pulumi-vault 6.5.0a1736850018__py3-none-any.whl → 6.6.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. pulumi_vault/__init__.py +32 -0
  2. pulumi_vault/_utilities.py +8 -4
  3. pulumi_vault/aws/auth_backend_client.py +228 -4
  4. pulumi_vault/aws/auth_backend_sts_role.py +47 -0
  5. pulumi_vault/aws/secret_backend.py +395 -38
  6. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  7. pulumi_vault/azure/auth_backend_config.py +257 -5
  8. pulumi_vault/azure/backend.py +249 -4
  9. pulumi_vault/database/_inputs.py +1740 -44
  10. pulumi_vault/database/outputs.py +1198 -18
  11. pulumi_vault/database/secret_backend_connection.py +220 -0
  12. pulumi_vault/database/secret_backend_static_role.py +143 -1
  13. pulumi_vault/database/secrets_mount.py +8 -0
  14. pulumi_vault/gcp/auth_backend.py +222 -2
  15. pulumi_vault/gcp/secret_backend.py +244 -4
  16. pulumi_vault/ldap/auth_backend.py +222 -2
  17. pulumi_vault/ldap/secret_backend.py +222 -2
  18. pulumi_vault/pkisecret/__init__.py +6 -0
  19. pulumi_vault/pkisecret/_inputs.py +34 -6
  20. pulumi_vault/pkisecret/backend_acme_eab.py +549 -0
  21. pulumi_vault/pkisecret/backend_config_acme.py +689 -0
  22. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  23. pulumi_vault/pkisecret/backend_config_cmpv2.py +572 -0
  24. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  25. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
  26. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  27. pulumi_vault/pkisecret/outputs.py +40 -4
  28. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  29. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  30. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  31. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  32. pulumi_vault/pkisecret/secret_backend_role.py +299 -3
  33. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  34. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  35. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  36. pulumi_vault/pulumi-plugin.json +1 -1
  37. pulumi_vault/ssh/__init__.py +1 -0
  38. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  39. pulumi_vault/ssh/secret_backend_role.py +27 -0
  40. pulumi_vault/terraformcloud/secret_role.py +7 -7
  41. pulumi_vault/transit/__init__.py +2 -0
  42. pulumi_vault/transit/get_sign.py +324 -0
  43. pulumi_vault/transit/get_verify.py +354 -0
  44. pulumi_vault/transit/secret_backend_key.py +162 -0
  45. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/METADATA +1 -1
  46. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/RECORD +48 -39
  47. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/WHEEL +1 -1
  48. {pulumi_vault-6.5.0a1736850018.dist-info → pulumi_vault-6.6.0.dist-info}/top_level.txt +0 -0
pulumi_vault/pkisecret/secret_backend_role.py CHANGED
@@ -38,6 +38,7 @@ class SecretBackendRoleArgs:
38
38
  allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
39
39
  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
40
40
  client_flag: Optional[pulumi.Input[bool]] = None,
41
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
41
42
  code_signing_flag: Optional[pulumi.Input[bool]] = None,
42
43
  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
43
44
  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -54,6 +55,8 @@ class SecretBackendRoleArgs:
54
55
  name: Optional[pulumi.Input[str]] = None,
55
56
  namespace: Optional[pulumi.Input[str]] = None,
56
57
  no_store: Optional[pulumi.Input[bool]] = None,
58
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
59
+ not_after: Optional[pulumi.Input[str]] = None,
57
60
  not_before_duration: Optional[pulumi.Input[str]] = None,
58
61
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
59
62
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -62,11 +65,14 @@ class SecretBackendRoleArgs:
62
65
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
63
66
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
64
67
  require_cn: Optional[pulumi.Input[bool]] = None,
68
+ serial_number_source: Optional[pulumi.Input[str]] = None,
65
69
  server_flag: Optional[pulumi.Input[bool]] = None,
70
+ signature_bits: Optional[pulumi.Input[int]] = None,
66
71
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
67
72
  ttl: Optional[pulumi.Input[str]] = None,
68
73
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
69
- use_csr_sans: Optional[pulumi.Input[bool]] = None):
74
+ use_csr_sans: Optional[pulumi.Input[bool]] = None,
75
+ use_pss: Optional[pulumi.Input[bool]] = None):
70
76
  """
71
77
  The set of arguments for constructing a SecretBackendRole resource.
72
78
  :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
@@ -86,6 +92,7 @@ class SecretBackendRoleArgs:
86
92
  :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
87
93
  :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
88
94
  :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
95
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
89
96
  :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
90
97
  :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
91
98
  :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -111,6 +118,8 @@ class SecretBackendRoleArgs:
111
118
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
112
119
  *Available only for Vault Enterprise*.
113
120
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
121
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
122
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
114
123
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
115
124
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
116
125
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -119,11 +128,16 @@ class SecretBackendRoleArgs:
119
128
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
120
129
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
121
130
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
131
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
132
+
133
+ Example usage:
122
134
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
135
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
123
136
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
124
137
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
125
138
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
126
139
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
140
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
127
141
  """
128
142
  pulumi.set(__self__, "backend", backend)
129
143
  if allow_any_name is not None:
@@ -158,6 +172,8 @@ class SecretBackendRoleArgs:
158
172
  pulumi.set(__self__, "basic_constraints_valid_for_non_ca", basic_constraints_valid_for_non_ca)
159
173
  if client_flag is not None:
160
174
  pulumi.set(__self__, "client_flag", client_flag)
175
+ if cn_validations is not None:
176
+ pulumi.set(__self__, "cn_validations", cn_validations)
161
177
  if code_signing_flag is not None:
162
178
  pulumi.set(__self__, "code_signing_flag", code_signing_flag)
163
179
  if countries is not None:
@@ -190,6 +206,10 @@ class SecretBackendRoleArgs:
190
206
  pulumi.set(__self__, "namespace", namespace)
191
207
  if no_store is not None:
192
208
  pulumi.set(__self__, "no_store", no_store)
209
+ if no_store_metadata is not None:
210
+ pulumi.set(__self__, "no_store_metadata", no_store_metadata)
211
+ if not_after is not None:
212
+ pulumi.set(__self__, "not_after", not_after)
193
213
  if not_before_duration is not None:
194
214
  pulumi.set(__self__, "not_before_duration", not_before_duration)
195
215
  if organization_unit is not None:
@@ -206,8 +226,12 @@ class SecretBackendRoleArgs:
206
226
  pulumi.set(__self__, "provinces", provinces)
207
227
  if require_cn is not None:
208
228
  pulumi.set(__self__, "require_cn", require_cn)
229
+ if serial_number_source is not None:
230
+ pulumi.set(__self__, "serial_number_source", serial_number_source)
209
231
  if server_flag is not None:
210
232
  pulumi.set(__self__, "server_flag", server_flag)
233
+ if signature_bits is not None:
234
+ pulumi.set(__self__, "signature_bits", signature_bits)
211
235
  if street_addresses is not None:
212
236
  pulumi.set(__self__, "street_addresses", street_addresses)
213
237
  if ttl is not None:
@@ -216,6 +240,8 @@ class SecretBackendRoleArgs:
216
240
  pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
217
241
  if use_csr_sans is not None:
218
242
  pulumi.set(__self__, "use_csr_sans", use_csr_sans)
243
+ if use_pss is not None:
244
+ pulumi.set(__self__, "use_pss", use_pss)
219
245
 
