pulumi-tls 5.2.0a1743575896__py3-none-any.whl → 5.2.0a1744183475__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_tls/__init__.py +1 -0
- pulumi_tls/_inputs.py +113 -112
- pulumi_tls/cert_request.py +71 -70
- pulumi_tls/config/__init__.py +1 -0
- pulumi_tls/config/__init__.pyi +1 -0
- pulumi_tls/config/outputs.py +13 -12
- pulumi_tls/config/vars.py +1 -0
- pulumi_tls/get_certificate.py +17 -16
- pulumi_tls/get_public_key.py +17 -16
- pulumi_tls/locally_signed_cert.py +144 -143
- pulumi_tls/outputs.py +91 -90
- pulumi_tls/private_key.py +92 -91
- pulumi_tls/provider.py +1 -0
- pulumi_tls/pulumi-plugin.json +1 -1
- pulumi_tls/self_signed_cert.py +175 -174
- {pulumi_tls-5.2.0a1743575896.dist-info → pulumi_tls-5.2.0a1744183475.dist-info}/METADATA +1 -1
- pulumi_tls-5.2.0a1744183475.dist-info/RECORD +21 -0
- pulumi_tls-5.2.0a1743575896.dist-info/RECORD +0 -21
- {pulumi_tls-5.2.0a1743575896.dist-info → pulumi_tls-5.2.0a1744183475.dist-info}/WHEEL +0 -0
- {pulumi_tls-5.2.0a1743575896.dist-info → pulumi_tls-5.2.0a1744183475.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,23 +20,23 @@ __all__ = ['LocallySignedCertArgs', 'LocallySignedCert']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class LocallySignedCertArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
allowed_uses: pulumi.Input[Sequence[pulumi.Input[str]]],
|
23
|
-
ca_cert_pem: pulumi.Input[str],
|
24
|
-
ca_private_key_pem: pulumi.Input[str],
|
25
|
-
cert_request_pem: pulumi.Input[str],
|
26
|
-
validity_period_hours: pulumi.Input[int],
|
27
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
28
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
29
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None):
|
23
|
+
allowed_uses: pulumi.Input[Sequence[pulumi.Input[builtins.str]]],
|
24
|
+
ca_cert_pem: pulumi.Input[builtins.str],
|
25
|
+
ca_private_key_pem: pulumi.Input[builtins.str],
|
26
|
+
cert_request_pem: pulumi.Input[builtins.str],
|
27
|
+
validity_period_hours: pulumi.Input[builtins.int],
|
28
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
29
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None):
|
30
31
|
"""
|
31
32
|
The set of arguments for constructing a LocallySignedCert resource.
|
32
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
33
|
-
:param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
34
|
-
:param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
35
|
-
:param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
36
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
37
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
38
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
33
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
34
|
+
:param pulumi.Input[builtins.str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
35
|
+
:param pulumi.Input[builtins.str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
36
|
+
:param pulumi.Input[builtins.str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
37
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
38
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
39
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
39
40
|
"""
|
40
41
|
pulumi.set(__self__, "allowed_uses", allowed_uses)
|
41
42
|
pulumi.set(__self__, "ca_cert_pem", ca_cert_pem)
|
@@ -51,128 +52,128 @@ class LocallySignedCertArgs:
|
|
51
52
|
|
52
53
|
@property
|
53
54
|
@pulumi.getter(name="allowedUses")
|
54
|
-
def allowed_uses(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
55
|
+
def allowed_uses(self) -> pulumi.Input[Sequence[pulumi.Input[builtins.str]]]:
|
55
56
|
"""
|
56
57
|
List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
57
58
|
"""
|
58
59
|
return pulumi.get(self, "allowed_uses")
|
59
60
|
|
60
61
|
@allowed_uses.setter
|
61
|
-
def allowed_uses(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
|
62
|
+
