
-pulumi_tls/config/outputs.py,sha256=SYfBlhKnqFeIaEpQLFgdBfABD4pzTkAlZTuwWWsGQ4A,2653
-pulumi_tls/config/vars.py,sha256=wTZ5QbW-pH76tJ5PSA2zAFV4bPdtC5pmxQsV7jRd3c8,661
-pulumi_tls-5.1.0a1709368259.dist-info/METADATA,sha256=TprW2QEFn1IS1TgTIJ46zYV8b3hlY1iQUZzPSbUvJWc,2427
-pulumi_tls-5.1.0a1709368259.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-pulumi_tls-5.1.0a1709368259.dist-info/top_level.txt,sha256=w0yJOTuCUb1BpNsSTm0FJZPucueobFIfzPGzjYklx1U,11
-pulumi_tls-5.1.0a1709368259.dist-info/RECORD,,

{pulumi_tls-5.1.0a1709368259.dist-info → pulumi_tls-5.1.0a1736835965.dist-info}/top_level.txt RENAMED Viewed

File without changes

pulumi-tls 5.1.0a1709368259__py3-none-any.whl → 5.1.0a1736835965__py3-none-any.whl

pulumi-tls 5.1.0a1709368259py3-none-any.whl → 5.1.0a1736835965py3-none-any.whl