pulumi-vault 6.5.0a1736836139__py3-none-any.whl → 6.5.0a1737047276__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,642 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import copy
6
+ import warnings
7
+ import sys
8
+ import pulumi
9
+ import pulumi.runtime
10
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
15
+ from .. import _utilities
16
+
17
+ __all__ = ['BackendConfigAcmeArgs', 'BackendConfigAcme']
18
+
19
+ @pulumi.input_type
20
+ class BackendConfigAcmeArgs:
21
+ def __init__(__self__, *,
22
+ backend: pulumi.Input[str],
23
+ enabled: pulumi.Input[bool],
24
+ allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
25
+ allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
+ allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
27
+ default_directory_policy: Optional[pulumi.Input[str]] = None,
28
+ dns_resolver: Optional[pulumi.Input[str]] = None,
29
+ eab_policy: Optional[pulumi.Input[str]] = None,
30
+ namespace: Optional[pulumi.Input[str]] = None):
31
+ """
32
+ The set of arguments for constructing a BackendConfigAcme resource.
33
+ :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
34
+ :param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
35
+ :param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
36
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
37
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
38
+ :param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
39
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
40
+ :param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
41
+ Must be in the format `<host>:<port>`, with both parts mandatory.
42
+ :param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
43
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
44
+ :param pulumi.Input[str] namespace: The namespace to provision the resource in.
45
+ The value should not contain leading or trailing forward slashes.
46
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
47
+ *Available only for Vault Enterprise*.
48
+ """
49
+ pulumi.set(__self__, "backend", backend)
50
+ pulumi.set(__self__, "enabled", enabled)
51
+ if allow_role_ext_key_usage is not None:
52
+ pulumi.set(__self__, "allow_role_ext_key_usage", allow_role_ext_key_usage)
53
+ if allowed_issuers is not None:
54
+ pulumi.set(__self__, "allowed_issuers", allowed_issuers)
55
+ if allowed_roles is not None:
56
+ pulumi.set(__self__, "allowed_roles", allowed_roles)
57
+ if default_directory_policy is not None:
58
+ pulumi.set(__self__, "default_directory_policy", default_directory_policy)
59
+ if dns_resolver is not None:
60
+ pulumi.set(__self__, "dns_resolver", dns_resolver)
61
+ if eab_policy is not None:
62
+ pulumi.set(__self__, "eab_policy", eab_policy)
63
+ if namespace is not None:
64
+ pulumi.set(__self__, "namespace", namespace)
65
+
66
+ @property
67
+ @pulumi.getter
68
+ def backend(self) -> pulumi.Input[str]:
69
+ """
70
+ The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
71
+ """
72
+ return pulumi.get(self, "backend")
73
+
74
+ @backend.setter
75
+ def backend(self, value: pulumi.Input[str]):
76
+ pulumi.set(self, "backend", value)
77
+
78
+ @property
79
+ @pulumi.getter
80
+ def enabled(self) -> pulumi.Input[bool]:
81
+ """
82
+ Specifies whether ACME is enabled.
83
+ """
84
+ return pulumi.get(self, "enabled")
85
+
86
+ @enabled.setter
87
+ def enabled(self, value: pulumi.Input[bool]):
88
+ pulumi.set(self, "enabled", value)
89
+
90
+ @property
91
+ @pulumi.getter(name="allowRoleExtKeyUsage")
92
+ def allow_role_ext_key_usage(self) -> Optional[pulumi.Input[bool]]:
93
+ """
94
+ Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
95
+ """
96
+ return pulumi.get(self, "allow_role_ext_key_usage")
97
+
98
+ @allow_role_ext_key_usage.setter
99
+ def allow_role_ext_key_usage(self, value: Optional[pulumi.Input[bool]]):
100
+ pulumi.set(self, "allow_role_ext_key_usage", value)
101
+
102
+ @property
103
+ @pulumi.getter(name="allowedIssuers")
104
+ def allowed_issuers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
105
+ """
106
+ Specifies which issuers are allowed for use with ACME.
107
+ """
108
+ return pulumi.get(self, "allowed_issuers")
109
+
110
+ @allowed_issuers.setter
111
+ def allowed_issuers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
112
+ pulumi.set(self, "allowed_issuers", value)
113
+
114
+ @property
115
+ @pulumi.getter(name="allowedRoles")
116
+ def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
117
+ """
118
+ Specifies which roles are allowed for use with ACME.