def allowed_uses(self, value: pulumi.Input[Sequence[pulumi.Input[builtins.str]]]):
|
62
63
|
pulumi.set(self, "allowed_uses", value)
|
63
64
|
|
64
65
|
@property
|
65
66
|
@pulumi.getter(name="caCertPem")
|
66
|
-
def ca_cert_pem(self) -> pulumi.Input[str]:
|
67
|
+
def ca_cert_pem(self) -> pulumi.Input[builtins.str]:
|
67
68
|
"""
|
68
69
|
Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
69
70
|
"""
|
70
71
|
return pulumi.get(self, "ca_cert_pem")
|
71
72
|
|
72
73
|
@ca_cert_pem.setter
|
73
|
-
def ca_cert_pem(self, value: pulumi.Input[str]):
|
74
|
+
def ca_cert_pem(self, value: pulumi.Input[builtins.str]):
|
74
75
|
pulumi.set(self, "ca_cert_pem", value)
|
75
76
|
|
76
77
|
@property
|
77
78
|
@pulumi.getter(name="caPrivateKeyPem")
|
78
|
-
def ca_private_key_pem(self) -> pulumi.Input[str]:
|
79
|
+
def ca_private_key_pem(self) -> pulumi.Input[builtins.str]:
|
79
80
|
"""
|
80
81
|
Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
81
82
|
"""
|
82
83
|
return pulumi.get(self, "ca_private_key_pem")
|
83
84
|
|
84
85
|
@ca_private_key_pem.setter
|
85
|
-
def ca_private_key_pem(self, value: pulumi.Input[str]):
|
86
|
+
def ca_private_key_pem(self, value: pulumi.Input[builtins.str]):
|
86
87
|
pulumi.set(self, "ca_private_key_pem", value)
|
87
88
|
|
88
89
|
@property
|
89
90
|
@pulumi.getter(name="certRequestPem")
|
90
|
-
def cert_request_pem(self) -> pulumi.Input[str]:
|
91
|
+
def cert_request_pem(self) -> pulumi.Input[builtins.str]:
|
91
92
|
"""
|
92
93
|
Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
93
94
|
"""
|
94
95
|
return pulumi.get(self, "cert_request_pem")
|
95
96
|
|
96
97
|
@cert_request_pem.setter
|
97
|
-
def cert_request_pem(self, value: pulumi.Input[str]):
|
98
|
+
def cert_request_pem(self, value: pulumi.Input[builtins.str]):
|
98
99
|
pulumi.set(self, "cert_request_pem", value)
|
99
100
|
|
100
101
|
@property
|
101
102
|
@pulumi.getter(name="validityPeriodHours")
|
102
|
-
def validity_period_hours(self) -> pulumi.Input[int]:
|
103
|
+
def validity_period_hours(self) -> pulumi.Input[builtins.int]:
|
103
104
|
"""
|
104
105
|
Number of hours, after initial issuing, that the certificate will remain valid for.
|
105
106
|
"""
|
106
107
|
return pulumi.get(self, "validity_period_hours")
|
107
108
|
|
108
109
|
@validity_period_hours.setter
|
109
|
-
def validity_period_hours(self, value: pulumi.Input[int]):
|
110
|
+
def validity_period_hours(self, value: pulumi.Input[builtins.int]):
|
110
111
|
pulumi.set(self, "validity_period_hours", value)
|
111
112
|
|
112
113
|
@property
|
113
114
|
@pulumi.getter(name="earlyRenewalHours")
|
114
|
-
def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
|
115
|
+
def early_renewal_hours(self) -> Optional[pulumi.Input[builtins.int]]:
|
115
116
|
return pulumi.get(self, "early_renewal_hours")
|
116
117
|
|
117
118
|
@early_renewal_hours.setter
|
118
|
-
def early_renewal_hours(self, value: Optional[pulumi.Input[int]]):
|
119
|
+
def early_renewal_hours(self, value: Optional[pulumi.Input[builtins.int]]):
|
119
120
|
pulumi.set(self, "early_renewal_hours", value)
|
120
121
|
|
121
122
|
@property
|
122
123
|
@pulumi.getter(name="isCaCertificate")
|
123
|
-
def is_ca_certificate(self) -> Optional[pulumi.Input[bool]]:
|
124
|
+
def is_ca_certificate(self) -> Optional[pulumi.Input[builtins.bool]]:
|
124
125
|
"""
|
125
126
|
Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
126
127
|
"""
|
127
128
|
return pulumi.get(self, "is_ca_certificate")
|
128
129
|
|
129
130
|
@is_ca_certificate.setter
|
130
|
-
def is_ca_certificate(self, value: Optional[pulumi.Input[bool]]):
|
131
|
+
def is_ca_certificate(self, value: Optional[pulumi.Input[builtins.bool]]):
|
131
132
|
pulumi.set(self, "is_ca_certificate", value)
|
132
133
|
|
133
134
|
@property
|
134
135
|
@pulumi.getter(name="setSubjectKeyId")
|
135
|
-
def set_subject_key_id(self) -> Optional[pulumi.Input[bool]]:
|
136
|
+
