pulumi-tls 5.2.0a1743575896__py3-none-any.whl → 5.2.0a1744183475__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_tls/__init__.py +1 -0
- pulumi_tls/_inputs.py +113 -112
- pulumi_tls/cert_request.py +71 -70
- pulumi_tls/config/__init__.py +1 -0
- pulumi_tls/config/__init__.pyi +1 -0
- pulumi_tls/config/outputs.py +13 -12
- pulumi_tls/config/vars.py +1 -0
- pulumi_tls/get_certificate.py +17 -16
- pulumi_tls/get_public_key.py +17 -16
- pulumi_tls/locally_signed_cert.py +144 -143
- pulumi_tls/outputs.py +91 -90
- pulumi_tls/private_key.py +92 -91
- pulumi_tls/provider.py +1 -0
- pulumi_tls/pulumi-plugin.json +1 -1
- pulumi_tls/self_signed_cert.py +175 -174
- {pulumi_tls-5.2.0a1743575896.dist-info → pulumi_tls-5.2.0a1744183475.dist-info}/METADATA +1 -1
- pulumi_tls-5.2.0a1744183475.dist-info/RECORD +21 -0
- pulumi_tls-5.2.0a1743575896.dist-info/RECORD +0 -21
- {pulumi_tls-5.2.0a1743575896.dist-info → pulumi_tls-5.2.0a1744183475.dist-info}/WHEEL +0 -0
- {pulumi_tls-5.2.0a1743575896.dist-info → pulumi_tls-5.2.0a1744183475.dist-info}/top_level.txt +0 -0
pulumi_tls/self_signed_cert.py
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,29 +22,29 @@ __all__ = ['SelfSignedCertArgs', 'SelfSignedCert']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class SelfSignedCertArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
allowed_uses: pulumi.Input[Sequence[pulumi.Input[str]]],
|
25
|
-
private_key_pem: pulumi.Input[str],
|
26
|
-
validity_period_hours: pulumi.Input[int],
|
27
|
-
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
29
|
-
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
31
|
-
set_authority_key_id: Optional[pulumi.Input[bool]] = None,
|
32
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
25
|
+
allowed_uses: pulumi.Input[Sequence[pulumi.Input[builtins.str]]],
|
26
|
+
private_key_pem: pulumi.Input[builtins.str],
|
27
|
+
validity_period_hours: pulumi.Input[builtins.int],
|
28
|
+
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
29
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
30
|
+
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
31
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
set_authority_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
33
34
|
subject: Optional[pulumi.Input['SelfSignedCertSubjectArgs']] = None,
|
34
|
-
uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
|
35
|
+
uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
|
35
36
|
"""
|
36
37
|
The set of arguments for constructing a SelfSignedCert resource.
|
37
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
38
|
-
:param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
39
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
40
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
41
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
42
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
43
|
-
:param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
44
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
38
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
39
|
+
:param pulumi.Input[builtins.str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
40
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
41
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
42
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
43
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
44
|
+
:param pulumi.Input[builtins.bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
45
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
45
46
|
:param pulumi.Input['SelfSignedCertSubjectArgs'] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
|
46
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
47
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
47
48
|
"""
|
48
49
|
pulumi.set(__self__, "allowed_uses", allowed_uses)
|
49
50
|
pulumi.set(__self__, "private_key_pem", private_key_pem)
|
@@ -67,107 +68,107 @@ class SelfSignedCertArgs:
|
|
67
68
|
|
68
69
|
@property
|
69
70
|
@pulumi.getter(name="allowedUses")
|
70
|
-
def allowed_uses(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
|
71
|
+
def allowed_uses(self) -> pulumi.Input[Sequence[pulumi.Input[builtins.str]]]:
|
71
72
|
"""
|
72
73
|
List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
73
74
|
"""
|
74
75
|
return pulumi.get(self, "allowed_uses")
|
75
76
|
|
76
77
|
@allowed_uses.setter
|
77
|
-
def allowed_uses(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
|
78
|
+
def allowed_uses(self, value: pulumi.Input[Sequence[pulumi.Input[builtins.str]]]):
|
78
79
|
pulumi.set(self, "allowed_uses", value)
|
79
80
|
|
80
81
|
@property
|
81
82
|
@pulumi.getter(name="privateKeyPem")
|
82
|
-
def private_key_pem(self) -> pulumi.Input[str]:
|
83
|
+
def private_key_pem(self) -> pulumi.Input[builtins.str]:
|
83
84
|
"""
|
84
|
-
Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
85
|
+
Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
85
86
|
"""
|
86
87
|
return pulumi.get(self, "private_key_pem")
|
87
88
|
|
88
89
|
@private_key_pem.setter
|
89
|
-
def private_key_pem(self, value: pulumi.Input[str]):
|
90
|
+
def private_key_pem(self, value: pulumi.Input[builtins.str]):
|
90
91
|
pulumi.set(self, "private_key_pem", value)
|
91
92
|
|
92
93
|
@property
|
93
94
|
@pulumi.getter(name="validityPeriodHours")
|
94
|
-
def validity_period_hours(self) -> pulumi.Input[int]:
|
95
|
+
def validity_period_hours(self) -> pulumi.Input[builtins.int]:
|
95
96
|
"""
|
96
97
|
Number of hours, after initial issuing, that the certificate will remain valid for.
