pulumi-vault 5.21.0a1709368526__py3-none-any.whl → 6.5.0__py3-none-any.whl

pulumi_vault/pkisecret/secret_backend_issuer.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendIssuerArgs', 'SecretBackendIssuer']
@@ -44,7 +49,7 @@ class SecretBackendIssuerArgs:
                computed CAChain field from, when non-empty.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
         :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
@@ -182,7 +187,7 @@ class SecretBackendIssuerArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -264,7 +269,7 @@ class _SecretBackendIssuerState:
                computed CAChain field from, when non-empty.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
         :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
@@ -418,7 +423,7 @@ class _SecretBackendIssuerState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -511,7 +516,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
         PKI secret backend issuer can be imported using the `id`, e.g.
 
         ```sh
-         $ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
+        $ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
         ```
 
         :param str resource_name: The name of the resource.
@@ -532,7 +537,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
                computed CAChain field from, when non-empty.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
         :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
@@ -573,7 +578,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
         PKI secret backend issuer can be imported using the `id`, e.g.
 
         ```sh
-         $ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
+        $ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
         ```
 
         :param str resource_name: The name of the resource.
@@ -676,7 +681,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
                computed CAChain field from, when non-empty.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
         :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
@@ -786,7 +791,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")

pulumi_vault/pkisecret/secret_backend_key.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 
 __all__ = ['SecretBackendKeyArgs', 'SecretBackendKey']
@@ -37,7 +42,7 @@ class SecretBackendKeyArgs:
         :param pulumi.Input[str] managed_key_name: The managed key's configured name.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         """
         pulumi.set(__self__, "backend", backend)
@@ -149,7 +154,7 @@ class SecretBackendKeyArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -186,7 +191,7 @@ class _SecretBackendKeyState:
         :param pulumi.Input[str] managed_key_name: The managed key's configured name.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] type: Specifies the type of the key to create. Can be `exported`,`internal` or `kms`.
         """
@@ -303,7 +308,7 @@ class _SecretBackendKeyState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -347,7 +352,7 @@ class SecretBackendKey(pulumi.CustomResource):
         PKI secret backend key can be imported using the `id`, e.g.
 
         ```sh
-         $ pulumi import vault:pkiSecret/secretBackendKey:SecretBackendKey key pki/key/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
+        $ pulumi import vault:pkiSecret/secretBackendKey:SecretBackendKey key pki/key/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
         ```
 
         :param str resource_name: The name of the resource.
@@ -364,7 +369,7 @@ class SecretBackendKey(pulumi.CustomResource):
         :param pulumi.Input[str] managed_key_name: The managed key's configured name.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] type: Specifies the type of the key to create. Can be `exported`,`internal` or `kms`.
         """
@@ -382,7 +387,7 @@ class SecretBackendKey(pulumi.CustomResource):
         PKI secret backend key can be imported using the `id`, e.g.
 
         ```sh
-         $ pulumi import vault:pkiSecret/secretBackendKey:SecretBackendKey key pki/key/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
+        $ pulumi import vault:pkiSecret/secretBackendKey:SecretBackendKey key pki/key/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
         ```
 
         :param str resource_name: The name of the resource.
@@ -469,7 +474,7 @@ class SecretBackendKey(pulumi.CustomResource):
         :param pulumi.Input[str] managed_key_name: The managed key's configured name.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[str] type: Specifies the type of the key to create. Can be `exported`,`internal` or `kms`.
         """
@@ -554,7 +559,7 @@ class SecretBackendKey(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")

pulumi_vault/pkisecret/secret_backend_role.py

@@ -4,9 +4,14 @@
 
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
 from . import outputs
 from ._inputs import *
@@ -33,6 +38,7 @@ class SecretBackendRoleArgs:
                  allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -81,6 +87,7 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -103,7 +110,7 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
         :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
@@ -153,6 +160,8 @@ class SecretBackendRoleArgs:
             pulumi.set(__self__, "basic_constraints_valid_for_non_ca", basic_constraints_valid_for_non_ca)
         if client_flag is not None:
             pulumi.set(__self__, "client_flag", client_flag)
+        if cn_validations is not None:
+            pulumi.set(__self__, "cn_validations", cn_validations)
         if code_signing_flag is not None:
             pulumi.set(__self__, "code_signing_flag", code_signing_flag)
         if countries is not None:
@@ -416,6 +425,18 @@ class SecretBackendRoleArgs:
     def client_flag(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "client_flag", value)
 
+    @property
+    @pulumi.getter(name="cnValidations")
+    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        """
+        return pulumi.get(self, "cn_validations")
+
+    @cn_validations.setter
+    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "cn_validations", value)
+
     @property
     @pulumi.getter(name="codeSigningFlag")
     def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -596,7 +617,7 @@ class SecretBackendRoleArgs:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -794,6 +815,7 @@ class _SecretBackendRoleState:
                  backend: Optional[pulumi.Input[str]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -842,6 +864,7 @@ class _SecretBackendRoleState:
         :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -864,7 +887,7 @@ class _SecretBackendRoleState:
         :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
         :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
@@ -915,6 +938,8 @@ class _SecretBackendRoleState:
             pulumi.set(__self__, "basic_constraints_valid_for_non_ca", basic_constraints_valid_for_non_ca)
         if client_flag is not None:
             pulumi.set(__self__, "client_flag", client_flag)
+        if cn_validations is not None:
+            pulumi.set(__self__, "cn_validations", cn_validations)
         if code_signing_flag is not None:
             pulumi.set(__self__, "code_signing_flag", code_signing_flag)
         if countries is not None:
@@ -1178,6 +1203,18 @@ class _SecretBackendRoleState:
     def client_flag(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "client_flag", value)
 