220
246
  @property
221
247
  @pulumi.getter
@@ -421,6 +447,18 @@ class SecretBackendRoleArgs:
421
447
  def client_flag(self, value: Optional[pulumi.Input[bool]]):
422
448
  pulumi.set(self, "client_flag", value)
423
449
 
450
+ @property
451
+ @pulumi.getter(name="cnValidations")
452
+ def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
453
+ """
454
+ Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
455
+ """
456
+ return pulumi.get(self, "cn_validations")
457
+
458
+ @cn_validations.setter
459
+ def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
460
+ pulumi.set(self, "cn_validations", value)
461
+
424
462
  @property
425
463
  @pulumi.getter(name="codeSigningFlag")
426
464
  def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -622,6 +660,30 @@ class SecretBackendRoleArgs:
622
660
  def no_store(self, value: Optional[pulumi.Input[bool]]):
623
661
  pulumi.set(self, "no_store", value)
624
662
 
663
+ @property
664
+ @pulumi.getter(name="noStoreMetadata")
665
+ def no_store_metadata(self) -> Optional[pulumi.Input[bool]]:
666
+ """
667
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
668
+ """
669
+ return pulumi.get(self, "no_store_metadata")
670
+
671
+ @no_store_metadata.setter
672
+ def no_store_metadata(self, value: Optional[pulumi.Input[bool]]):
673
+ pulumi.set(self, "no_store_metadata", value)
674
+
675
+ @property
676
+ @pulumi.getter(name="notAfter")
677
+ def not_after(self) -> Optional[pulumi.Input[str]]:
678
+ """
679
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
680
+ """
681
+ return pulumi.get(self, "not_after")
682
+
683
+ @not_after.setter
684
+ def not_after(self, value: Optional[pulumi.Input[str]]):
685
+ pulumi.set(self, "not_after", value)
686
+
625
687
  @property
626
688
  @pulumi.getter(name="notBeforeDuration")
627
689
  def not_before_duration(self) -> Optional[pulumi.Input[str]]:
@@ -718,6 +780,20 @@ class SecretBackendRoleArgs:
718
780
  def require_cn(self, value: Optional[pulumi.Input[bool]]):
719
781
  pulumi.set(self, "require_cn", value)
720
782
 