119
+ """
120
+ return pulumi.get(self, "allowed_roles")
121
+
122
+ @allowed_roles.setter
123
+ def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
124
+ pulumi.set(self, "allowed_roles", value)
125
+
126
+ @property
127
+ @pulumi.getter(name="defaultDirectoryPolicy")
128
+ def default_directory_policy(self) -> Optional[pulumi.Input[str]]:
129
+ """
130
+ Specifies the policy to be used for non-role-qualified ACME requests.
131
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
132
+ """
133
+ return pulumi.get(self, "default_directory_policy")
134
+
135
+ @default_directory_policy.setter
136
+ def default_directory_policy(self, value: Optional[pulumi.Input[str]]):
137
+ pulumi.set(self, "default_directory_policy", value)
138
+
139
+ @property
140
+ @pulumi.getter(name="dnsResolver")
141
+ def dns_resolver(self) -> Optional[pulumi.Input[str]]:
142
+ """
143
+ DNS resolver to use for domain resolution on this mount.
144
+ Must be in the format `<host>:<port>`, with both parts mandatory.
145
+ """
146
+ return pulumi.get(self, "dns_resolver")
147
+
148
+ @dns_resolver.setter
149
+ def dns_resolver(self, value: Optional[pulumi.Input[str]]):
150
+ pulumi.set(self, "dns_resolver", value)
151
+
152
+ @property
153
+ @pulumi.getter(name="eabPolicy")
154
+ def eab_policy(self) -> Optional[pulumi.Input[str]]:
155
+ """
156
+ Specifies the policy to use for external account binding behaviour.
157
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
158
+ """
159
+ return pulumi.get(self, "eab_policy")
160
+
161
+ @eab_policy.setter
162
+ def eab_policy(self, value: Optional[pulumi.Input[str]]):
163
+ pulumi.set(self, "eab_policy", value)
164
+
165
+ @property
166
+ @pulumi.getter
167
+ def namespace(self) -> Optional[pulumi.Input[str]]:
168
+ """
169
+ The namespace to provision the resource in.
170
+ The value should not contain leading or trailing forward slashes.
171
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
172
+ *Available only for Vault Enterprise*.
173
+ """
174
+ return pulumi.get(self, "namespace")
175
+
176
+ @namespace.setter
177
+ def namespace(self, value: Optional[pulumi.Input[str]]):
178
+ pulumi.set(self, "namespace", value)
179
+
180
+
181
+ @pulumi.input_type
182
+ class _BackendConfigAcmeState:
183
+ def __init__(__self__, *,
184
+ allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
185
+ allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
186
+ allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
187
+ backend: Optional[pulumi.Input[str]] = None,
188
+ default_directory_policy: Optional[pulumi.Input[str]] = None,
189
+ dns_resolver: Optional[pulumi.Input[str]] = None,
190
+ eab_policy: Optional[pulumi.Input[str]] = None,
191
+ enabled: Optional[pulumi.Input[bool]] = None,
192
+ namespace: Optional[pulumi.Input[str]] = None):
193
+ """
194
+ Input properties used for looking up and filtering BackendConfigAcme resources.
195
+ :param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
196
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
197
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
198
+ :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
199
+ :param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
200
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
201
+ :param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
202
+ Must be in the format `<host>:<port>`, with both parts mandatory.
203
+ :param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
204
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
205
+ :param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
206
+ :param pulumi.Input[str] namespace: The namespace to provision the resource in.
207
+ The value should not contain leading or trailing forward slashes.
208
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
209
+ *Available only for Vault Enterprise*.
210
+ """
211
+ if allow_role_ext_key_usage is not None:
212
+ pulumi.set(__self__, "allow_role_ext_key_usage", allow_role_ext_key_usage)
213
+ if allowed_issuers is not None:
214
+ pulumi.set(__self__, "allowed_issuers", allowed_issuers)
215
+ if allowed_roles is not None:
216
+ pulumi.set(__self__, "allowed_roles", allowed_roles)
217
+ if backend is not None:
218
+ pulumi.set(__self__, "backend", backend)
219
+ if default_directory_policy is not None:
220
+ pulumi.set(__self__, "default_directory_policy", default_directory_policy)
221
+ if dns_resolver is not None:
222
+ pulumi.set(__self__, "dns_resolver", dns_resolver)
223
+ if eab_policy is not None:
224
+ pulumi.set(__self__, "eab_policy", eab_policy)
225
+ if enabled is not None:
226
+ pulumi.set(__self__, "enabled", enabled)
227
+ if namespace is not None:
228
+ pulumi.set(__self__, "namespace", namespace)
229
+
230
+ @property
231
+ @pulumi.getter(name="allowRoleExtKeyUsage")
232
+ def allow_role_ext_key_usage(self) -> Optional[pulumi.Input[bool]]:
233
+ """
234
+ Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
235
+ """
236
+ return pulumi.get(self, "allow_role_ext_key_usage")
237
+
238
+ @allow_role_ext_key_usage.setter
239
+ def allow_role_ext_key_usage(self, value: Optional[pulumi.Input[bool]]):
240
+ pulumi.set(self, "allow_role_ext_key_usage", value)
241
+
242
+ @property
243
+ @pulumi.getter(name="allowedIssuers")
244
+ def allowed_issuers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
245
+ """
246
+ Specifies which issuers are allowed for use with ACME.