def set_subject_key_id(self) -> Optional[pulumi.Input[builtins.bool]]:
|
136
137
|
"""
|
137
138
|
Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
138
139
|
"""
|
139
140
|
return pulumi.get(self, "set_subject_key_id")
|
140
141
|
|
141
142
|
@set_subject_key_id.setter
|
142
|
-
def set_subject_key_id(self, value: Optional[pulumi.Input[bool]]):
|
143
|
+
def set_subject_key_id(self, value: Optional[pulumi.Input[builtins.bool]]):
|
143
144
|
pulumi.set(self, "set_subject_key_id", value)
|
144
145
|
|
145
146
|
|
146
147
|
@pulumi.input_type
|
147
148
|
class _LocallySignedCertState:
|
148
149
|
def __init__(__self__, *,
|
149
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
150
|
-
ca_cert_pem: Optional[pulumi.Input[str]] = None,
|
151
|
-
ca_key_algorithm: Optional[pulumi.Input[str]] = None,
|
152
|
-
ca_private_key_pem: Optional[pulumi.Input[str]] = None,
|
153
|
-
cert_pem: Optional[pulumi.Input[str]] = None,
|
154
|
-
cert_request_pem: Optional[pulumi.Input[str]] = None,
|
155
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
156
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
157
|
-
ready_for_renewal: Optional[pulumi.Input[bool]] = None,
|
158
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
159
|
-
validity_end_time: Optional[pulumi.Input[str]] = None,
|
160
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
161
|
-
validity_start_time: Optional[pulumi.Input[str]] = None):
|
150
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
151
|
+
ca_cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
152
|
+
ca_key_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
153
|
+
ca_private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
154
|
+
cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
155
|
+
cert_request_pem: Optional[pulumi.Input[builtins.str]] = None,
|
156
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
157
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
158
|
+
ready_for_renewal: Optional[pulumi.Input[builtins.bool]] = None,
|
159
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
160
|
+
validity_end_time: Optional[pulumi.Input[builtins.str]] = None,
|
161
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
162
|
+
validity_start_time: Optional[pulumi.Input[builtins.str]] = None):
|
162
163
|
"""
|
163
164
|
Input properties used for looking up and filtering LocallySignedCert resources.
|
164
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
165
|
-
:param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
166
|
-
:param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
|
167
|
-
:param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
168
|
-
:param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
169
|
-
:param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
170
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
171
|
-
:param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
172
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
173
|
-
:param pulumi.Input[str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
174
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
175
|
-
:param pulumi.Input[str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
165
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
166
|
+
:param pulumi.Input[builtins.str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
167
|
+
:param pulumi.Input[builtins.str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
|
168
|
+
:param pulumi.Input[builtins.str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
169
|
+
:param pulumi.Input[builtins.str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
170
|
+
:param pulumi.Input[builtins.str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
171
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
172
|
+
:param pulumi.Input[builtins.bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
173