783
+ @property
784
+ @pulumi.getter(name="serialNumberSource")
785
+ def serial_number_source(self) -> Optional[pulumi.Input[str]]:
786
+ """
787
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
788
+
789
+ Example usage:
790
+ """
791
+ return pulumi.get(self, "serial_number_source")
792
+
793
+ @serial_number_source.setter
794
+ def serial_number_source(self, value: Optional[pulumi.Input[str]]):
795
+ pulumi.set(self, "serial_number_source", value)
796
+
721
797
  @property
722
798
  @pulumi.getter(name="serverFlag")
723
799
  def server_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -730,6 +806,18 @@ class SecretBackendRoleArgs:
730
806
  def server_flag(self, value: Optional[pulumi.Input[bool]]):
731
807
  pulumi.set(self, "server_flag", value)
732
808
 
809
+ @property
810
+ @pulumi.getter(name="signatureBits")
811
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
812
+ """
813
+ The number of bits to use in the signature algorithm
814
+ """
815
+ return pulumi.get(self, "signature_bits")
816
+
817
+ @signature_bits.setter
818
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
819
+ pulumi.set(self, "signature_bits", value)
820
+
733
821
  @property
734
822
  @pulumi.getter(name="streetAddresses")
735
823
  def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -778,6 +866,18 @@ class SecretBackendRoleArgs:
778
866
  def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
779
867
  pulumi.set(self, "use_csr_sans", value)
780
868
 
869
+ @property
870
+ @pulumi.getter(name="usePss")
871
+ def use_pss(self) -> Optional[pulumi.Input[bool]]:
872
+ """
873
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
874
+ """
875
+ return pulumi.get(self, "use_pss")
876
+
877
+ @use_pss.setter
878
+ def use_pss(self, value: Optional[pulumi.Input[bool]]):
879
+ pulumi.set(self, "use_pss", value)
880
+
781
881
 
