pulumi-vault 6.5.0a1736836139__py3-none-any.whl → 6.5.0a1737047276__py3-none-any.whl

pulumi_vault/pkisecret/get_backend_config_cmpv2.py

@@ -0,0 +1,209 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+
+__all__ = [
+    'GetBackendConfigCmpv2Result',
+    'AwaitableGetBackendConfigCmpv2Result',
+    'get_backend_config_cmpv2',
+    'get_backend_config_cmpv2_output',
+]
+
+@pulumi.output_type
+class GetBackendConfigCmpv2Result:
+    """
+    A collection of values returned by getBackendConfigCmpv2.
+    """
+    def __init__(__self__, audit_fields=None, authenticators=None, backend=None, default_path_policy=None, enable_sentinel_parsing=None, enabled=None, id=None, last_updated=None, namespace=None):
+        if audit_fields and not isinstance(audit_fields, list):
+            raise TypeError("Expected argument 'audit_fields' to be a list")
+        pulumi.set(__self__, "audit_fields", audit_fields)
+        if authenticators and not isinstance(authenticators, list):
+            raise TypeError("Expected argument 'authenticators' to be a list")
+        pulumi.set(__self__, "authenticators", authenticators)
+        if backend and not isinstance(backend, str):
+            raise TypeError("Expected argument 'backend' to be a str")
+        pulumi.set(__self__, "backend", backend)
+        if default_path_policy and not isinstance(default_path_policy, str):
+            raise TypeError("Expected argument 'default_path_policy' to be a str")
+        pulumi.set(__self__, "default_path_policy", default_path_policy)
+        if enable_sentinel_parsing and not isinstance(enable_sentinel_parsing, bool):
+            raise TypeError("Expected argument 'enable_sentinel_parsing' to be a bool")
+        pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
+        if enabled and not isinstance(enabled, bool):
+            raise TypeError("Expected argument 'enabled' to be a bool")
+        pulumi.set(__self__, "enabled", enabled)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if last_updated and not isinstance(last_updated, str):
+            raise TypeError("Expected argument 'last_updated' to be a str")
+        pulumi.set(__self__, "last_updated", last_updated)
+        if namespace and not isinstance(namespace, str):
+            raise TypeError("Expected argument 'namespace' to be a str")
+        pulumi.set(__self__, "namespace", namespace)
+
+    @property
+    @pulumi.getter(name="auditFields")
+    def audit_fields(self) -> Sequence[str]:
+        return pulumi.get(self, "audit_fields")
+
+    @property
+    @pulumi.getter
+    def authenticators(self) -> Sequence['outputs.GetBackendConfigCmpv2AuthenticatorResult']:
+        return pulumi.get(self, "authenticators")
+
+    @property
+    @pulumi.getter
+    def backend(self) -> str:
+        return pulumi.get(self, "backend")
+
+    @property
+    @pulumi.getter(name="defaultPathPolicy")
+    def default_path_policy(self) -> str:
+        return pulumi.get(self, "default_path_policy")
+
+    @property
+    @pulumi.getter(name="enableSentinelParsing")
+    def enable_sentinel_parsing(self) -> bool:
+        return pulumi.get(self, "enable_sentinel_parsing")
+
+    @property
+    @pulumi.getter
+    def enabled(self) -> bool:
+        return pulumi.get(self, "enabled")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="lastUpdated")
+    def last_updated(self) -> str:
+        return pulumi.get(self, "last_updated")
+
+    @property
+    @pulumi.getter
+    def namespace(self) -> Optional[str]:
+        return pulumi.get(self, "namespace")
+
+
+class AwaitableGetBackendConfigCmpv2Result(GetBackendConfigCmpv2Result):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetBackendConfigCmpv2Result(
+            audit_fields=self.audit_fields,
+            authenticators=self.authenticators,
+            backend=self.backend,
+            default_path_policy=self.default_path_policy,