|
97
98
|
"""
|
98
99
|
return pulumi.get(self, "validity_period_hours")
|
99
100
|
|
100
101
|
@validity_period_hours.setter
|
101
|
-
def validity_period_hours(self, value: pulumi.Input[int]):
|
102
|
+
def validity_period_hours(self, value: pulumi.Input[builtins.int]):
|
102
103
|
pulumi.set(self, "validity_period_hours", value)
|
103
104
|
|
104
105
|
@property
|
105
106
|
@pulumi.getter(name="dnsNames")
|
106
|
-
def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
107
|
+
def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
107
108
|
"""
|
108
109
|
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
109
110
|
"""
|
110
111
|
return pulumi.get(self, "dns_names")
|
111
112
|
|
112
113
|
@dns_names.setter
|
113
|
-
def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
114
|
+
def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
114
115
|
pulumi.set(self, "dns_names", value)
|
115
116
|
|
116
117
|
@property
|
117
118
|
@pulumi.getter(name="earlyRenewalHours")
|
118
|
-
def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
|
119
|
+
def early_renewal_hours(self) -> Optional[pulumi.Input[builtins.int]]:
|
119
120
|
return pulumi.get(self, "early_renewal_hours")
|
120
121
|
|
121
122
|
@early_renewal_hours.setter
|
122
|
-
def early_renewal_hours(self, value: Optional[pulumi.Input[int]]):
|
123
|
+
def early_renewal_hours(self, value: Optional[pulumi.Input[builtins.int]]):
|
123
124
|
pulumi.set(self, "early_renewal_hours", value)
|
124
125
|
|
125
126
|
@property
|
126
127
|
@pulumi.getter(name="ipAddresses")
|
127
|
-
def ip_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
128
|
+
def ip_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
128
129
|
"""
|
129
130
|
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
130
131
|
"""
|
131
132
|
return pulumi.get(self, "ip_addresses")
|
132
133
|
|
133
134
|
@ip_addresses.setter
|
134
|
-
def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
135
|
+
def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
135
136
|
pulumi.set(self, "ip_addresses", value)
|
136
137
|
|
137
138
|
@property
|
138
139
|
@pulumi.getter(name="isCaCertificate")
|
139
|
-
def is_ca_certificate(self) -> Optional[pulumi.Input[bool]]:
|
140
|
+
def is_ca_certificate(self) -> Optional[pulumi.Input[builtins.bool]]:
|
140
141
|
"""
|
141
142
|
Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
142
143
|
"""
|
143
144
|
return pulumi.get(self, "is_ca_certificate")
|
144
145
|
|
145
146
|
@is_ca_certificate.setter
|
146
|
-
def is_ca_certificate(self, value: Optional[pulumi.Input[bool]]):
|
147
|
+
def is_ca_certificate(self, value: Optional[pulumi.Input[builtins.bool]]):
|
147
148
|
pulumi.set(self, "is_ca_certificate", value)
|
148
149
|
|
149
150
|
@property
|
150
151
|
@pulumi.getter(name="setAuthorityKeyId")
|
151
|
-
def set_authority_key_id(self) -> Optional[pulumi.Input[bool]]:
|
152
|
+
def set_authority_key_id(self) -> Optional[pulumi.Input[builtins.bool]]:
|
152
153
|
"""
|
153
154
|
Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
154
155
|
"""
|
155
156
|
return pulumi.get(self, "set_authority_key_id")
|
156
157
|
|
157
158
|
@set_authority_key_id.setter
|
158
|
-
def set_authority_key_id(self, value: Optional[pulumi.Input[bool]]):
|
159
|
+
def set_authority_key_id(self, value: Optional[pulumi.Input[builtins.bool]]):
|
159
160
|
pulumi.set(self, "set_authority_key_id", value)
|
160
161
|
|
161
162
|
@property
|
162
163
|
@pulumi.getter(name="setSubjectKeyId")
|
163
|
-
def set_subject_key_id(self) -> Optional[pulumi.Input[bool]]:
|
164
|
+
def set_subject_key_id(self) -> Optional[pulumi.Input[builtins.bool]]:
|
164
165
|
"""
|
165
166
|
Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
166
167
|
"""
|
167
168
|
return pulumi.get(self, "set_subject_key_id")
|
168
169
|
|
169
170
|
@set_subject_key_id.setter
|
170
|
-
def set_subject_key_id(self, value: Optional[pulumi.Input[bool]]):
|
171
|
+
def set_subject_key_id(self, value: Optional[pulumi.Input[builtins.bool]]):
|
171
172
|
pulumi.set(self, "set_subject_key_id", value)
|
172
173
|
|
173
174
|
@property
|
@@ -184,53 +185,53 @@ class SelfSignedCertArgs:
|
|
184
185
|
|
185
186
|
@property
|
186
187
|
@pulumi.getter
|
187
|
-
def uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
188
|
+
def uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
188
189
|
"""
|
189
190
|
List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
190
191
|
"""
|
191
192
|
return pulumi.get(self, "uris")
|
192
193
|
|
193
194
|
@uris.setter
|
194
|
-
def uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
195
|
+
def uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
195
196
|
pulumi.set(self, "uris", value)
|
196
197
|
|
197
198
|
|
198
199
|
@pulumi.input_type
|
199
200
|
class _SelfSignedCertState:
|
200
201
|
def __init__(__self__, *,
|
201
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
202
|
-
cert_pem: Optional[pulumi.Input[str]] = None,
|
203
|
-
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
204
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
205
|
-
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