782
882
  @pulumi.input_type
783
883
  class _SecretBackendRoleState:
@@ -799,6 +899,7 @@ class _SecretBackendRoleState:
799
899
  backend: Optional[pulumi.Input[str]] = None,
800
900
  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
801
901
  client_flag: Optional[pulumi.Input[bool]] = None,
902
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
802
903
  code_signing_flag: Optional[pulumi.Input[bool]] = None,
803
904
  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
804
905
  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -815,6 +916,8 @@ class _SecretBackendRoleState:
815
916
  name: Optional[pulumi.Input[str]] = None,
816
917
  namespace: Optional[pulumi.Input[str]] = None,
817
918
  no_store: Optional[pulumi.Input[bool]] = None,
919
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
920
+ not_after: Optional[pulumi.Input[str]] = None,
818
921
  not_before_duration: Optional[pulumi.Input[str]] = None,
819
922
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
820
923
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -823,11 +926,14 @@ class _SecretBackendRoleState:
823
926
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
824
927
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
825
928
  require_cn: Optional[pulumi.Input[bool]] = None,
929
+ serial_number_source: Optional[pulumi.Input[str]] = None,
826
930
  server_flag: Optional[pulumi.Input[bool]] = None,
931
+ signature_bits: Optional[pulumi.Input[int]] = None,
827
932
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
828
933
  ttl: Optional[pulumi.Input[str]] = None,
829
934
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
830
- use_csr_sans: Optional[pulumi.Input[bool]] = None):
935
+ use_csr_sans: Optional[pulumi.Input[bool]] = None,
936
+ use_pss: Optional[pulumi.Input[bool]] = None):
831
937
  """
832
938
  Input properties used for looking up and filtering SecretBackendRole resources.
833
939
  :param pulumi.Input[bool] allow_any_name: Flag to allow any name
@@ -847,6 +953,7 @@ class _SecretBackendRoleState:
847
953
  :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
848
954
  :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
849
955
  :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
956
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
850
957
  :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
851
958
  :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
852
959
  :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -872,6 +979,8 @@ class _SecretBackendRoleState:
872
979
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
873
980
  *Available only for Vault Enterprise*.
874
981
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
982
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
983
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
875
984
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
876
985
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
877
986
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -880,11 +989,16 @@ class _SecretBackendRoleState:
880
989
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
881
990
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
882
991
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
992
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
993
+
994
+ Example usage:
883
995
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
996
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
884
997
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
885
998
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
886
999
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
887
1000
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
1001
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
888
1002
  """
889
1003
  if allow_any_name is not None:
890
1004
  pulumi.set(__self__, "allow_any_name", allow_any_name)
@@ -920,6 +1034,8 @@ class _SecretBackendRoleState:
920
1034
  pulumi.set(__self__, "basic_constraints_valid_for_non_ca", basic_constraints_valid_for_non_ca)
921
1035
  if client_flag is not None:
922
1036
  pulumi.set(__self__, "client_flag", client_flag)
1037
+ if cn_validations is not None:
1038
+ pulumi.set(__self__, "cn_validations", cn_validations)
923
1039
  if code_signing_flag is not None:
924
1040
  pulumi.set(__self__, "code_signing_flag", code_signing_flag)
925
1041
  if countries is not None:
@@ -952,6 +1068,10 @@ class _SecretBackendRoleState:
952
1068
  pulumi.set(__self__, "namespace", namespace)
953
1069
  if no_store is not None:
954
1070
  pulumi.set(__self__, "no_store", no_store)
1071
+ if no_store_metadata is not None:
1072
+ pulumi.set(__self__, "no_store_metadata", no_store_metadata)
1073
+ if not_after is not None:
1074
+ pulumi.set(__self__, "not_after", not_after)
955
1075
  if not_before_duration is not None:
956
1076
  pulumi.set(__self__, "not_before_duration", not_before_duration)
957
1077
  if organization_unit is not None:
@@ -968,8 +1088,12 @@ class _SecretBackendRoleState:
968
1088
  pulumi.set(__self__, "provinces", provinces)
969
1089
  if require_cn is not None:
970
1090
  pulumi.set(__self__, "require_cn", require_cn)
1091
+ if serial_number_source is not None:
1092
+ pulumi.set(__self__, "serial_number_source", serial_number_source)
971
1093
  if server_flag is not None:
972
1094
  pulumi.set(__self__, "server_flag", server_flag)
1095
+ if signature_bits is not None:
1096
+ pulumi.set(__self__, "signature_bits", signature_bits)
973
1097
  if street_addresses is not None:
974
1098
  pulumi.set(__self__, "street_addresses", street_addresses)
975
1099
  if ttl is not None:
@@ -978,6 +1102,8 @@ class _SecretBackendRoleState:
978
1102
  pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
979
1103
  if use_csr_sans is not None:
980
1104
  pulumi.set(__self__, "use_csr_sans", use_csr_sans)
1105
+ if use_pss is not None:
1106
+ pulumi.set(__self__, "use_pss", use_pss)
981
1107
 
982
1108
  @property
983
1109
  @pulumi.getter(name="allowAnyName")
@@ -1183,6 +1309,18 @@ class _SecretBackendRoleState:
1183
1309
  def client_flag(self, value: Optional[pulumi.Input[bool]]):
1184
1310
  pulumi.set(self, "client_flag", value)
1185
1311
 
1312
+ @property
1313
+ @pulumi.getter(name="cnValidations")
1314
+ def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1315
+ """
1316
+ Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1317
+ """
1318
+ return pulumi.get(self, "cn_validations")
1319
+
1320
+ @cn_validations.setter
1321
+ def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1322
+ pulumi.set(self, "cn_validations", value)
1323
+
1186
1324
  @property
1187
1325
  @pulumi.getter(name="codeSigningFlag")
1188
1326
  def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -1384,6 +1522,30 @@ class _SecretBackendRoleState:
1384
1522
  def no_store(self, value: Optional[pulumi.Input[bool]]):
1385
1523
  pulumi.set(self, "no_store", value)
1386
1524
 