+            enable_sentinel_parsing=self.enable_sentinel_parsing,
+            enabled=self.enabled,
+            id=self.id,
+            last_updated=self.last_updated,
+            namespace=self.namespace)
+
+
+def get_backend_config_cmpv2(backend: Optional[str] = None,
+                             namespace: Optional[str] = None,
+                             opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendConfigCmpv2Result:
+    """
+    ## Example Usage
+
+    ```python
+    import pulumi
+    import pulumi_vault as vault
+
+    pki = vault.Mount("pki",
+        path="pki",
+        type="pki",
+        description="PKI secret engine mount")
+    cmpv2_config = vault.pkiSecret.get_backend_config_cmpv2_output(backend=pki.path)
+    ```
+
+
+    :param str backend: The path to the PKI secret backend to
+           read the CMPv2 configuration from, with no leading or trailing `/`s.
+           
+           # Attributes Reference
+    :param str namespace: The namespace of the target resource.
+           The value should not contain leading or trailing forward slashes.
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+           *Available only for Vault Enterprise*.
+    """
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('vault:pkiSecret/getBackendConfigCmpv2:getBackendConfigCmpv2', __args__, opts=opts, typ=GetBackendConfigCmpv2Result).value
+
+    return AwaitableGetBackendConfigCmpv2Result(
+        audit_fields=pulumi.get(__ret__, 'audit_fields'),
+        authenticators=pulumi.get(__ret__, 'authenticators'),
+        backend=pulumi.get(__ret__, 'backend'),
+        default_path_policy=pulumi.get(__ret__, 'default_path_policy'),
+        enable_sentinel_parsing=pulumi.get(__ret__, 'enable_sentinel_parsing'),
+        enabled=pulumi.get(__ret__, 'enabled'),
+        id=pulumi.get(__ret__, 'id'),
+        last_updated=pulumi.get(__ret__, 'last_updated'),
+        namespace=pulumi.get(__ret__, 'namespace'))
+def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
+                                    namespace: Optional[pulumi.Input[Optional[str]]] = None,
+                                    opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendConfigCmpv2Result]:
+    """
+    ## Example Usage
+
+    ```python
+    import pulumi
+    import pulumi_vault as vault
+
+    pki = vault.Mount("pki",
+        path="pki",
+        type="pki",
+        description="PKI secret engine mount")
+    cmpv2_config = vault.pkiSecret.get_backend_config_cmpv2_output(backend=pki.path)
+    ```
+
+
+    :param str backend: The path to the PKI secret backend to
+           read the CMPv2 configuration from, with no leading or trailing `/`s.
+           
+           # Attributes Reference
+    :param str namespace: The namespace of the target resource.
+           The value should not contain leading or trailing forward slashes.
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+           *Available only for Vault Enterprise*.
+    """
+    __args__ = dict()
+    __args__['backend'] = backend
+    __args__['namespace'] = namespace
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:pkiSecret/getBackendConfigCmpv2:getBackendConfigCmpv2', __args__, opts=opts, typ=GetBackendConfigCmpv2Result)
+    return __ret__.apply(lambda __response__: GetBackendConfigCmpv2Result(
+        audit_fields=pulumi.get(__response__, 'audit_fields'),
+        authenticators=pulumi.get(__response__, 'authenticators'),
+        backend=pulumi.get(__response__, 'backend'),
+        default_path_policy=pulumi.get(__response__, 'default_path_policy'),
+        enable_sentinel_parsing=pulumi.get(__response__, 'enable_sentinel_parsing'),
+        enabled=pulumi.get(__response__, 'enabled'),
+        id=pulumi.get(__response__, 'id'),
+        last_updated=pulumi.get(__response__, 'last_updated'),
+        namespace=pulumi.get(__response__, 'namespace')))