206
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
207
|
-
key_algorithm: Optional[pulumi.Input[str]] = None,
|
208
|
-
private_key_pem: Optional[pulumi.Input[str]] = None,
|
209
|
-
ready_for_renewal: Optional[pulumi.Input[bool]] = None,
|
210
|
-
set_authority_key_id: Optional[pulumi.Input[bool]] = None,
|
211
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
202
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
203
|
+
cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
204
|
+
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
205
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
206
|
+
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
207
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
208
|
+
key_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
209
|
+
private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
210
|
+
ready_for_renewal: Optional[pulumi.Input[builtins.bool]] = None,
|
211
|
+
set_authority_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
212
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
212
213
|
subject: Optional[pulumi.Input['SelfSignedCertSubjectArgs']] = None,
|
213
|
-
uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
214
|
-
validity_end_time: Optional[pulumi.Input[str]] = None,
|
215
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
216
|
-
validity_start_time: Optional[pulumi.Input[str]] = None):
|
214
|
+
uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
215
|
+
validity_end_time: Optional[pulumi.Input[builtins.str]] = None,
|
216
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
217
|
+
validity_start_time: Optional[pulumi.Input[builtins.str]] = None):
|
217
218
|
"""
|
218
219
|
Input properties used for looking up and filtering SelfSignedCert resources.
|
219
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
220
|
-
:param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
221
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
222
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
223
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
224
|
-
:param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
|
225
|
-
:param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
226
|
-
:param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
227
|
-
:param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
228
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
220
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
221
|
+
:param pulumi.Input[builtins.str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
222
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
223
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
224
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
225
|
+
:param pulumi.Input[builtins.str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
|
226
|
+
:param pulumi.Input[builtins.str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
227
|
+
:param pulumi.Input[builtins.bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
228
|
+
:param pulumi.Input[builtins.bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
229
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
229
230
|
:param pulumi.Input['SelfSignedCertSubjectArgs'] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
|
230
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
231
|
-
:param pulumi.Input[str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
232
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
233
|
-
:param pulumi.Input[str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
231
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
232
|
+
:param pulumi.Input[builtins.str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
233
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
234
|
+
:param pulumi.Input[builtins.str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
234
235
|
"""
|
235
236
|
if allowed_uses is not None:
|
236
237
|
pulumi.set(__self__, "allowed_uses", allowed_uses)
|
@@ -267,131 +268,131 @@ class _SelfSignedCertState:
|
|
267
268
|
|
268
269
|
@property
|
269
270
|
@pulumi.getter(name="allowedUses")
|
270
|
-
def allowed_uses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
271
|
+
def allowed_uses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
271
272
|
"""
|
272
273
|
List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
273
274
|
"""
|
274
275
|
return pulumi.get(self, "allowed_uses")
|
275
276
|
|
276
277
|
@allowed_uses.setter
|
277
|
-
def allowed_uses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
278
|
+
def allowed_uses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
278
279
|
pulumi.set(self, "allowed_uses", value)
|
279
280
|
|
280
281
|
@property
|
281
282
|
@pulumi.getter(name="certPem")
|
282
|
-
def cert_pem(self) -> Optional[pulumi.Input[str]]:
|
283
|
+
def cert_pem(self) -> Optional[pulumi.Input[builtins.str]]:
|
283
284
|
"""
|
284
285
|
Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
285
286
|
"""
|
286
287
|
return pulumi.get(self, "cert_pem")
|
287
288
|
|
288
289
|
@cert_pem.setter
|
289
|
-
def cert_pem(self, value: Optional[pulumi.Input[str]]):