1525
+ @property
1526
+ @pulumi.getter(name="noStoreMetadata")
1527
+ def no_store_metadata(self) -> Optional[pulumi.Input[bool]]:
1528
+ """
1529
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
1530
+ """
1531
+ return pulumi.get(self, "no_store_metadata")
1532
+
1533
+ @no_store_metadata.setter
1534
+ def no_store_metadata(self, value: Optional[pulumi.Input[bool]]):
1535
+ pulumi.set(self, "no_store_metadata", value)
1536
+
1537
+ @property
1538
+ @pulumi.getter(name="notAfter")
1539
+ def not_after(self) -> Optional[pulumi.Input[str]]:
1540
+ """
1541
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1542
+ """
1543
+ return pulumi.get(self, "not_after")
1544
+
1545
+ @not_after.setter
1546
+ def not_after(self, value: Optional[pulumi.Input[str]]):
1547
+ pulumi.set(self, "not_after", value)
1548
+
1387
1549
  @property
1388
1550
  @pulumi.getter(name="notBeforeDuration")
1389
1551
  def not_before_duration(self) -> Optional[pulumi.Input[str]]:
@@ -1480,6 +1642,20 @@ class _SecretBackendRoleState:
1480
1642
  def require_cn(self, value: Optional[pulumi.Input[bool]]):
1481
1643
  pulumi.set(self, "require_cn", value)
1482
1644
 
1645
+ @property
1646
+ @pulumi.getter(name="serialNumberSource")
1647
+ def serial_number_source(self) -> Optional[pulumi.Input[str]]:
1648
+ """
1649
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
1650
+
1651
+ Example usage:
1652
+ """
1653
+ return pulumi.get(self, "serial_number_source")
1654
+
1655
+ @serial_number_source.setter
1656
+ def serial_number_source(self, value: Optional[pulumi.Input[str]]):
1657
+ pulumi.set(self, "serial_number_source", value)
1658
+
1483
1659
  @property
1484
1660
  @pulumi.getter(name="serverFlag")
1485
1661
  def server_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -1492,6 +1668,18 @@ class _SecretBackendRoleState:
1492
1668
  def server_flag(self, value: Optional[pulumi.Input[bool]]):
1493
1669
  pulumi.set(self, "server_flag", value)
1494
1670
 
1671
+ @property
1672
+ @pulumi.getter(name="signatureBits")
1673
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
1674
+ """
1675
+ The number of bits to use in the signature algorithm
1676
+ """
1677
+ return pulumi.get(self, "signature_bits")
1678
+
1679
+ @signature_bits.setter
1680
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
1681
+ pulumi.set(self, "signature_bits", value)
1682
+
1495
1683
  @property
1496
1684
  @pulumi.getter(name="streetAddresses")
1497
1685
  def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -1540,6 +1728,18 @@ class _SecretBackendRoleState:
1540
1728
  def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
1541
1729
  pulumi.set(self, "use_csr_sans", value)
1542
1730
 
1731
+ @property
1732
+ @pulumi.getter(name="usePss")
1733
+ def use_pss(self) -> Optional[pulumi.Input[bool]]:
1734
+ """
1735
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1736
+ """
1737
+ return pulumi.get(self, "use_pss")
1738
+
1739
+ @use_pss.setter
1740
+ def use_pss(self, value: Optional[pulumi.Input[bool]]):
1741
+ pulumi.set(self, "use_pss", value)
1742
+
1543
1743
 