247
+ """
248
+ return pulumi.get(self, "allowed_issuers")
249
+
250
+ @allowed_issuers.setter
251
+ def allowed_issuers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
252
+ pulumi.set(self, "allowed_issuers", value)
253
+
254
+ @property
255
+ @pulumi.getter(name="allowedRoles")
256
+ def allowed_roles(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
257
+ """
258
+ Specifies which roles are allowed for use with ACME.
259
+ """
260
+ return pulumi.get(self, "allowed_roles")
261
+
262
+ @allowed_roles.setter
263
+ def allowed_roles(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
264
+ pulumi.set(self, "allowed_roles", value)
265
+
266
+ @property
267
+ @pulumi.getter
268
+ def backend(self) -> Optional[pulumi.Input[str]]:
269
+ """
270
+ The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
271
+ """
272
+ return pulumi.get(self, "backend")
273
+
274
+ @backend.setter
275
+ def backend(self, value: Optional[pulumi.Input[str]]):
276
+ pulumi.set(self, "backend", value)
277
+
278
+ @property
279
+ @pulumi.getter(name="defaultDirectoryPolicy")
280
+ def default_directory_policy(self) -> Optional[pulumi.Input[str]]:
281
+ """
282
+ Specifies the policy to be used for non-role-qualified ACME requests.
283
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
284
+ """
285
+ return pulumi.get(self, "default_directory_policy")
286
+
287
+ @default_directory_policy.setter
288
+ def default_directory_policy(self, value: Optional[pulumi.Input[str]]):
289
+ pulumi.set(self, "default_directory_policy", value)
290
+
291
+ @property
292
+ @pulumi.getter(name="dnsResolver")
293
+ def dns_resolver(self) -> Optional[pulumi.Input[str]]:
294
+ """
295
+ DNS resolver to use for domain resolution on this mount.
296
+ Must be in the format `<host>:<port>`, with both parts mandatory.
297
+ """
298
+ return pulumi.get(self, "dns_resolver")
299
+
300
+ @dns_resolver.setter
301
+ def dns_resolver(self, value: Optional[pulumi.Input[str]]):
302
+ pulumi.set(self, "dns_resolver", value)
303
+
304
+ @property
305
+ @pulumi.getter(name="eabPolicy")
306
+ def eab_policy(self) -> Optional[pulumi.Input[str]]:
307
+ """
308
+ Specifies the policy to use for external account binding behaviour.
309
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
310
+ """
311
+ return pulumi.get(self, "eab_policy")
312
+
313
+ @eab_policy.setter
314
+ def eab_policy(self, value: Optional[pulumi.Input[str]]):
315
+ pulumi.set(self, "eab_policy", value)
316
+
317
+ @property
318
+ @pulumi.getter
319
+ def enabled(self) -> Optional[pulumi.Input[bool]]:
320
+ """
321
+ Specifies whether ACME is enabled.
322
+ """
323
+ return pulumi.get(self, "enabled")
324
+
325
+ @enabled.setter
326
+ def enabled(self, value: Optional[pulumi.Input[bool]]):
327
+ pulumi.set(self, "enabled", value)
328
+
329
+ @property
330
+ @pulumi.getter
331
+ def namespace(self) -> Optional[pulumi.Input[str]]:
332
+ """
333
+ The namespace to provision the resource in.
334
+ The value should not contain leading or trailing forward slashes.
335
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
336
+ *Available only for Vault Enterprise*.