|
290
|
+
def cert_pem(self, value: Optional[pulumi.Input[builtins.str]]):
|
290
291
|
pulumi.set(self, "cert_pem", value)
|
291
292
|
|
292
293
|
@property
|
293
294
|
@pulumi.getter(name="dnsNames")
|
294
|
-
def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
295
|
+
def dns_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
295
296
|
"""
|
296
297
|
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
297
298
|
"""
|
298
299
|
return pulumi.get(self, "dns_names")
|
299
300
|
|
300
301
|
@dns_names.setter
|
301
|
-
def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
302
|
+
def dns_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
302
303
|
pulumi.set(self, "dns_names", value)
|
303
304
|
|
304
305
|
@property
|
305
306
|
@pulumi.getter(name="earlyRenewalHours")
|
306
|
-
def early_renewal_hours(self) -> Optional[pulumi.Input[int]]:
|
307
|
+
def early_renewal_hours(self) -> Optional[pulumi.Input[builtins.int]]:
|
307
308
|
return pulumi.get(self, "early_renewal_hours")
|
308
309
|
|
309
310
|
@early_renewal_hours.setter
|
310
|
-
def early_renewal_hours(self, value: Optional[pulumi.Input[int]]):
|
311
|
+
def early_renewal_hours(self, value: Optional[pulumi.Input[builtins.int]]):
|
311
312
|
pulumi.set(self, "early_renewal_hours", value)
|
312
313
|
|
313
314
|
@property
|
314
315
|
@pulumi.getter(name="ipAddresses")
|
315
|
-
def ip_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
316
|
+
def ip_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
316
317
|
"""
|
317
318
|
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
318
319
|
"""
|
319
320
|
return pulumi.get(self, "ip_addresses")
|
320
321
|
|
321
322
|
@ip_addresses.setter
|
322
|
-
def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
323
|
+
def ip_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
323
324
|
pulumi.set(self, "ip_addresses", value)
|
324
325
|
|
325
326
|
@property
|
326
327
|
@pulumi.getter(name="isCaCertificate")
|
327
|
-
def is_ca_certificate(self) -> Optional[pulumi.Input[bool]]:
|
328
|
+
def is_ca_certificate(self) -> Optional[pulumi.Input[builtins.bool]]:
|
328
329
|
"""
|
329
330
|
Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
330
331
|
"""
|
331
332
|
return pulumi.get(self, "is_ca_certificate")
|
332
333
|
|
333
334
|
@is_ca_certificate.setter
|
334
|
-
def is_ca_certificate(self, value: Optional[pulumi.Input[bool]]):
|
335
|
+
def is_ca_certificate(self, value: Optional[pulumi.Input[builtins.bool]]):
|
335
336
|
pulumi.set(self, "is_ca_certificate", value)
|
336
337
|
|
337
338
|
@property
|
338
339
|
@pulumi.getter(name="keyAlgorithm")
|
339
|
-
def key_algorithm(self) -> Optional[pulumi.Input[str]]:
|
340
|
+
def key_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
|
340
341
|
"""
|
341
342
|
Name of the algorithm used when generating the private key provided in `private_key_pem`.
|
342
343
|
"""
|
343
344
|
return pulumi.get(self, "key_algorithm")
|
344
345
|
|
345
346
|
@key_algorithm.setter
|
346
|
-
def key_algorithm(self, value: Optional[pulumi.Input[str]]):
|
347
|
+
def key_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
|
347
348
|
pulumi.set(self, "key_algorithm", value)
|
348
349
|
|
349
350
|
@property
|
350
351
|
@pulumi.getter(name="privateKeyPem")
|
351
|
-
def private_key_pem(self) -> Optional[pulumi.Input[str]]:
|
352
|
+
def private_key_pem(self) -> Optional[pulumi.Input[builtins.str]]:
|
352
353
|
"""
|
353
|
-
Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
354
|
+
Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
354
355
|
"""
|
355
356
|
return pulumi.get(self, "private_key_pem")
|
356
357
|
|
357
358
|
@private_key_pem.setter
|
358
|
-
def private_key_pem(self, value: Optional[pulumi.Input[str]]):
|
359
|
+
def private_key_pem(self, value: Optional[pulumi.Input[builtins.str]]):
|
359
360
|
pulumi.set(self, "private_key_pem", value)
|
360
361
|
|
361
362
|
@property
|
362
363
|
@pulumi.getter(name="readyForRenewal")
|
363
|
-
def ready_for_renewal(self) -> Optional[pulumi.Input[bool]]:
|
364
|
+
def ready_for_renewal(self) -> Optional[pulumi.Input[builtins.bool]]:
|
364
365
|
"""
|
365
366
|
Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
366
367
|
"""
|
367
368
|
return pulumi.get(self, "ready_for_renewal")
|
368
369
|
|
369
370
|
@ready_for_renewal.setter
|
370
|
-
def ready_for_renewal(self, value: Optional[pulumi.Input[bool]]):
|
371
|
+
def ready_for_renewal(self, value: Optional[pulumi.Input[builtins.bool]]):
|
371
372
|
pulumi.set(self, "ready_for_renewal", value)
|
372
373
|
|
373
374
|
@property
|
374
375
|
@pulumi.getter(name="setAuthorityKeyId")
|
375
|
-
def set_authority_key_id(self) -> Optional[pulumi.Input[bool]]:
|
376
|
+
def set_authority_key_id(self) -> Optional[pulumi.Input[builtins.bool]]:
|
376
377
|
"""
|
377
378
|
Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
378
379
|
"""
|
379
380
|
return pulumi.get(self, "set_authority_key_id")
|
380
381
|
|
381
382
|
@set_authority_key_id.setter
|
382
|
-
def set_authority_key_id(self, value: Optional[pulumi.Input[bool]]):
|
383
|
+