pulumi_vault/pkisecret/outputs.py

@@ -15,11 +15,32 @@ else:
 from .. import _utilities
 
 __all__ = [
+    'BackendConfigCmpv2Authenticators',
     'BackendConfigEstAuthenticators',
     'SecretBackendRolePolicyIdentifier',
+    'GetBackendConfigCmpv2AuthenticatorResult',
     'GetBackendConfigEstAuthenticatorResult',
 ]
 
+@pulumi.output_type
+class BackendConfigCmpv2Authenticators(dict):
+    def __init__(__self__, *,
+                 cert: Optional[Mapping[str, str]] = None):
+        """
+        :param Mapping[str, str] cert: "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        """
+        if cert is not None:
+            pulumi.set(__self__, "cert", cert)
+
+    @property
+    @pulumi.getter
+    def cert(self) -> Optional[Mapping[str, str]]:
+        """
+        "The accessor (required) and cert_role (optional) properties for cert auth backends".
+        """
+        return pulumi.get(self, "cert")
+
+
 @pulumi.output_type
 class BackendConfigEstAuthenticators(dict):
     def __init__(__self__, *,
@@ -97,6 +118,25 @@ class SecretBackendRolePolicyIdentifier(dict):
         return pulumi.get(self, "notice")
 
 
+@pulumi.output_type
+class GetBackendConfigCmpv2AuthenticatorResult(dict):
+    def __init__(__self__, *,
+                 cert: Optional[Mapping[str, str]] = None):
+        """
+        :param Mapping[str, str] cert: The accessor and cert_role properties for cert auth backends
+        """
+        if cert is not None:
+            pulumi.set(__self__, "cert", cert)
+
+    @property
+    @pulumi.getter
+    def cert(self) -> Optional[Mapping[str, str]]:
+        """
+        The accessor and cert_role properties for cert auth backends
+        """
+        return pulumi.get(self, "cert")
+
+
 @pulumi.output_type
 class GetBackendConfigEstAuthenticatorResult(dict):
     def __init__(__self__, *,

pulumi_vault/pkisecret/secret_backend_role.py

@@ -38,6 +38,7 @@ class SecretBackendRoleArgs:
                  allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -86,6 +87,7 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -158,6 +160,8 @@ class SecretBackendRoleArgs:
             pulumi.set(__self__, "basic_constraints_valid_for_non_ca", basic_constraints_valid_for_non_ca)
         if client_flag is not None:
             pulumi.set(__self__, "client_flag", client_flag)
+        if cn_validations is not None:
+            pulumi.set(__self__, "cn_validations", cn_validations)
         if code_signing_flag is not None:
             pulumi.set(__self__, "code_signing_flag", code_signing_flag)
         if countries is not None:
@@ -421,6 +425,18 @@ class SecretBackendRoleArgs:
     def client_flag(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "client_flag", value)
 
+    @property
+    @pulumi.getter(name="cnValidations")
+    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        """
+        return pulumi.get(self, "cn_validations")
+
+    @cn_validations.setter
+    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "cn_validations", value)
+
     @property
     @pulumi.getter(name="codeSigningFlag")
     def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -799,6 +815,7 @@ class _SecretBackendRoleState:
                  backend: Optional[pulumi.Input[str]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -847,6 +864,7 @@ class _SecretBackendRoleState:
         :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -920,6 +938,8 @@ class _SecretBackendRoleState:
             pulumi.set(__self__, "basic_constraints_valid_for_non_ca", basic_constraints_valid_for_non_ca)
         if client_flag is not None:
             pulumi.set(__self__, "client_flag", client_flag)
+        if cn_validations is not None:
+            pulumi.set(__self__, "cn_validations", cn_validations)
         if code_signing_flag is not None:
             pulumi.set(__self__, "code_signing_flag", code_signing_flag)
         if countries is not None:
@@ -1183,6 +1203,18 @@ class _SecretBackendRoleState:
     def client_flag(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "client_flag", value)
 