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
174
|
+
:param pulumi.Input[builtins.str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
175
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
176
|
+
:param pulumi.Input[builtins.str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
176
177
|
"""
|
177
178
|
if allowed_uses is not None:
|
178
179
|
pulumi.set(__self__, "allowed_uses", allowed_uses)
|
@@ -203,155 +204,155 @@ class _LocallySignedCertState:
|
|
203
204
|
|
204
205
|
@property
|
205
206
|
@pulumi.getter(name="allowedUses")
|
206
|
-
def allowed_uses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
207
|
+
def allowed_uses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
207
208
|
"""
|
208
209
|
List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
209
210
|
"""
|
210
211
|
return pulumi.get(self, "allowed_uses")
|
211
212
|
|
212
213
|
@allowed_uses.setter
|
213
|
-
def allowed_uses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
214
|
+
def allowed_uses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
214
215
|
pulumi.set(self, "allowed_uses", value)
|
215
216
|
|
216
217
|
@property
|
217
218
|
@pulumi.getter(name="caCertPem")
|
218
|
-
def ca_cert_pem(self) -> Optional[pulumi.Input[str]]:
|
219
|
+
def ca_cert_pem(self) -> Optional[pulumi.Input[builtins.str]]:
|
219
220
|
"""
|
220
221
|
Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
221
222
|
"""
|
222
223
|
return pulumi.get(self, "ca_cert_pem")
|
223
224
|
|
224
225
|
@ca_cert_pem.setter
|
225
|
-
def ca_cert_pem(self, value: Optional[pulumi.Input[str]]):
|
226
|
+
def ca_cert_pem(self, value: Optional[pulumi.Input[builtins.str]]):
|
226
227
|
pulumi.set(self, "ca_cert_pem", value)
|
227
228
|
|
228
229
|
@property
|
229
230
|
@pulumi.getter(name="caKeyAlgorithm")
|
230
|
-
def ca_key_algorithm(self) -> Optional[pulumi.Input[str]]:
|
231
|
+
def ca_key_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
|
231
232
|
"""
|
232
233
|
Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
|
233
234
|
"""
|
234
235
|
return pulumi.get(self, "ca_key_algorithm")
|
235
236
|
|
236
237
|
@ca_key_algorithm.setter
|
237
|
-
def ca_key_algorithm(self, value: Optional[pulumi.Input[str]]):
|
238
|
+
def ca_key_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
|
238
239
|
pulumi.set(self, "ca_key_algorithm", value)
|
239
240
|
|
240
241
|
@property
|
241
242
|
@pulumi.getter(name="caPrivateKeyPem")
|
242
|
-
def ca_private_key_pem(self) -> Optional[pulumi.Input[str]]:
|
243
|
+
def ca_private_key_pem(self) -> Optional[pulumi.Input[builtins.str]]:
|
243
244
|
"""
|
244
245
|
Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
245
246
|
"""
|
246
247
|
return pulumi.get(self, "ca_private_key_pem")
|
247
248
|
|
248
249
|
@ca_private_key_pem.setter
|
249
|
-
def ca_private_key_pem(self, value: Optional[pulumi.Input[str]]):
|
250
|
+
def ca_private_key_pem(self, value: Optional[pulumi.Input[builtins.str]]):
|
250
251
|
pulumi.set(self, "ca_private_key_pem", value)
|
251
252
|
|
252
253
|
@property
|
253
254
|
@pulumi.getter(name="certPem")
|
254
|
-
def cert_pem(self) -> Optional[pulumi.Input[str]]:
|
255
|
+
def cert_pem(self) -> Optional[pulumi.Input[builtins.str]]:
|
255
256
|
"""
|
256
257
|
Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
257
258
|
"""
|
258
259
|
return pulumi.get(self, "cert_pem")
|
259
260
|
|
260
261
|
@cert_pem.setter
|
261
|
-
def cert_pem(self, value: Optional[pulumi.Input[str]]):
|
262
|
+
def cert_pem(self, value: Optional[pulumi.Input[builtins.str]]):
|
262
263
|
pulumi.set(self, "cert_pem", value)
|
263
264
|
|
264
265
|
@property
|
265
266
|
@pulumi.getter(name="certRequestPem")
|
266
|
-
def cert_request_pem(self) -> Optional[pulumi.Input[str]]:
|
267
|
+
def cert_request_pem(self) -> Optional[pulumi.Input[builtins.str]]:
|
267
268
|
"""
|
268
269
|
Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