1544
1744
  class SecretBackendRole(pulumi.CustomResource):
1545
1745
  @overload
@@ -1563,6 +1763,7 @@ class SecretBackendRole(pulumi.CustomResource):
1563
1763
  backend: Optional[pulumi.Input[str]] = None,
1564
1764
  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
1565
1765
  client_flag: Optional[pulumi.Input[bool]] = None,
1766
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1566
1767
  code_signing_flag: Optional[pulumi.Input[bool]] = None,
1567
1768
  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1568
1769
  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1579,6 +1780,8 @@ class SecretBackendRole(pulumi.CustomResource):
1579
1780
  name: Optional[pulumi.Input[str]] = None,
1580
1781
  namespace: Optional[pulumi.Input[str]] = None,
1581
1782
  no_store: Optional[pulumi.Input[bool]] = None,
1783
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
1784
+ not_after: Optional[pulumi.Input[str]] = None,
1582
1785
  not_before_duration: Optional[pulumi.Input[str]] = None,
1583
1786
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1584
1787
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1587,11 +1790,14 @@ class SecretBackendRole(pulumi.CustomResource):
1587
1790
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1588
1791
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1589
1792
  require_cn: Optional[pulumi.Input[bool]] = None,
1793
+ serial_number_source: Optional[pulumi.Input[str]] = None,
1590
1794
  server_flag: Optional[pulumi.Input[bool]] = None,
1795
+ signature_bits: Optional[pulumi.Input[int]] = None,
1591
1796
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1592
1797
  ttl: Optional[pulumi.Input[str]] = None,
1593
1798
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1594
1799
  use_csr_sans: Optional[pulumi.Input[bool]] = None,
1800
+ use_pss: Optional[pulumi.Input[bool]] = None,
1595
1801
  __props__=None):
1596
1802
  """
1597
1803
  Creates a role on an PKI Secret Backend for Vault.
@@ -1648,6 +1854,7 @@ class SecretBackendRole(pulumi.CustomResource):
1648
1854
  :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
1649
1855
  :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
1650
1856
  :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
1857
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1651
1858
  :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
1652
1859
  :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
1653
1860
  :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -1673,6 +1880,8 @@ class SecretBackendRole(pulumi.CustomResource):
1673
1880
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1674
1881
  *Available only for Vault Enterprise*.
1675
1882
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
1883
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
1884
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1676
1885
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1677
1886
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
1678
1887
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -1681,11 +1890,16 @@ class SecretBackendRole(pulumi.CustomResource):
1681
1890
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
1682
1891
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
1683
1892
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
1893
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
1894
+
1895
+ Example usage:
1684
1896
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
1897
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1685
1898
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
1686
1899
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
1687
1900
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
1688
1901
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
1902
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1689
1903
  """
1690
1904
  ...
1691
1905
  @overload
@@ -1761,6 +1975,7 @@ class SecretBackendRole(pulumi.CustomResource):
1761
1975
  backend: Optional[pulumi.Input[str]] = None,
1762
1976
  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
1763
1977
  client_flag: Optional[pulumi.Input[bool]] = None,
1978
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1764
1979
  code_signing_flag: Optional[pulumi.Input[bool]] = None,
1765
1980
  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1766
1981
  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1777,6 +1992,8 @@ class SecretBackendRole(pulumi.CustomResource):
1777
1992
  name: Optional[pulumi.Input[str]] = None,
1778
1993
  namespace: Optional[pulumi.Input[str]] = None,
1779
1994
  no_store: Optional[pulumi.Input[bool]] = None,
1995
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
1996
+ not_after: Optional[pulumi.Input[str]] = None,
1780
1997
  not_before_duration: Optional[pulumi.Input[str]] = None,
1781
1998
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1782
1999
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1785,11 +2002,14 @@ class SecretBackendRole(pulumi.CustomResource):
1785
2002
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1786
2003
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1787
2004
  require_cn: Optional[pulumi.Input[bool]] = None,
2005
+ serial_number_source: Optional[pulumi.Input[str]] = None,
1788
2006
  server_flag: Optional[pulumi.Input[bool]] = None,
2007
+ signature_bits: Optional[pulumi.Input[int]] = None,
1789
2008
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1790
2009
  ttl: Optional[pulumi.Input[str]] = None,
1791
2010
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1792
2011
  use_csr_sans: Optional[pulumi.Input[bool]] = None,
2012
+ use_pss: Optional[pulumi.Input[bool]] = None,
1793
2013
  __props__=None):
1794
2014
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1795
2015
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1818,6 +2038,7 @@ class SecretBackendRole(pulumi.CustomResource):
1818
2038
  __props__.__dict__["backend"] = backend
1819
2039
  __props__.__dict__["basic_constraints_valid_for_non_ca"] = basic_constraints_valid_for_non_ca
1820
2040
  __props__.__dict__["client_flag"] = client_flag
2041
+ __props__.__dict__["cn_validations"] = cn_validations
1821
2042
  __props__.__dict__["code_signing_flag"] = code_signing_flag
1822
2043
  __props__.__dict__["countries"] = countries
1823
2044
  __props__.__dict__["email_protection_flag"] = email_protection_flag
@@ -1834,6 +2055,8 @@ class SecretBackendRole(pulumi.CustomResource):
1834
2055
  __props__.__dict__["name"] = name
1835
2056
  __props__.__dict__["namespace"] = namespace
1836
2057
  __props__.__dict__["no_store"] = no_store
2058
+ __props__.__dict__["no_store_metadata"] = no_store_metadata
2059
+ __props__.__dict__["not_after"] = not_after
1837
2060
  __props__.__dict__["not_before_duration"] = not_before_duration
1838
2061
  __props__.__dict__["organization_unit"] = organization_unit
1839
2062
  __props__.__dict__["organizations"] = organizations
@@ -1842,11 +2065,14 @@ class SecretBackendRole(pulumi.CustomResource):
1842
2065
  __props__.__dict__["postal_codes"] = postal_codes
1843
2066
  __props__.__dict__["provinces"] = provinces
1844
2067
  __props__.__dict__["require_cn"] = require_cn
2068
+ __props__.__dict__["serial_number_source"] = serial_number_source
1845
2069
  __props__.__dict__["server_flag"] = server_flag
2070
+ __props__.__dict__["signature_bits"] = signature_bits
1846
2071
  __props__.__dict__["street_addresses"] = street_addresses
1847
2072
  __props__.__dict__["ttl"] = ttl
1848
2073
  __props__.__dict__["use_csr_common_name"] = use_csr_common_name
1849
2074
  __props__.__dict__["use_csr_sans"] = use_csr_sans
2075
+ __props__.__dict__["use_pss"] = use_pss
1850
2076
  super(SecretBackendRole, __self__).__init__(
1851
2077
  'vault:pkiSecret/secretBackendRole:SecretBackendRole',
1852
2078
  resource_name,
@@ -1874,6 +2100,7 @@ class SecretBackendRole(pulumi.CustomResource):
1874
2100
  backend: Optional[pulumi.Input[str]] = None,
1875
2101
  basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
1876
2102
  client_flag: Optional[pulumi.Input[bool]] = None,
2103
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1877
2104
  code_signing_flag: Optional[pulumi.Input[bool]] = None,
1878
2105
  countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1879
2106
  email_protection_flag: Optional[pulumi.Input[bool]] = None,
@@ -1890,6 +2117,8 @@ class SecretBackendRole(pulumi.CustomResource):
1890
2117
  name: Optional[pulumi.Input[str]] = None,
1891
2118
  namespace: Optional[pulumi.Input[str]] = None,
1892
2119
  no_store: Optional[pulumi.Input[bool]] = None,
2120
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
2121
+ not_after: Optional[pulumi.Input[str]] = None,
1893
2122
  not_before_duration: Optional[pulumi.Input[str]] = None,
1894
2123
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1895
2124
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1898,11 +2127,14 @@ class SecretBackendRole(pulumi.CustomResource):
1898
2127
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1899
2128
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1900
2129
  require_cn: Optional[pulumi.Input[bool]] = None,
2130
+ serial_number_source: Optional[pulumi.Input[str]] = None,
1901
2131
  server_flag: Optional[pulumi.Input[bool]] = None,
2132
+ signature_bits: Optional[pulumi.Input[int]] = None,
1902
2133
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1903
2134
  ttl: Optional[pulumi.Input[str]] = None,
1904
2135
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1905
- use_csr_sans: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRole':
2136
+ use_csr_sans: Optional[pulumi.Input[bool]] = None,
2137
+ use_pss: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRole':
1906
2138
  """
1907
2139
  Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
1908
2140
  properties used to qualify the lookup.
@@ -1927,6 +2159,7 @@ class SecretBackendRole(pulumi.CustomResource):
1927
2159
  :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
1928
2160
  :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
1929
2161
  :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
2162
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1930
2163
  :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
1931
2164
  :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
1932
2165
  :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
@@ -1952,6 +2185,8 @@ class SecretBackendRole(pulumi.CustomResource):
1952
2185
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1953
2186
  *Available only for Vault Enterprise*.
1954
2187
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
2188
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
2189
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1955
2190
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1956
2191
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
1957
2192
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -1960,11 +2195,16 @@ class SecretBackendRole(pulumi.CustomResource):
1960
2195
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
1961
2196
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
1962
2197
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
2198
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
2199
+
2200
+ Example usage:
1963
2201
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
2202
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1964
2203
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
1965
2204
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
1966
2205
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
1967
2206
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
2207
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1968
2208
  """
1969
2209
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1970
2210
 