337
+ """
338
+ return pulumi.get(self, "namespace")
339
+
340
+ @namespace.setter
341
+ def namespace(self, value: Optional[pulumi.Input[str]]):
342
+ pulumi.set(self, "namespace", value)
343
+
344
+
345
+ class BackendConfigAcme(pulumi.CustomResource):
346
+ @overload
347
+ def __init__(__self__,
348
+ resource_name: str,
349
+ opts: Optional[pulumi.ResourceOptions] = None,
350
+ allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
351
+ allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
352
+ allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
353
+ backend: Optional[pulumi.Input[str]] = None,
354
+ default_directory_policy: Optional[pulumi.Input[str]] = None,
355
+ dns_resolver: Optional[pulumi.Input[str]] = None,
356
+ eab_policy: Optional[pulumi.Input[str]] = None,
357
+ enabled: Optional[pulumi.Input[bool]] = None,
358
+ namespace: Optional[pulumi.Input[str]] = None,
359
+ __props__=None):
360
+ """
361
+ Allows setting the ACME server configuration used by specified mount.
362
+
363
+ ## Example Usage
364
+
365
+ ```python
366
+ import pulumi
367
+ import pulumi_vault as vault
368
+
369
+ pki = vault.Mount("pki",
370
+ path="pki",
371
+ type="pki",
372
+ default_lease_ttl_seconds=3600,
373
+ max_lease_ttl_seconds=86400)
374
+ pki_config_cluster = vault.pki_secret.BackendConfigCluster("pki_config_cluster",
375
+ backend=pki.path,
376
+ path="http://127.0.0.1:8200/v1/pki",
377
+ aia_path="http://127.0.0.1:8200/v1/pki")
378
+ example = vault.pki_secret.BackendConfigAcme("example",
379
+ backend=pki.path,
380
+ enabled=True,
381
+ allowed_issuers=["*"],
382
+ allowed_roles=["*"],
383
+ allow_role_ext_key_usage=False,
384
+ default_directory_policy="sign-verbatim",
385
+ dns_resolver="",
386
+ eab_policy="not-required")
387
+ ```
388
+
389
+ ## Import
390
+
391
+ The ACME configuration can be imported using the resource's `id`.
392
+ In the case of the example above the `id` would be `pki/config/acme`,
393
+ where the `pki` component is the resource's `backend`, e.g.
394
+
395
+ ```sh
396
+ $ pulumi import vault:pkiSecret/backendConfigAcme:BackendConfigAcme example pki/config/acme
397
+ ```
398
+
399
+ :param str resource_name: The name of the resource.
400
+ :param pulumi.ResourceOptions opts: Options for the resource.
401
+ :param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
402
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
403
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
404
+ :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
405
+ :param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
406
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
407
+ :param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
408
+ Must be in the format `<host>:<port>`, with both parts mandatory.
409
+ :param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
410
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
411
+ :param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
412
+ :param pulumi.Input[str] namespace: The namespace to provision the resource in.
413
+ The value should not contain leading or trailing forward slashes.
414
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
415
+ *Available only for Vault Enterprise*.
416
+ """
417
+ ...
418
+ @overload
419
+ def __init__(__self__,
420
+ resource_name: str,
421
+ args: BackendConfigAcmeArgs,
422
+ opts: Optional[pulumi.ResourceOptions] = None):
423
+ """
424
+ Allows setting the ACME server configuration used by specified mount.
425
+
426
+ ## Example Usage
427
+
428
+ ```python
429
+ import pulumi
430
+ import pulumi_vault as vault
431
+
432
+ pki = vault.Mount("pki",
433
+ path="pki",
434
+ type="pki",
435
+ default_lease_ttl_seconds=3600,
436
+ max_lease_ttl_seconds=86400)
437
+ pki_config_cluster = vault.pki_secret.BackendConfigCluster("pki_config_cluster",
438
+ backend=pki.path,
439
+ path="http://127.0.0.1:8200/v1/pki",
440
+ aia_path="http://127.0.0.1:8200/v1/pki")
441
+ example = vault.pki_secret.BackendConfigAcme("example",
442
+ backend=pki.path,
443
+ enabled=True,
444
+ allowed_issuers=["*"],
445
+ allowed_roles=["*"],
446
+ allow_role_ext_key_usage=False,
447
+ default_directory_policy="sign-verbatim",
448
+ dns_resolver="",
449
+ eab_policy="not-required")
450
+ ```
451
+
452
+ ## Import
453
+
454
+ The ACME configuration can be imported using the resource's `id`.
455
+ In the case of the example above the `id` would be `pki/config/acme`,
456
+ where the `pki` component is the resource's `backend`, e.g.
457
+
458
+ ```sh
459
+ $ pulumi import vault:pkiSecret/backendConfigAcme:BackendConfigAcme example pki/config/acme
460
+ ```
461
+
462
+ :param str resource_name: The name of the resource.