269
270
|
"""
|
270
271
|
return pulumi.get(self, "cert_request_pem")
|
271
272
|
|
272
273
|
@cert_request_pem.setter
|
273
|
-
def cert_request_pem(self, value: Optional[pulumi.Input[str]]):
|
274
|
+
def cert_request_pem(self, value: Optional[pulumi.Input[builtins.str]]):
|
274
275
|
pulumi.set(self, "cert_request_pem", value)
|
275
276
|
|
276
277
|
@property
|
277
278
|
@pulumi.getter(name="earlyRenewalHours")
|
278
|
-
def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
|
279
|
+
def early_renewal_hours(self) -> Optional[pulumi.Input[builtins.int]]:
|
279
280
|
return pulumi.get(self, "early_renewal_hours")
|
280
281
|
|
281
282
|
@early_renewal_hours.setter
|
282
|
-
def early_renewal_hours(self, value: Optional[pulumi.Input[int]]):
|
283
|
+
def early_renewal_hours(self, value: Optional[pulumi.Input[builtins.int]]):
|
283
284
|
pulumi.set(self, "early_renewal_hours", value)
|
284
285
|
|
285
286
|
@property
|
286
287
|
@pulumi.getter(name="isCaCertificate")
|
287
|
-
def is_ca_certificate(self) -> Optional[pulumi.Input[bool]]:
|
288
|
+
def is_ca_certificate(self) -> Optional[pulumi.Input[builtins.bool]]:
|
288
289
|
"""
|
289
290
|
Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
290
291
|
"""
|
291
292
|
return pulumi.get(self, "is_ca_certificate")
|
292
293
|
|
293
294
|
@is_ca_certificate.setter
|
294
|
-
def is_ca_certificate(self, value: Optional[pulumi.Input[bool]]):
|
295
|
+
def is_ca_certificate(self, value: Optional[pulumi.Input[builtins.bool]]):
|
295
296
|
pulumi.set(self, "is_ca_certificate", value)
|
296
297
|
|
297
298
|
@property
|
298
299
|
@pulumi.getter(name="readyForRenewal")
|
299
|
-
def ready_for_renewal(self) -> Optional[pulumi.Input[bool]]:
|
300
|
+
def ready_for_renewal(self) -> Optional[pulumi.Input[builtins.bool]]:
|
300
301
|
"""
|
301
302
|
Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
302
303
|
"""
|
303
304
|
return pulumi.get(self, "ready_for_renewal")
|
304
305
|
|
305
306
|
@ready_for_renewal.setter
|
306
|
-
def ready_for_renewal(self, value: Optional[pulumi.Input[bool]]):
|
307
|
+
def ready_for_renewal(self, value: Optional[pulumi.Input[builtins.bool]]):
|
307
308
|
pulumi.set(self, "ready_for_renewal", value)
|
308
309
|
|
309
310
|
@property
|
310
311
|
@pulumi.getter(name="setSubjectKeyId")
|
311
|
-
def set_subject_key_id(self) -> Optional[pulumi.Input[bool]]:
|
312
|
+
def set_subject_key_id(self) -> Optional[pulumi.Input[builtins.bool]]:
|
312
313
|
"""
|
313
314
|
Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
314
315
|
"""
|
315
316
|
return pulumi.get(self, "set_subject_key_id")
|
316
317
|
|
317
318
|
@set_subject_key_id.setter
|
318
|
-
def set_subject_key_id(self, value: Optional[pulumi.Input[bool]]):
|
319
|
+
def set_subject_key_id(self, value: Optional[pulumi.Input[builtins.bool]]):
|
319
320
|
pulumi.set(self, "set_subject_key_id", value)
|
320
321
|
|
321
322
|
@property
|
322
323
|
@pulumi.getter(name="validityEndTime")
|
323
|
-
def validity_end_time(self) -> Optional[pulumi.Input[str]]:
|
324
|
+
def validity_end_time(self) -> Optional[pulumi.Input[builtins.str]]:
|
324
325
|
"""
|
325
326
|
The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
326
327
|
"""
|
327
328
|
return pulumi.get(self, "validity_end_time")
|
328
329
|
|
329
330
|
@validity_end_time.setter
|
330
|
-
def validity_end_time(self, value: Optional[pulumi.Input[str]]):
|
331
|
+
def validity_end_time(self, value: Optional[pulumi.Input[builtins.str]]):
|
331
332
|
pulumi.set(self, "validity_end_time", value)
|
332
333
|
|
333
334
|
@property
|
334
335
|
@pulumi.getter(name="validityPeriodHours")
|
335
|
-
def validity_period_hours(self) -> Optional[pulumi.Input[int]]:
|
336
|
+
def validity_period_hours(self) -> Optional[pulumi.Input[builtins.int]]:
|
336
337
|
"""
|
337
338
|
Number of hours, after initial issuing, that the certificate will remain valid for.