@@ -1987,6 +2227,7 @@ class SecretBackendRole(pulumi.CustomResource):
1987
2227
  __props__.__dict__["backend"] = backend
1988
2228
  __props__.__dict__["basic_constraints_valid_for_non_ca"] = basic_constraints_valid_for_non_ca
1989
2229
  __props__.__dict__["client_flag"] = client_flag
2230
+ __props__.__dict__["cn_validations"] = cn_validations
1990
2231
  __props__.__dict__["code_signing_flag"] = code_signing_flag
1991
2232
  __props__.__dict__["countries"] = countries
1992
2233
  __props__.__dict__["email_protection_flag"] = email_protection_flag
@@ -2003,6 +2244,8 @@ class SecretBackendRole(pulumi.CustomResource):
2003
2244
  __props__.__dict__["name"] = name
2004
2245
  __props__.__dict__["namespace"] = namespace
2005
2246
  __props__.__dict__["no_store"] = no_store
2247
+ __props__.__dict__["no_store_metadata"] = no_store_metadata
2248
+ __props__.__dict__["not_after"] = not_after
2006
2249
  __props__.__dict__["not_before_duration"] = not_before_duration
2007
2250
  __props__.__dict__["organization_unit"] = organization_unit
2008
2251
  __props__.__dict__["organizations"] = organizations
@@ -2011,11 +2254,14 @@ class SecretBackendRole(pulumi.CustomResource):
2011
2254
  __props__.__dict__["postal_codes"] = postal_codes
2012
2255
  __props__.__dict__["provinces"] = provinces
2013
2256
  __props__.__dict__["require_cn"] = require_cn
2257
+ __props__.__dict__["serial_number_source"] = serial_number_source
2014
2258
  __props__.__dict__["server_flag"] = server_flag
2259
+ __props__.__dict__["signature_bits"] = signature_bits
2015
2260
  __props__.__dict__["street_addresses"] = street_addresses
2016
2261
  __props__.__dict__["ttl"] = ttl
2017
2262
  __props__.__dict__["use_csr_common_name"] = use_csr_common_name
2018
2263
  __props__.__dict__["use_csr_sans"] = use_csr_sans
2264
+ __props__.__dict__["use_pss"] = use_pss
2019
2265
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
2020
2266
 