+    @property
+    @pulumi.getter(name="cnValidations")
+    def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        """
+        return pulumi.get(self, "cn_validations")
+
+    @cn_validations.setter
+    def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "cn_validations", value)
+
     @property
     @pulumi.getter(name="codeSigningFlag")
     def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -1563,6 +1595,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1648,6 +1681,7 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -1761,6 +1795,7 @@ class SecretBackendRole(pulumi.CustomResource):
                  backend: Optional[pulumi.Input[str]] = None,
                  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
                  client_flag: Optional[pulumi.Input[bool]] = None,
+                 cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  code_signing_flag: Optional[pulumi.Input[bool]] = None,
                  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1818,6 +1853,7 @@ class SecretBackendRole(pulumi.CustomResource):
             __props__.__dict__["backend"] = backend
             __props__.__dict__["basic_constraints_valid_for_non_ca"] = basic_constraints_valid_for_non_ca
             __props__.__dict__["client_flag"] = client_flag
+            __props__.__dict__["cn_validations"] = cn_validations
             __props__.__dict__["code_signing_flag"] = code_signing_flag
             __props__.__dict__["countries"] = countries
             __props__.__dict__["email_protection_flag"] = email_protection_flag
@@ -1874,6 +1910,7 @@ class SecretBackendRole(pulumi.CustomResource):
             backend: Optional[pulumi.Input[str]] = None,
             basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
             client_flag: Optional[pulumi.Input[bool]] = None,
+            cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             code_signing_flag: Optional[pulumi.Input[bool]] = None,
             countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1927,6 +1964,7 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
         :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
         :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
         :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
         :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
         :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -1987,6 +2025,7 @@ class SecretBackendRole(pulumi.CustomResource):
         __props__.__dict__["backend"] = backend
         __props__.__dict__["basic_constraints_valid_for_non_ca"] = basic_constraints_valid_for_non_ca
         __props__.__dict__["client_flag"] = client_flag
+        __props__.__dict__["cn_validations"] = cn_validations
         __props__.__dict__["code_signing_flag"] = code_signing_flag
         __props__.__dict__["countries"] = countries
         __props__.__dict__["email_protection_flag"] = email_protection_flag
@@ -2154,6 +2193,14 @@ class SecretBackendRole(pulumi.CustomResource):
         """
         return pulumi.get(self, "client_flag")
 
+    @property
+    @pulumi.getter(name="cnValidations")
+    def cn_validations(self) -> pulumi.Output[Sequence[str]]:
+        """
+        Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
+        """
+        return pulumi.get(self, "cn_validations")
+
     @property
     @pulumi.getter(name="codeSigningFlag")
     def code_signing_flag(self) -> pulumi.Output[Optional[bool]]:

pulumi_vault/pulumi-plugin.json

@@ -1,5 +1,5 @@
 {
   "resource": true,
   "name": "vault",
-  "version": "6.5.0-alpha.1736836139"
+  "version": "6.5.0-alpha.1737047276"
 }

pulumi_vault/ssh/secret_backend_role.py

@@ -54,6 +54,9 @@ class SecretBackendRoleArgs:
         :param pulumi.Input[str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -187,6 +190,11 @@ class SecretBackendRoleArgs:
     @property
     @pulumi.getter(name="allowEmptyPrincipals")
     def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Allow signing certificates with no
+        valid principals (e.g. any valid principal). For backwards compatibility
+        only. The default of false is highly recommended.
+        """
         return pulumi.get(self, "allow_empty_principals")
 
     @allow_empty_principals.setter
@@ -498,6 +506,9 @@ class _SecretBackendRoleState:
         Input properties used for looking up and filtering SecretBackendRole resources.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -611,6 +622,11 @@ class _SecretBackendRoleState:
     @property
     @pulumi.getter(name="allowEmptyPrincipals")
     def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Allow signing certificates with no
+        valid principals (e.g. any valid principal). For backwards compatibility
+        only. The default of false is highly recommended.
+        """
         return pulumi.get(self, "allow_empty_principals")
 
     @allow_empty_principals.setter
@@ -982,6 +998,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -1180,6 +1199,9 @@ class SecretBackendRole(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
         :param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
+        :param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
+               valid principals (e.g. any valid principal). For backwards compatibility
+               only. The default of false is highly recommended.
         :param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
         :param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
         :param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
@@ -1263,6 +1285,11 @@ class SecretBackendRole(pulumi.CustomResource):
     @property
     @pulumi.getter(name="allowEmptyPrincipals")
     def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Allow signing certificates with no
+        valid principals (e.g. any valid principal). For backwards compatibility
+        only. The default of false is highly recommended.
+        """
         return pulumi.get(self, "allow_empty_principals")
 