463
+ :param BackendConfigAcmeArgs args: The arguments to use to populate this resource's properties.
464
+ :param pulumi.ResourceOptions opts: Options for the resource.
465
+ """
466
+ ...
467
+ def __init__(__self__, resource_name: str, *args, **kwargs):
468
+ resource_args, opts = _utilities.get_resource_args_opts(BackendConfigAcmeArgs, pulumi.ResourceOptions, *args, **kwargs)
469
+ if resource_args is not None:
470
+ __self__._internal_init(resource_name, opts, **resource_args.__dict__)
471
+ else:
472
+ __self__._internal_init(resource_name, *args, **kwargs)
473
+
474
+ def _internal_init(__self__,
475
+ resource_name: str,
476
+ opts: Optional[pulumi.ResourceOptions] = None,
477
+ allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
478
+ allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
479
+ allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
480
+ backend: Optional[pulumi.Input[str]] = None,
481
+ default_directory_policy: Optional[pulumi.Input[str]] = None,
482
+ dns_resolver: Optional[pulumi.Input[str]] = None,
483
+ eab_policy: Optional[pulumi.Input[str]] = None,
484
+ enabled: Optional[pulumi.Input[bool]] = None,
485
+ namespace: Optional[pulumi.Input[str]] = None,
486
+ __props__=None):
487
+ opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
488
+ if not isinstance(opts, pulumi.ResourceOptions):
489
+ raise TypeError('Expected resource options to be a ResourceOptions instance')
490
+ if opts.id is None:
491
+ if __props__ is not None:
492
+ raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
493
+ __props__ = BackendConfigAcmeArgs.__new__(BackendConfigAcmeArgs)
494
+
495
+ __props__.__dict__["allow_role_ext_key_usage"] = allow_role_ext_key_usage
496
+ __props__.__dict__["allowed_issuers"] = allowed_issuers
497
+ __props__.__dict__["allowed_roles"] = allowed_roles
498
+ if backend is None and not opts.urn:
499
+ raise TypeError("Missing required property 'backend'")
500
+ __props__.__dict__["backend"] = backend
501
+ __props__.__dict__["default_directory_policy"] = default_directory_policy
502
+ __props__.__dict__["dns_resolver"] = dns_resolver
503
+ __props__.__dict__["eab_policy"] = eab_policy
504
+ if enabled is None and not opts.urn:
505
+ raise TypeError("Missing required property 'enabled'")
506
+ __props__.__dict__["enabled"] = enabled
507
+ __props__.__dict__["namespace"] = namespace
508
+ super(BackendConfigAcme, __self__).__init__(
509
+ 'vault:pkiSecret/backendConfigAcme:BackendConfigAcme',
510
+ resource_name,
511
+ __props__,
512
+ opts)
513
+
514
+ @staticmethod
515
+ def get(resource_name: str,
516
+ id: pulumi.Input[str],
517
+ opts: Optional[pulumi.ResourceOptions] = None,
518
+ allow_role_ext_key_usage: Optional[pulumi.Input[bool]] = None,
519
+ allowed_issuers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
520
+ allowed_roles: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
521
+ backend: Optional[pulumi.Input[str]] = None,
522
+ default_directory_policy: Optional[pulumi.Input[str]] = None,
523
+ dns_resolver: Optional[pulumi.Input[str]] = None,
524
+ eab_policy: Optional[pulumi.Input[str]] = None,
525
+ enabled: Optional[pulumi.Input[bool]] = None,
526
+ namespace: Optional[pulumi.Input[str]] = None) -> 'BackendConfigAcme':
527
+ """
528
+ Get an existing BackendConfigAcme resource's state with the given name, id, and optional extra
529
+ properties used to qualify the lookup.
530
+
531
+ :param str resource_name: The unique name of the resulting resource.
532
+ :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
533
+ :param pulumi.ResourceOptions opts: Options for the resource.
534
+ :param pulumi.Input[bool] allow_role_ext_key_usage: Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
535
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_issuers: Specifies which issuers are allowed for use with ACME.
536
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_roles: Specifies which roles are allowed for use with ACME.
537
+ :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
538
+ :param pulumi.Input[str] default_directory_policy: Specifies the policy to be used for non-role-qualified ACME requests.
539
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
540
+ :param pulumi.Input[str] dns_resolver: DNS resolver to use for domain resolution on this mount.
541
+ Must be in the format `<host>:<port>`, with both parts mandatory.