|
338
339
|
"""
|
339
340
|
return pulumi.get(self, "validity_period_hours")
|
340
341
|
|
341
342
|
@validity_period_hours.setter
|
342
|
-
def validity_period_hours(self, value: Optional[pulumi.Input[int]]):
|
343
|
+
def validity_period_hours(self, value: Optional[pulumi.Input[builtins.int]]):
|
343
344
|
pulumi.set(self, "validity_period_hours", value)
|
344
345
|
|
345
346
|
@property
|
346
347
|
@pulumi.getter(name="validityStartTime")
|
347
|
-
def validity_start_time(self) -> Optional[pulumi.Input[str]]:
|
348
|
+
def validity_start_time(self) -> Optional[pulumi.Input[builtins.str]]:
|
348
349
|
"""
|
349
350
|
The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
350
351
|
"""
|
351
352
|
return pulumi.get(self, "validity_start_time")
|
352
353
|
|
353
354
|
@validity_start_time.setter
|
354
|
-
def validity_start_time(self, value: Optional[pulumi.Input[str]]):
|
355
|
+
def validity_start_time(self, value: Optional[pulumi.Input[builtins.str]]):
|
355
356
|
pulumi.set(self, "validity_start_time", value)
|
356
357
|
|
357
358
|
|
@@ -360,26 +361,26 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
360
361
|
def __init__(__self__,
|
361
362
|
resource_name: str,
|
362
363
|
opts: Optional[pulumi.ResourceOptions] = None,
|
363
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
364
|
-
ca_cert_pem: Optional[pulumi.Input[str]] = None,
|
365
|
-
ca_private_key_pem: Optional[pulumi.Input[str]] = None,
|
366
|
-
cert_request_pem: Optional[pulumi.Input[str]] = None,
|
367
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
368
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
369
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
370
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
364
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
365
|
+
ca_cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
366
|
+
ca_private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
367
|
+
cert_request_pem: Optional[pulumi.Input[builtins.str]] = None,
|
368
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
369
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
370
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
371
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
371
372
|
__props__=None):
|
372
373
|
"""
|
373
374
|
Create a LocallySignedCert resource with the given unique name, props, and options.
|
374
375
|
:param str resource_name: The name of the resource.
|
375
376
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
376
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
377
|
-
:param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
378
|
-
:param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
379
|
-
:param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
380
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
381
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
382
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
377
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
378
|
+
:param pulumi.Input[builtins.str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
379
|
+
:param pulumi.Input[builtins.str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
380
|
+
:param pulumi.Input[builtins.str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
381
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
382
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
383
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
383
384
|
"""
|
384
385
|
...