     @property

{pulumi_vault-6.5.0a1736836139.dist-info → pulumi_vault-6.5.0a1737047276.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pulumi_vault
-Version: 6.5.0a1736836139
+Version: 6.5.0a1737047276
 Summary: A Pulumi package for creating and managing HashiCorp Vault cloud resources.
 License: Apache-2.0
 Project-URL: Homepage, https://pulumi.io

{pulumi_vault-6.5.0a1736836139.dist-info → pulumi_vault-6.5.0a1737047276.dist-info}/RECORD

@@ -1,4 +1,4 @@
-pulumi_vault/__init__.py,sha256=YyUZ3AwssRd84-MFiLiMsKlEs0Gl5dnqjoRlDWbWe70,31607
+pulumi_vault/__init__.py,sha256=FcjjMuSTS8ketXMRJIhsXOIitbOr26gL3988G__itco,32190
 pulumi_vault/_inputs.py,sha256=SF9ssDW-1LueES-snz-lfjgpbVI0bldHW0yL4qeh7N0,92747
 pulumi_vault/_utilities.py,sha256=-gxwnD6__OYdSf8jJgJijNuu-UHUwi5pJ1H7-eIHDhg,10504
 pulumi_vault/audit.py,sha256=qeLdEPUPWtIcJsnba2V6_uicJEVC5yMvwSLZi0DSqWw,20517
@@ -27,7 +27,7 @@ pulumi_vault/plugin.py,sha256=wsHI-O03QoIMQB4ni-MOBjXNz2xloYRHiqx9mk5dZq8,23656
 pulumi_vault/plugin_pinned_version.py,sha256=FRBwnJxAYtleO9MoM2juvwBpCk-Um-hmELLAj7kJvLo,10757
 pulumi_vault/policy.py,sha256=jhgtVabSBI5Z69EXKUJxlidTsNLzN-A9NsKkbnGX8n8,11109
 pulumi_vault/provider.py,sha256=KnBSEL3D7S8eRWQlc-oOGh1lKqtrPnQbdpPwfQdYZxg,42800
-pulumi_vault/pulumi-plugin.json,sha256=xrvgMnij97dJqDV4TdRt8ZZPeJqGg6KOfCiEiwFcnjY,81
+pulumi_vault/pulumi-plugin.json,sha256=TPBWIsc75OnsGeq3LtsBIHxVPbx62_irZI7U7b7uvmA,81
 pulumi_vault/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 pulumi_vault/quota_lease_count.py,sha256=KkTKOgxZwkjLgFMKK1zy4qD7VMxKPahIs1E6EQkMxT8,25072
 pulumi_vault/quota_rate_limit.py,sha256=5XXedC8Orsgqq0LSHMaW-J_d0ht9Th_Hr7h8BSOC_Ik,29677
@@ -56,10 +56,10 @@ pulumi_vault/aws/auth_backend_login.py,sha256=yq2ujRVX4WrHH7YuhsTpPxZxTKi4VzgCzd
 pulumi_vault/aws/auth_backend_role.py,sha256=zXLc9AhVAWyM6TsL4dJLBuWeA9PCvE5fl62dqVqlFo4,100654
 pulumi_vault/aws/auth_backend_role_tag.py,sha256=MLoS5jckMcQ17aReToR-3NoZkuqMxt2xOskPRrgg3DQ,26766
 pulumi_vault/aws/auth_backend_roletag_blacklist.py,sha256=d6OxN_pjgLpw_Zzm5d21PYDEsoo9eS9JpUwtlo0UO3I,16684
-pulumi_vault/aws/auth_backend_sts_role.py,sha256=KqhCBCyHkf7ZCixxyTMuNIPdjn-uAgozAIijEHpzoRc,15641
+pulumi_vault/aws/auth_backend_sts_role.py,sha256=VRn2perU4FIlmaxWyFkN6kJb7WNMFVB0PVw4sYCBkKU,18218
 pulumi_vault/aws/get_access_credentials.py,sha256=zQrWdGYD3yeddCvIID1X7qflXwX3xyDS9cYWUAs1SRg,13831