542
+ :param pulumi.Input[str] eab_policy: Specifies the policy to use for external account binding behaviour.
543
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
544
+ :param pulumi.Input[bool] enabled: Specifies whether ACME is enabled.
545
+ :param pulumi.Input[str] namespace: The namespace to provision the resource in.
546
+ The value should not contain leading or trailing forward slashes.
547
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
548
+ *Available only for Vault Enterprise*.
549
+ """
550
+ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
551
+
552
+ __props__ = _BackendConfigAcmeState.__new__(_BackendConfigAcmeState)
553
+
554
+ __props__.__dict__["allow_role_ext_key_usage"] = allow_role_ext_key_usage
555
+ __props__.__dict__["allowed_issuers"] = allowed_issuers
556
+ __props__.__dict__["allowed_roles"] = allowed_roles
557
+ __props__.__dict__["backend"] = backend
558
+ __props__.__dict__["default_directory_policy"] = default_directory_policy
559
+ __props__.__dict__["dns_resolver"] = dns_resolver
560
+ __props__.__dict__["eab_policy"] = eab_policy
561
+ __props__.__dict__["enabled"] = enabled
562
+ __props__.__dict__["namespace"] = namespace
563
+ return BackendConfigAcme(resource_name, opts=opts, __props__=__props__)
564
+
565
+ @property
566
+ @pulumi.getter(name="allowRoleExtKeyUsage")
567
+ def allow_role_ext_key_usage(self) -> pulumi.Output[Optional[bool]]:
568
+ """
569
+ Specifies whether the ExtKeyUsage field from a role is used. **Vault 1.14.1+**
570
+ """
571
+ return pulumi.get(self, "allow_role_ext_key_usage")
572
+
573
+ @property
574
+ @pulumi.getter(name="allowedIssuers")
575
+ def allowed_issuers(self) -> pulumi.Output[Sequence[str]]:
576
+ """
577
+ Specifies which issuers are allowed for use with ACME.
578
+ """
579
+ return pulumi.get(self, "allowed_issuers")
580
+
581
+ @property
582
+ @pulumi.getter(name="allowedRoles")
583
+ def allowed_roles(self) -> pulumi.Output[Sequence[str]]:
584
+ """
585
+ Specifies which roles are allowed for use with ACME.
586
+ """
587
+ return pulumi.get(self, "allowed_roles")
588
+
589
+ @property
590
+ @pulumi.getter
591
+ def backend(self) -> pulumi.Output[str]:
592
+ """
593
+ The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
594
+ """
595
+ return pulumi.get(self, "backend")
596
+
597
+ @property
598
+ @pulumi.getter(name="defaultDirectoryPolicy")
599
+ def default_directory_policy(self) -> pulumi.Output[str]:
600
+ """
601
+ Specifies the policy to be used for non-role-qualified ACME requests.
602
+ Allowed values are `forbid`, `sign-verbatim`, `role:<role_name>`, `external-policy` or `external-policy:<policy>`.
603
+ """
604
+ return pulumi.get(self, "default_directory_policy")
605
+
606
+ @property
607
+ @pulumi.getter(name="dnsResolver")
608
+ def dns_resolver(self) -> pulumi.Output[Optional[str]]:
609
+ """
610
+ DNS resolver to use for domain resolution on this mount.
611
+ Must be in the format `<host>:<port>`, with both parts mandatory.
612
+ """
613
+ return pulumi.get(self, "dns_resolver")
614
+
615
+ @property
616
+ @pulumi.getter(name="eabPolicy")
617
+ def eab_policy(self) -> pulumi.Output[str]:
618
+ """
619
+ Specifies the policy to use for external account binding behaviour.
620
+ Allowed values are `not-required`, `new-account-required` or `always-required`.
621
+ """
622
+ return pulumi.get(self, "eab_policy")
623
+
624
+ @property
625
+ @pulumi.getter
626
+ def enabled(self) -> pulumi.Output[bool]:
627
+ """
628
+ Specifies whether ACME is enabled.
629
+ """
630
+ return pulumi.get(self, "enabled")
631
+
632
+ @property
633
+ @pulumi.getter
634
+ def namespace(self) -> pulumi.Output[Optional[str]]:
635
+ """
636
+ The namespace to provision the resource in.
637
+ The value should not contain leading or trailing forward slashes.
638
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault#namespace).
639
+ *Available only for Vault Enterprise*.
640
+ """
641
+ return pulumi.get(self, "namespace")
642
+