def set_authority_key_id(self, value: Optional[pulumi.Input[builtins.bool]]):
|
383
384
|
pulumi.set(self, "set_authority_key_id", value)
|
384
385
|
|
385
386
|
@property
|
386
387
|
@pulumi.getter(name="setSubjectKeyId")
|
387
|
-
def set_subject_key_id(self) -> Optional[pulumi.Input[bool]]:
|
388
|
+
def set_subject_key_id(self) -> Optional[pulumi.Input[builtins.bool]]:
|
388
389
|
"""
|
389
390
|
Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
390
391
|
"""
|
391
392
|
return pulumi.get(self, "set_subject_key_id")
|
392
393
|
|
393
394
|
@set_subject_key_id.setter
|
394
|
-
def set_subject_key_id(self, value: Optional[pulumi.Input[bool]]):
|
395
|
+
def set_subject_key_id(self, value: Optional[pulumi.Input[builtins.bool]]):
|
395
396
|
pulumi.set(self, "set_subject_key_id", value)
|
396
397
|
|
397
398
|
@property
|
@@ -408,50 +409,50 @@ class _SelfSignedCertState:
|
|
408
409
|
|
409
410
|
@property
|
410
411
|
@pulumi.getter
|
411
|
-
def uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
412
|
+
def uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
412
413
|
"""
|
413
414
|
List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
414
415
|
"""
|
415
416
|
return pulumi.get(self, "uris")
|
416
417
|
|
417
418
|
@uris.setter
|
418
|
-
def uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
419
|
+
def uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
419
420
|
pulumi.set(self, "uris", value)
|
420
421
|
|
421
422
|
@property
|
422
423
|
@pulumi.getter(name="validityEndTime")
|
423
|
-
def validity_end_time(self) -> Optional[pulumi.Input[str]]:
|
424
|
+
def validity_end_time(self) -> Optional[pulumi.Input[builtins.str]]:
|
424
425
|
"""
|
425
426
|
The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
426
427
|
"""
|
427
428
|
return pulumi.get(self, "validity_end_time")
|
428
429
|
|
429
430
|
@validity_end_time.setter
|
430
|
-
def validity_end_time(self, value: Optional[pulumi.Input[str]]):
|
431
|
+
def validity_end_time(self, value: Optional[pulumi.Input[builtins.str]]):
|
431
432
|
pulumi.set(self, "validity_end_time", value)
|
432
433
|
|
433
434
|
@property
|
434
435
|
@pulumi.getter(name="validityPeriodHours")
|
435
|
-
def validity_period_hours(self) -> Optional[pulumi.Input[int]]:
|
436
|
+
def validity_period_hours(self) -> Optional[pulumi.Input[builtins.int]]:
|
436
437
|
"""
|
437
438
|
Number of hours, after initial issuing, that the certificate will remain valid for.
|
438
439
|
"""
|
439
440
|
return pulumi.get(self, "validity_period_hours")
|
440
441
|
|
441
442
|
@validity_period_hours.setter
|
442
|
-
def validity_period_hours(self, value: Optional[pulumi.Input[int]]):
|
443
|
+
def validity_period_hours(self, value: Optional[pulumi.Input[builtins.int]]):
|
443
444
|
pulumi.set(self, "validity_period_hours", value)
|
444
445
|
|
445
446
|
@property
|
446
447
|
@pulumi.getter(name="validityStartTime")
|
447
|
-
def validity_start_time(self) -> Optional[pulumi.Input[str]]:
|
448
|
+
def validity_start_time(self) -> Optional[pulumi.Input[builtins.str]]:
|
448
449
|
"""
|
449
450
|
The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
450
451
|
"""
|
451
452
|
return pulumi.get(self, "validity_start_time")
|
452
453
|
|
453
454
|
@validity_start_time.setter
|
454
|
-
def validity_start_time(self, value: Optional[pulumi.Input[str]]):
|
455
|
+
def validity_start_time(self, value: Optional[pulumi.Input[builtins.str]]):
|
455
456
|
pulumi.set(self, "validity_start_time", value)
|
456
457
|
|
457
458
|
|
@@ -460,32 +461,32 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
460
461
|
def __init__(__self__,
|
461
462
|
resource_name: str,
|
462
463
|
opts: Optional[pulumi.ResourceOptions] = None,
|
463
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
464
|
-
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
465
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
466
|
-
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
467
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
468
|
-
private_key_pem: Optional[pulumi.Input[str]] = None,
|
469
|
-
set_authority_key_id: Optional[pulumi.Input[bool]] = None,
|
470
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
464
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
465
|
+
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
466
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
467
|
+
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
468
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
469
|
+
private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
470
|
+
set_authority_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
471
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
471
472
|
subject: Optional[pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']]] = None,
|
472
|
-
uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
473
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
473
|
+
uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
474
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
474
475
|
__props__=None):
|
475
476
|
"""
|
476
477
|
Create a SelfSignedCert resource with the given unique name, props, and options.