 pulumi_vault/aws/get_static_access_credentials.py,sha256=tlKvd3yYt58urxZnQe9LPaE0DVW8c_soJcCcV9VJgvA,5660
-pulumi_vault/aws/secret_backend.py,sha256=PxLyciI9GEt_-bbYYJ0vKZYH9GWI2he2tMsatq8Ma_M,49603
+pulumi_vault/aws/secret_backend.py,sha256=-FqxHnwYK0hblN3J07S4AFmJu7edsE7nSoUdagDNdsA,58191
 pulumi_vault/aws/secret_backend_role.py,sha256=d8TJj99dXlj9yIBr3hUx8WuV5meBLgCetakaOF5AQ_0,56898
 pulumi_vault/aws/secret_backend_static_role.py,sha256=FUIPjsAjM-SOmVFMK1r4Mk3KPXxQYLIiY5XC__GsNe8,17995
 pulumi_vault/azure/__init__.py,sha256=Ip6GcRxEn43qDXL93F4Jm2uYqW7HJlPK_dg1WrfwXBg,471
@@ -80,8 +80,8 @@ pulumi_vault/consul/__init__.py,sha256=MYNOUNqNi49Gsivdn3pOzEa_z-y9NF69sasXX1K0Y
 pulumi_vault/consul/secret_backend.py,sha256=zBN37oAaROpMYqQaK7OZdBRNUi84kAFGYnkUoBwMNlY,39690
 pulumi_vault/consul/secret_backend_role.py,sha256=CSEWiICBmW3uQogwVPyP9WIws_eGNwd7uHbk4UzJQ1I,41693
 pulumi_vault/database/__init__.py,sha256=tYq_SkLBBJ3LzcjTNj5KSt92p2t595IcZ_5Qbe-Gz2g,461
-pulumi_vault/database/_inputs.py,sha256=IniAaoYiBtoAOnWk5VpET3WinT7KpHH55YIByWHaZuM,372620
-pulumi_vault/database/outputs.py,sha256=mYMdSYFE13OuBqaPopHkt9sM-D3vsxhQpbrX0TEzZSY,260211
+pulumi_vault/database/_inputs.py,sha256=9mzVAKPkUag-WS2Fw9E6wwC85METljswEqY9crETuvc,374720
+pulumi_vault/database/outputs.py,sha256=C8Jbpep0D50ob83PusxYQqg4vKmzM6g701qjwD4W-Zs,261689
 pulumi_vault/database/secret_backend_connection.py,sha256=_uQTdiuaEws2Il1TJbHv0o_amJT7E6MRf7zFOVjnEPU,76379
 pulumi_vault/database/secret_backend_role.py,sha256=YmjmE13qoDWAr-yx35z-KqWtWELW2n6sGeQP5ALsBVU,37120
 pulumi_vault/database/secret_backend_static_role.py,sha256=Xq0-15wL3FCiMG5Izg9rBLUVdTWpSGcQKW4MUbHCVdI,34772
@@ -185,16 +185,20 @@ pulumi_vault/okta/auth_backend.py,sha256=CuQ7-ySllNKdmRJfR1U1_IxIAkXNKKO0tBe552O
 pulumi_vault/okta/auth_backend_group.py,sha256=_-yxuKaRFmGsE1AX7rTXeDLceU5cyoVJL2jeKm5eTCc,15149
 pulumi_vault/okta/auth_backend_user.py,sha256=RAQAgkbKikMwgl-eYhKfADahKxuKM-S8fvqv3f2vSFs,17111
 pulumi_vault/okta/outputs.py,sha256=9oSrWhhmR6ZGu_sdE6Ba46T2IW8w-nLUlZB-5pmg6uk,3241
-pulumi_vault/pkisecret/__init__.py,sha256=Lwp_52rZJohEKOGZTENoaHtUcsrMDlAa87JRrMSrXcw,1103
-pulumi_vault/pkisecret/_inputs.py,sha256=Shh7rFazSE0ykWtdL5u5UHmUjdmXGiY4WNVCUT3OqoU,5035
+pulumi_vault/pkisecret/__init__.py,sha256=V0UUCT2UNR_N_PB-ZSRx4hz-m7bIY6-peAVaTDUCYsI,1246