|
385
386
|
@overload
|
@@ -404,14 +405,14 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
404
405
|
def _internal_init(__self__,
|
405
406
|
resource_name: str,
|
406
407
|
opts: Optional[pulumi.ResourceOptions] = None,
|
407
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
408
|
-
ca_cert_pem: Optional[pulumi.Input[str]] = None,
|
409
|
-
ca_private_key_pem: Optional[pulumi.Input[str]] = None,
|
410
|
-
cert_request_pem: Optional[pulumi.Input[str]] = None,
|
411
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
412
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
413
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
414
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
408
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
409
|
+
ca_cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
410
|
+
ca_private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
411
|
+
cert_request_pem: Optional[pulumi.Input[builtins.str]] = None,
|
412
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
413
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
414
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
415
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
415
416
|
__props__=None):
|
416
417
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
417
418
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -456,19 +457,19 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
456
457
|
def get(resource_name: str,
|
457
458
|
id: pulumi.Input[str],
|
458
459
|
opts: Optional[pulumi.ResourceOptions] = None,
|
459
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
460
|
-
ca_cert_pem: Optional[pulumi.Input[str]] = None,
|
461
|
-
ca_key_algorithm: Optional[pulumi.Input[str]] = None,
|
462
|
-
ca_private_key_pem: Optional[pulumi.Input[str]] = None,
|
463
|
-
cert_pem: Optional[pulumi.Input[str]] = None,
|
464
|
-
cert_request_pem: Optional[pulumi.Input[str]] = None,
|
465
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
466
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
467
|
-
ready_for_renewal: Optional[pulumi.Input[bool]] = None,
|
468
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
469
|
-
validity_end_time: Optional[pulumi.Input[str]] = None,
|
470
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
471
|
-
validity_start_time: Optional[pulumi.Input[str]] = None) -> 'LocallySignedCert':
|
460
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
461
|
+
ca_cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
462
|
+
ca_key_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
463
|
+
ca_private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
464
|
+
cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
465
|
+
cert_request_pem: Optional[pulumi.Input[builtins.str]] = None,
|
466
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
467
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
468
|
+
ready_for_renewal: Optional[pulumi.Input[builtins.bool]] = None,
|
469
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
470
|
+
validity_end_time: Optional[pulumi.Input[builtins.str]] = None,
|
471
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
472
|
+
validity_start_time: Optional[pulumi.Input[builtins.str]] = None) -> 'LocallySignedCert':
|
472
473
|
"""
|
473
474
|
Get an existing LocallySignedCert resource's state with the given name, id, and optional extra
|
474
475
|
properties used to qualify the lookup.
|
@@ -476,18 +477,18 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
476
477
|
:param str resource_name: The unique name of the resulting resource.
|
477
478
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
478
479
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
479
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
480
|
-
:param pulumi.Input[str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
481
|
-
:param pulumi.Input[str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
|
482
|
-
:param pulumi.Input[str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
483
|
-
:param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
484
|
-
:param pulumi.Input[str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
485
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
486
|
-
:param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
487
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
488
|
-
:param pulumi.Input[str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
489
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
490
|
-
:param pulumi.Input[str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
480
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
481
|
+
:param pulumi.Input[builtins.str] ca_cert_pem: Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
482
|
+
:param pulumi.Input[builtins.str] ca_key_algorithm: Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
|
483
|
+
:param pulumi.Input[builtins.str] ca_private_key_pem: Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
484
|
+
:param pulumi.Input[builtins.str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
485
|
+
:param pulumi.Input[builtins.str] cert_request_pem: Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
486
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
487
|
+
:param pulumi.Input[builtins.bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
488
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
489
|
+
:param pulumi.Input[builtins.str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
490
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
491
|
+
:param pulumi.Input[builtins.str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
491
492
|
"""
|
492
493
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
493
494
|
|
@@ -510,7 +511,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
510
511
|
|
511
512
|
@property
|
512
513
|
@pulumi.getter(name="allowedUses")
|
513
|
-
def allowed_uses(self) -> pulumi.Output[Sequence[str]]:
|
514
|
+
def allowed_uses(self) -> pulumi.Output[Sequence[builtins.str]]:
|
514
515
|
"""
|
515
516
|
List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
516
517
|
"""
|
@@ -518,7 +519,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
518
519
|
|
519
520
|
@property
|
520
521
|
@pulumi.getter(name="caCertPem")
|
521
|
-
def ca_cert_pem(self) -> pulumi.Output[str]:
|
522
|
+
def ca_cert_pem(self) -> pulumi.Output[builtins.str]:
|
522
523
|
"""
|
523
524
|
Certificate data of the Certificate Authority (CA) in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
524
525
|
"""
|
@@ -526,7 +527,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
526
527
|
|
527
528
|
@property
|
528
529
|
@pulumi.getter(name="caKeyAlgorithm")
|
529
|
-
def ca_key_algorithm(self) -> pulumi.Output[str]:
|
530
|
+
def ca_key_algorithm(self) -> pulumi.Output[builtins.str]:
|
530
531
|
"""
|
531
532
|
Name of the algorithm used when generating the private key provided in `ca_private_key_pem`.