+    @property
+    @pulumi.getter(name="cnValidations")
+    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        """
+        return pulumi.get(self, "cn_validations")
+
+    @cn_validations.setter
+    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "cn_validations", value)
+
     @property
     @pulumi.getter(name="codeSigningFlag")
     def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -1358,7 +1395,7 @@ class _SecretBackendRoleState:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")
@@ -1558,6 +1595,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1577,7 +1615,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  not_before_duration: Optional[pulumi.Input[str]] = None,
                  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]]] = None,
+                 policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
                  policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1604,6 +1642,7 @@ class SecretBackendRole(pulumi.CustomResource):
             max_lease_ttl_seconds=86400)
         role = vault.pki_secret.SecretBackendRole("role",
             backend=pki.path,
+            name="my_role",
             ttl="3600",
             allow_ip_sans=True,
             key_type="rsa",
@@ -1620,7 +1659,7 @@ class SecretBackendRole(pulumi.CustomResource):
         PKI secret backend roles can be imported using the `path`, e.g.
 
         ```sh
-         $ pulumi import vault:pkiSecret/secretBackendRole:SecretBackendRole role pki/roles/my_role
+        $ pulumi import vault:pkiSecret/secretBackendRole:SecretBackendRole role pki/roles/my_role
         ```
 
         :param str resource_name: The name of the resource.
@@ -1642,6 +1681,7 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -1664,13 +1704,13 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
         :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
         :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
@@ -1703,6 +1743,7 @@ class SecretBackendRole(pulumi.CustomResource):
             max_lease_ttl_seconds=86400)
         role = vault.pki_secret.SecretBackendRole("role",
             backend=pki.path,
+            name="my_role",
             ttl="3600",
             allow_ip_sans=True,
             key_type="rsa",
@@ -1719,7 +1760,7 @@ class SecretBackendRole(pulumi.CustomResource):
         PKI secret backend roles can be imported using the `path`, e.g.
 
         ```sh
-         $ pulumi import vault:pkiSecret/secretBackendRole:SecretBackendRole role pki/roles/my_role
+        $ pulumi import vault:pkiSecret/secretBackendRole:SecretBackendRole role pki/roles/my_role
         ```
 
         :param str resource_name: The name of the resource.
@@ -1754,6 +1795,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1773,7 +1815,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  not_before_duration: Optional[pulumi.Input[str]] = None,
                  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]]] = None,
+                 policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
                  policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1811,6 +1853,7 @@ class SecretBackendRole(pulumi.CustomResource):
             __props__.__dict__["backend"] = backend
             __props__.__dict__["basic_constraints_valid_for_non_ca"] = basic_constraints_valid_for_non_ca
             __props__.__dict__["client_flag"] = client_flag
+            __props__.__dict__["cn_validations"] = cn_validations
             __props__.__dict__["code_signing_flag"] = code_signing_flag
             __props__.__dict__["countries"] = countries
             __props__.__dict__["email_protection_flag"] = email_protection_flag
@@ -1867,6 +1910,7 @@ class SecretBackendRole(pulumi.CustomResource):
             backend: Optional[pulumi.Input[str]] = None,
             basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
             client_flag: Optional[pulumi.Input[bool]] = None,
+            cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             code_signing_flag: Optional[pulumi.Input[bool]] = None,
             countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1886,7 +1930,7 @@ class SecretBackendRole(pulumi.CustomResource):
             not_before_duration: Optional[pulumi.Input[str]] = None,
             organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]]] = None,
+            policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
             policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1920,6 +1964,7 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -1942,13 +1987,13 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
         :param pulumi.Input[str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
-               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+               The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
         :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
         :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SecretBackendRolePolicyIdentifierArgs']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
         :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
         :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
@@ -1980,6 +2025,7 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["backend"] = backend
         __props__.__dict__["basic_constraints_valid_for_non_ca"] = basic_constraints_valid_for_non_ca
         __props__.__dict__["client_flag"] = client_flag
+        __props__.__dict__["cn_validations"] = cn_validations
         __props__.__dict__["code_signing_flag"] = code_signing_flag
         __props__.__dict__["countries"] = countries
         __props__.__dict__["email_protection_flag"] = email_protection_flag
@@ -2147,6 +2193,14 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "client_flag")
 
+    @property
+    @pulumi.getter(name="cnValidations")
+    def cn_validations(self) -> pulumi.Output[Sequence[str]]:
+        """
+        Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        """
+        return pulumi.get(self, "cn_validations")
+
     @property
     @pulumi.getter(name="codeSigningFlag")
     def code_signing_flag(self) -> pulumi.Output[Optional[bool]]:
@@ -2271,7 +2325,7 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
-        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
+        The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
         *Available only for Vault Enterprise*.
         """
         return pulumi.get(self, "namespace")