|
477
478
|
:param str resource_name: The name of the resource.
|
478
479
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
479
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
480
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
481
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
482
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
483
|
-
:param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
484
|
-
:param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
485
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
480
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
481
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
482
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
483
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
484
|
+
:param pulumi.Input[builtins.str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
485
|
+
:param pulumi.Input[builtins.bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
486
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
486
487
|
:param pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
|
487
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
488
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
488
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
489
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
489
490
|
"""
|
490
491
|
...
|
491
492
|
@overload
|
@@ -510,17 +511,17 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
510
511
|
def _internal_init(__self__,
|
511
512
|
resource_name: str,
|
512
513
|
opts: Optional[pulumi.ResourceOptions] = None,
|
513
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
514
|
-
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
515
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
516
|
-
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
517
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
518
|
-
private_key_pem: Optional[pulumi.Input[str]] = None,
|
519
|
-
set_authority_key_id: Optional[pulumi.Input[bool]] = None,
|
520
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
514
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
515
|
+
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
516
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
517
|
+
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
518
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
519
|
+
private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
520
|
+
set_authority_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
521
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
521
522
|
subject: Optional[pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']]] = None,
|
522
|
-
uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
523
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
523
|
+
uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
524
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
524
525
|
__props__=None):
|
525
526
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
526
527
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -564,22 +565,22 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
564
565
|
def get(resource_name: str,
|
565
566
|
id: pulumi.Input[str],
|
566
567
|
opts: Optional[pulumi.ResourceOptions] = None,
|
567
|
-
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
568
|
-
cert_pem: Optional[pulumi.Input[str]] = None,
|
569
|
-
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
570
|
-
early_renewal_hours: Optional[pulumi.Input[int]] = None,
|
571
|
-
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
572
|
-
is_ca_certificate: Optional[pulumi.Input[bool]] = None,
|
573
|
-
key_algorithm: Optional[pulumi.Input[str]] = None,
|
574
|
-
private_key_pem: Optional[pulumi.Input[str]] = None,
|
575
|
-
ready_for_renewal: Optional[pulumi.Input[bool]] = None,
|
576
|
-
set_authority_key_id: Optional[pulumi.Input[bool]] = None,
|
577
|
-
set_subject_key_id: Optional[pulumi.Input[bool]] = None,
|
568
|
+
allowed_uses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
569
|
+
cert_pem: Optional[pulumi.Input[builtins.str]] = None,
|
570
|
+
dns_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
571
|
+
early_renewal_hours: Optional[pulumi.Input[builtins.int]] = None,
|
572
|
+
ip_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
573
|
+
is_ca_certificate: Optional[pulumi.Input[builtins.bool]] = None,
|
574
|
+
key_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
575
|
+
private_key_pem: Optional[pulumi.Input[builtins.str]] = None,
|
576
|
+
ready_for_renewal: Optional[pulumi.Input[builtins.bool]] = None,
|
577
|
+
set_authority_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
578
|
+
set_subject_key_id: Optional[pulumi.Input[builtins.bool]] = None,
|
578
579
|
subject: Optional[pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']]] = None,
|
579
|
-
uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
580
|
-
validity_end_time: Optional[pulumi.Input[str]] = None,
|
581
|
-
validity_period_hours: Optional[pulumi.Input[int]] = None,
|
582
|
-
validity_start_time: Optional[pulumi.Input[str]] = None) -> 'SelfSignedCert':
|
580
|
+
uris: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
581
|
+
validity_end_time: Optional[pulumi.Input[builtins.str]] = None,
|
582
|
+
validity_period_hours: Optional[pulumi.Input[builtins.int]] = None,
|
583
|
+
validity_start_time: Optional[pulumi.Input[builtins.str]] = None) -> 'SelfSignedCert':
|
583
584
|
"""
|
584
585
|
Get an existing SelfSignedCert resource's state with the given name, id, and optional extra
|
585
586
|
properties used to qualify the lookup.
|
@@ -587,21 +588,21 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
587
588
|
:param str resource_name: The unique name of the resulting resource.