|
532
533
|
"""
|
@@ -534,7 +535,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
534
535
|
|
535
536
|
@property
|
536
537
|
@pulumi.getter(name="caPrivateKeyPem")
|
537
|
-
def ca_private_key_pem(self) -> pulumi.Output[str]:
|
538
|
+
def ca_private_key_pem(self) -> pulumi.Output[builtins.str]:
|
538
539
|
"""
|
539
540
|
Private key of the Certificate Authority (CA) used to sign the certificate, in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
540
541
|
"""
|
@@ -542,7 +543,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
542
543
|
|
543
544
|
@property
|
544
545
|
@pulumi.getter(name="certPem")
|
545
|
-
def cert_pem(self) -> pulumi.Output[str]:
|
546
|
+
def cert_pem(self) -> pulumi.Output[builtins.str]:
|
546
547
|
"""
|
547
548
|
Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
548
549
|
"""
|
@@ -550,7 +551,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
550
551
|
|
551
552
|
@property
|
552
553
|
@pulumi.getter(name="certRequestPem")
|
553
|
-
def cert_request_pem(self) -> pulumi.Output[str]:
|
554
|
+
def cert_request_pem(self) -> pulumi.Output[builtins.str]:
|
554
555
|
"""
|
555
556
|
Certificate request data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format.
|
556
557
|
"""
|
@@ -558,12 +559,12 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
558
559
|
|
559
560
|
@property
|
560
561
|
@pulumi.getter(name="earlyRenewalHours")
|
561
|
-
def early_renewal_hours(self) -> pulumi.Output[int]:
|
562
|
+
def early_renewal_hours(self) -> pulumi.Output[builtins.int]:
|
562
563
|
return pulumi.get(self, "early_renewal_hours")
|
563
564
|
|
564
565
|
@property
|
565
566
|
@pulumi.getter(name="isCaCertificate")
|
566
|
-
def is_ca_certificate(self) -> pulumi.Output[bool]:
|
567
|
+
def is_ca_certificate(self) -> pulumi.Output[builtins.bool]:
|
567
568
|
"""
|
568
569
|
Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
569
570
|
"""
|
@@ -571,7 +572,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
571
572
|
|
572
573
|
@property
|
573
574
|
@pulumi.getter(name="readyForRenewal")
|
574
|
-
def ready_for_renewal(self) -> pulumi.Output[bool]:
|
575
|
+
def ready_for_renewal(self) -> pulumi.Output[builtins.bool]:
|
575
576
|
"""
|
576
577
|
Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
577
578
|
"""
|
@@ -579,7 +580,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
579
580
|
|
580
581
|
@property
|
581
582
|
@pulumi.getter(name="setSubjectKeyId")
|
582
|
-
def set_subject_key_id(self) -> pulumi.Output[bool]:
|
583
|
+
def set_subject_key_id(self) -> pulumi.Output[builtins.bool]:
|
583
584
|
"""
|
584
585
|
Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
585
586
|
"""
|
@@ -587,7 +588,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
587
588
|
|
588
589
|
@property
|
589
590
|
@pulumi.getter(name="validityEndTime")
|
590
|
-
def validity_end_time(self) -> pulumi.Output[str]:
|
591
|
+
def validity_end_time(self) -> pulumi.Output[builtins.str]:
|
591
592
|
"""
|
592
593
|
The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
593
594
|
"""
|
@@ -595,7 +596,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
595
596
|
|
596
597
|
@property
|
597
598
|
@pulumi.getter(name="validityPeriodHours")
|
598
|
-
def validity_period_hours(self) -> pulumi.Output[int]:
|
599
|
+
def validity_period_hours(self) -> pulumi.Output[builtins.int]:
|
599
600
|
"""
|
600
601
|
Number of hours, after initial issuing, that the certificate will remain valid for.
|
601
602
|
"""
|
@@ -603,7 +604,7 @@ class LocallySignedCert(pulumi.CustomResource):
|
|
603
604
|
|
604
605
|
@property
|
605
606
|
@pulumi.getter(name="validityStartTime")
|
606
|
-
def validity_start_time(self) -> pulumi.Output[str]:
|
607
|
+
def validity_start_time(self) -> pulumi.Output[builtins.str]:
|
607
608
|
"""
|
608
609
|
The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
609
610
|
"""
|