+pulumi_vault/pkisecret/_inputs.py,sha256=Bmqq_5ILTQ5up2lKIbttYzMIUvuyQPEjTS8KPfas1JY,6332
+pulumi_vault/pkisecret/backend_acme_eab.py,sha256=DJntVKxVJpxN7UISOINTpnEZAuSopKK0qyxyYcy86po,24256
+pulumi_vault/pkisecret/backend_config_acme.py,sha256=ss724FovdojMUH0jjjvXEPUtWyb2XdAiyUsOs8u5w0Y,30538
 pulumi_vault/pkisecret/backend_config_cluster.py,sha256=HZKD0_RG3InjJ5KMDhJjVe3v8KNkPo3Wh_8OclZU1vY,16103
+pulumi_vault/pkisecret/backend_config_cmpv2.py,sha256=pH-6aIY2MYfzdiiY1i0gzT0_su_a6ijSCd_HABE8VNY,25942
 pulumi_vault/pkisecret/backend_config_est.py,sha256=-QFenquNdyHCi-YJJeGnq1o3iQRpfVhI1pWQ1oelsz4,32920
+pulumi_vault/pkisecret/get_backend_config_cmpv2.py,sha256=HSsFTcNbBbVXPXjUKnOexm9K70IbU71gmBaTTKMgpHM,8898
 pulumi_vault/pkisecret/get_backend_config_est.py,sha256=hQE-leiO65lno8u5_6ektO-c6pfP6xOu7VbmGtGsVas,11158
 pulumi_vault/pkisecret/get_backend_issuer.py,sha256=iceEn_VYlywWxNmUUTuyFZblZwlDN3lONN1UGsgNL2s,11195
 pulumi_vault/pkisecret/get_backend_issuers.py,sha256=6jL0FCtQbDRA5HSifYQpDtOaSAyFQoCXwCD3K7GSq70,7270
 pulumi_vault/pkisecret/get_backend_key.py,sha256=DSl9s_XhYVGFKoa9fJFKV8n6ZTvRk4FkE6OM0DaEhM4,7870
 pulumi_vault/pkisecret/get_backend_keys.py,sha256=VVDFkEN0xgHSkj7KTl0Pi0CIEmrrAocOkMXs_whZ148,7166
-pulumi_vault/pkisecret/outputs.py,sha256=VHd48Sw_YfzzcNP7l9ahU_5CMUYXtZHMLdQA8j9GYZ0,4053
+pulumi_vault/pkisecret/outputs.py,sha256=On7SvbU4OK-TQVDr9aB9Uvl5I1ZfoQNZ9pof_Jrqdeo,5351
 pulumi_vault/pkisecret/secret_backend_cert.py,sha256=hJk7_aH4pMhtqR5Q_AlP2YF8YrtjfItmKrL31QSqUkw,49873
 pulumi_vault/pkisecret/secret_backend_config_ca.py,sha256=8M1BLNtbvoV-MNuK-3VWGwJAjyn67KOQsvSgeXOpt1Y,19132
 pulumi_vault/pkisecret/secret_backend_config_issuers.py,sha256=Uo-dgOdMyI4P4C0wG0GEQhwJGWpmpXuHkoiYceunDjM,17152
@@ -204,7 +208,7 @@ pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py,sha256=IP2NAD
 pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py,sha256=lFkhI8pO0pR-skKGjMpv2lDxaCQGKTgxO52eTCOsLyI,20222
 pulumi_vault/pkisecret/secret_backend_issuer.py,sha256=QfxaKVBRRPhdHVVcfFiBnAlx7RNmwQktJWVtHxHCWZI,36799
 pulumi_vault/pkisecret/secret_backend_key.py,sha256=nD5V_mXwHh_sTZ2N0Zk33M1_wbOHJ5NLlkp-Bb66vGc,25697
-pulumi_vault/pkisecret/secret_backend_role.py,sha256=T3vFhBmTmltx3mOmWisvmkwRJ43jtcKXLsOrvGxymcE,116565
+pulumi_vault/pkisecret/secret_backend_role.py,sha256=pOi0XaoYjp-ZbgM2NsUSOz2FZr-4xeB0WrDy96hY_1w,119374