|
588
589
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
589
590
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
590
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
591
|
-
:param pulumi.Input[str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
592
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
593
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
594
|
-
:param pulumi.Input[bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
595
|
-
:param pulumi.Input[str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
|
596
|
-
:param pulumi.Input[str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
597
|
-
:param pulumi.Input[bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
598
|
-
:param pulumi.Input[bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
599
|
-
:param pulumi.Input[bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
591
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uses: List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
592
|
+
:param pulumi.Input[builtins.str] cert_pem: Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
593
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] dns_names: List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
594
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_addresses: List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
595
|
+
:param pulumi.Input[builtins.bool] is_ca_certificate: Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
596
|
+
:param pulumi.Input[builtins.str] key_algorithm: Name of the algorithm used when generating the private key provided in `private_key_pem`.
|
597
|
+
:param pulumi.Input[builtins.str] private_key_pem: Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
598
|
+
:param pulumi.Input[builtins.bool] ready_for_renewal: Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
599
|
+
:param pulumi.Input[builtins.bool] set_authority_key_id: Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
600
|
+
:param pulumi.Input[builtins.bool] set_subject_key_id: Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
600
601
|
:param pulumi.Input[Union['SelfSignedCertSubjectArgs', 'SelfSignedCertSubjectArgsDict']] subject: The subject for which a certificate is being requested. The acceptable arguments are all optional and their naming is based upon [Issuer Distinguished Names (RFC5280)](https://tools.ietf.org/html/rfc5280#section-4.1.2.4) section.
|
601
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
602
|
-
:param pulumi.Input[str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
603
|
-
:param pulumi.Input[int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
604
|
-
:param pulumi.Input[str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
602
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uris: List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
603
|
+
:param pulumi.Input[builtins.str] validity_end_time: The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
604
|
+
:param pulumi.Input[builtins.int] validity_period_hours: Number of hours, after initial issuing, that the certificate will remain valid for.
|
605
|
+
:param pulumi.Input[builtins.str] validity_start_time: The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
605
606
|
"""
|
606
607
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
607
608
|
|
@@ -627,7 +628,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
627
628
|
|
628
629
|
@property
|
629
630
|
@pulumi.getter(name="allowedUses")
|
630
|
-
def allowed_uses(self) -> pulumi.Output[Sequence[str]]:
|
631
|
+
def allowed_uses(self) -> pulumi.Output[Sequence[builtins.str]]:
|
631
632
|
"""
|
632
633
|
List of key usages allowed for the issued certificate. Values are defined in [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280) and combine flags defined by both [Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3) and [Extended Key Usages](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12). Accepted values: `any_extended`, `cert_signing`, `client_auth`, `code_signing`, `content_commitment`, `crl_signing`, `data_encipherment`, `decipher_only`, `digital_signature`, `email_protection`, `encipher_only`, `ipsec_end_system`, `ipsec_tunnel`, `ipsec_user`, `key_agreement`, `key_encipherment`, `microsoft_commercial_code_signing`, `microsoft_kernel_code_signing`, `microsoft_server_gated_crypto`, `netscape_server_gated_crypto`, `ocsp_signing`, `server_auth`, `timestamping`.
|
633
634
|
"""
|
@@ -635,7 +636,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
635
636
|
|
636
637
|
@property
|
637
638
|
@pulumi.getter(name="certPem")
|
638
|
-
def cert_pem(self) -> pulumi.Output[str]:
|
639
|
+
def cert_pem(self) -> pulumi.Output[builtins.str]:
|
639
640
|
"""
|
640
641
|
Certificate data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. **NOTE**: the [underlying](https://pkg.go.dev/encoding/pem#Encode) [libraries](https://pkg.go.dev/golang.org/x/crypto/ssh#MarshalAuthorizedKey) that generate this value append a `\\n` at the end of the PEM. In case this disrupts your use case, we recommend using `trimspace()`.
|
641
642
|
"""
|
@@ -643,7 +644,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
643
644
|
|
644
645
|
@property
|
645
646
|
@pulumi.getter(name="dnsNames")
|
646
|
-
def dns_names(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
647
|
+
def dns_names(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
647
648
|
"""
|
648
649
|
List of DNS names for which a certificate is being requested (i.e. certificate subjects).
|
649
650
|
"""
|
@@ -651,12 +652,12 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
651
652
|
|
652
653
|
@property
|
653
654
|
@pulumi.getter(name="earlyRenewalHours")
|
654
|
-
def early_renewal_hours(self) -> pulumi.Output[int]:
|
655
|
+
def early_renewal_hours(self) -> pulumi.Output[builtins.int]:
|
655
656
|
return pulumi.get(self, "early_renewal_hours")
|
656
657
|
|
657
658
|
@property
|
658
659
|
@pulumi.getter(name="ipAddresses")
|
659
|
-
def ip_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
660
|
+
def ip_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
660
661
|
"""
|
661
662
|
List of IP addresses for which a certificate is being requested (i.e. certificate subjects).