2021
2267
  @property
@@ -2154,6 +2400,14 @@ class SecretBackendRole(pulumi.CustomResource):
2154
2400
  """
2155
2401
  return pulumi.get(self, "client_flag")
2156
2402
 
2403
+ @property
2404
+ @pulumi.getter(name="cnValidations")
2405
+ def cn_validations(self) -> pulumi.Output[Sequence[str]]:
2406
+ """
2407
+ Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
2408
+ """
2409
+ return pulumi.get(self, "cn_validations")
2410
+
2157
2411
  @property
2158
2412
  @pulumi.getter(name="codeSigningFlag")
2159
2413
  def code_signing_flag(self) -> pulumi.Output[Optional[bool]]:
@@ -2291,6 +2545,22 @@ class SecretBackendRole(pulumi.CustomResource):
2291
2545
  """
2292
2546
  return pulumi.get(self, "no_store")
2293
2547
 
2548
+ @property
2549
+ @pulumi.getter(name="noStoreMetadata")
2550
+ def no_store_metadata(self) -> pulumi.Output[Optional[bool]]:
2551
+ """
2552
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
2553
+ """
2554
+ return pulumi.get(self, "no_store_metadata")
2555
+
2556
+ @property
2557
+ @pulumi.getter(name="notAfter")
2558
+ def not_after(self) -> pulumi.Output[Optional[str]]:
2559
+ """
2560
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
2561
+ """
2562
+ return pulumi.get(self, "not_after")
2563
+
2294
2564
  @property
2295
2565
  @pulumi.getter(name="notBeforeDuration")
2296
2566
  def not_before_duration(self) -> pulumi.Output[str]:
@@ -2355,6 +2625,16 @@ class SecretBackendRole(pulumi.CustomResource):
2355
2625
  """
2356
2626
  return pulumi.get(self, "require_cn")
2357
2627
 
2628
+ @property
2629
+ @pulumi.getter(name="serialNumberSource")
2630
+ def serial_number_source(self) -> pulumi.Output[str]:
2631
+ """
2632
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
2633
+
2634
+ Example usage:
2635
+ """
2636
+ return pulumi.get(self, "serial_number_source")
2637
+
2358
2638
  @property
2359
2639
  @pulumi.getter(name="serverFlag")
2360
2640
  def server_flag(self) -> pulumi.Output[Optional[bool]]:
@@ -2363,6 +2643,14 @@ class SecretBackendRole(pulumi.CustomResource):
2363
2643
  """
2364
2644
  return pulumi.get(self, "server_flag")
2365
2645
 
2646
+ @property
2647
+ @pulumi.getter(name="signatureBits")
2648
+ def signature_bits(self) -> pulumi.Output[int]:
2649
+ """
2650
+ The number of bits to use in the signature algorithm
2651
+ """
2652
+ return pulumi.get(self, "signature_bits")
2653
+
2366
2654
  @property
2367
2655
  @pulumi.getter(name="streetAddresses")
2368
2656
  def street_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -2395,3 +2683,11 @@ class SecretBackendRole(pulumi.CustomResource):
2395
2683
  """
2396
2684
  return pulumi.get(self, "use_csr_sans")
2397
2685
 
2686
+ @property
2687
+ @pulumi.getter(name="usePss")
2688
+ def use_pss(self) -> pulumi.Output[Optional[bool]]:
2689
+ """
2690
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
2691
+ """
2692
+ return pulumi.get(self, "use_pss")
2693
+