 pulumi_vault/pkisecret/secret_backend_root_cert.py,sha256=t97B_ERPgwuQ_zN-oTfYXmIKExaXSp5NF0t3hQxz4tM,69011
 pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py,sha256=rRSgnF9abGx_ABjszkmF3303OlEEOO6grnabo_arg2I,58598
 pulumi_vault/pkisecret/secret_backend_sign.py,sha256=92aerAXaiVjzdD3QCw3BC4PCh_oX3HOQUN-Pk1KZIxs,48754
@@ -231,7 +235,7 @@ pulumi_vault/ssh/__init__.py,sha256=kSaEW40BMdCU_LlCcy8YIBYROxHLbXfyHdaMRDm76i0,
 pulumi_vault/ssh/_inputs.py,sha256=vz1nSJIjKJykgA6R44j7XrcbT2SYkfUGYOK-hKFdxRw,2585
 pulumi_vault/ssh/outputs.py,sha256=-c6dDRsAT71gVJZhORGeJrFwpsIORqhlph6787TGY9U,1620
 pulumi_vault/ssh/secret_backend_ca.py,sha256=WzqOAfDQe3LnXVysRf-kCny0qlH4-bXwQl83_kTrdPA,22649
-pulumi_vault/ssh/secret_backend_role.py,sha256=7nw0JrsU2ek2bY7ga9nrk1q0T4PdBZfmpB_19vO3wI8,74844
+pulumi_vault/ssh/secret_backend_role.py,sha256=PueW8PuPDoQNfsT8G_M9u9di5GnAn8WEPu1NBGeM5zw,76446
 pulumi_vault/terraformcloud/__init__.py,sha256=sNst-XlgbdicqCgFwaD4FZQ1Qbpf3mMh6Q5Fn1J4Arg,354
 pulumi_vault/terraformcloud/secret_backend.py,sha256=nWrPaMGfgDWHl8ykHEti8TezastFmgNOqo6F-3gSdMg,23451
 pulumi_vault/terraformcloud/secret_creds.py,sha256=BANYfjsHHem66Wx6o2_HLWSLNwKS89IJyepFf_E8duU,18041
@@ -250,7 +254,7 @@ pulumi_vault/transit/get_decrypt.py,sha256=I0XLtE5HqX4WULOf80wK9dJFf_J9jBLrzn-A5
 pulumi_vault/transit/get_encrypt.py,sha256=yP6ftK53qWzA1_dl_B3skv6UsnZUROpVrC7Kc24PvUw,6809
 pulumi_vault/transit/secret_backend_key.py,sha256=wMEBzwCAc0mp20tJIgEgGvckxQvn_1V-dD-DjbUerlM,53544
 pulumi_vault/transit/secret_cache_config.py,sha256=Ya9l81qmQuwTpXGKfPVB38ecb0OghkQPc9Qz6rrbzD8,12657
-pulumi_vault-6.5.0a1736836139.dist-info/METADATA,sha256=SzshcmNHwI1m2a-QeUOYlXA_i2eVMsvqwazYzhiXuTg,4923
-pulumi_vault-6.5.0a1736836139.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-pulumi_vault-6.5.0a1736836139.dist-info/top_level.txt,sha256=J7lAGvfexHc6T1EpDBGNKF0SXWURpmUhyzi9Nr5I61w,13
-pulumi_vault-6.5.0a1736836139.dist-info/RECORD,,
+pulumi_vault-6.5.0a1737047276.dist-info/METADATA,sha256=KgrregKjf9xRjFJjR51IT2OcNnAt5WVY9XBWcPXIigg,4923
+pulumi_vault-6.5.0a1737047276.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+pulumi_vault-6.5.0a1737047276.dist-info/top_level.txt,sha256=J7lAGvfexHc6T1EpDBGNKF0SXWURpmUhyzi9Nr5I61w,13
+pulumi_vault-6.5.0a1737047276.dist-info/RECORD,,