|
662
663
|
"""
|
@@ -664,7 +665,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
664
665
|
|
665
666
|
@property
|
666
667
|
@pulumi.getter(name="isCaCertificate")
|
667
|
-
def is_ca_certificate(self) -> pulumi.Output[bool]:
|
668
|
+
def is_ca_certificate(self) -> pulumi.Output[builtins.bool]:
|
668
669
|
"""
|
669
670
|
Is the generated certificate representing a Certificate Authority (CA) (default: `false`).
|
670
671
|
"""
|
@@ -672,7 +673,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
672
673
|
|
673
674
|
@property
|
674
675
|
@pulumi.getter(name="keyAlgorithm")
|
675
|
-
def key_algorithm(self) -> pulumi.Output[str]:
|
676
|
+
def key_algorithm(self) -> pulumi.Output[builtins.str]:
|
676
677
|
"""
|
677
678
|
Name of the algorithm used when generating the private key provided in `private_key_pem`.
|
678
679
|
"""
|
@@ -680,15 +681,15 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
680
681
|
|
681
682
|
@property
|
682
683
|
@pulumi.getter(name="privateKeyPem")
|
683
|
-
def private_key_pem(self) -> pulumi.Output[str]:
|
684
|
+
def private_key_pem(self) -> pulumi.Output[builtins.str]:
|
684
685
|
"""
|
685
|
-
Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
686
|
+
Private key in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format, that the certificate will belong to.
|
686
687
|
"""
|
687
688
|
return pulumi.get(self, "private_key_pem")
|
688
689
|
|
689
690
|
@property
|
690
691
|
@pulumi.getter(name="readyForRenewal")
|
691
|
-
def ready_for_renewal(self) -> pulumi.Output[bool]:
|
692
|
+
def ready_for_renewal(self) -> pulumi.Output[builtins.bool]:
|
692
693
|
"""
|
693
694
|
Is the certificate either expired (i.e. beyond the `validity_period_hours`) or ready for an early renewal (i.e. within the `early_renewal_hours`)?
|
694
695
|
"""
|
@@ -696,7 +697,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
696
697
|
|
697
698
|
@property
|
698
699
|
@pulumi.getter(name="setAuthorityKeyId")
|
699
|
-
def set_authority_key_id(self) -> pulumi.Output[bool]:
|
700
|
+
def set_authority_key_id(self) -> pulumi.Output[builtins.bool]:
|
700
701
|
"""
|
701
702
|
Should the generated certificate include an [authority key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.1): for self-signed certificates this is the same value as the [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
702
703
|
"""
|
@@ -704,7 +705,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
704
705
|
|
705
706
|
@property
|
706
707
|
@pulumi.getter(name="setSubjectKeyId")
|
707
|
-
def set_subject_key_id(self) -> pulumi.Output[bool]:
|
708
|
+
def set_subject_key_id(self) -> pulumi.Output[builtins.bool]:
|
708
709
|
"""
|
709
710
|
Should the generated certificate include a [subject key identifier](https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2) (default: `false`).
|
710
711
|
"""
|
@@ -720,7 +721,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
720
721
|
|
721
722
|
@property
|
722
723
|
@pulumi.getter
|
723
|
-
def uris(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
724
|
+
def uris(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
724
725
|
"""
|
725
726
|
List of URIs for which a certificate is being requested (i.e. certificate subjects).
|
726
727
|
"""
|
@@ -728,7 +729,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
728
729
|
|
729
730
|
@property
|
730
731
|
@pulumi.getter(name="validityEndTime")
|
731
|
-
def validity_end_time(self) -> pulumi.Output[str]:
|
732
|
+
def validity_end_time(self) -> pulumi.Output[builtins.str]:
|
732
733
|
"""
|
733
734
|
The time until which the certificate is invalid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
734
735
|
"""
|
@@ -736,7 +737,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
736
737
|
|
737
738
|
@property
|
738
739
|
@pulumi.getter(name="validityPeriodHours")
|
739
|
-
def validity_period_hours(self) -> pulumi.Output[int]:
|
740
|
+
def validity_period_hours(self) -> pulumi.Output[builtins.int]:
|
740
741
|
"""
|
741
742
|
Number of hours, after initial issuing, that the certificate will remain valid for.
|
742
743
|
"""
|
@@ -744,7 +745,7 @@ class SelfSignedCert(pulumi.CustomResource):
|
|
744
745
|
|
745
746
|
@property
|
746
747
|
@pulumi.getter(name="validityStartTime")
|
747
|
-
def validity_start_time(self) -> pulumi.Output[str]:
|
748
|
+
def validity_start_time(self) -> pulumi.Output[builtins.str]:
|
748
749
|
"""
|
749
750
|
The time after which the certificate is valid, expressed as an [RFC3339](https://tools.ietf.org/html/rfc3339) timestamp.
|
750
751
|
"""
|