pulumi-vault 6.6.0a1741329548__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741329548.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -25,6 +25,10 @@ class SecretBackendRootCertArgs:
|
|
25
25
|
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
26
|
country: Optional[pulumi.Input[str]] = None,
|
27
27
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
28
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
29
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
31
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
32
|
format: Optional[pulumi.Input[str]] = None,
|
29
33
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
34
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
@@ -37,13 +41,18 @@ class SecretBackendRootCertArgs:
|
|
37
41
|
managed_key_name: Optional[pulumi.Input[str]] = None,
|
38
42
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
39
43
|
namespace: Optional[pulumi.Input[str]] = None,
|
44
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
40
45
|
organization: Optional[pulumi.Input[str]] = None,
|
41
46
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
42
47
|
ou: Optional[pulumi.Input[str]] = None,
|
43
48
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
49
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
50
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
51
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
44
52
|
postal_code: Optional[pulumi.Input[str]] = None,
|
45
53
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
46
54
|
province: Optional[pulumi.Input[str]] = None,
|
55
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
47
56
|
street_address: Optional[pulumi.Input[str]] = None,
|
48
57
|
ttl: Optional[pulumi.Input[str]] = None,
|
49
58
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
|
@@ -56,6 +65,10 @@ class SecretBackendRootCertArgs:
|
|
56
65
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
57
66
|
:param pulumi.Input[str] country: The country
|
58
67
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
69
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
70
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
71
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
59
72
|
:param pulumi.Input[str] format: The format of data
|
60
73
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
61
74
|
:param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
|
@@ -76,13 +89,18 @@ class SecretBackendRootCertArgs:
|
|
76
89
|
The value should not contain leading or trailing forward slashes.
|
77
90
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
78
91
|
*Available only for Vault Enterprise*.
|
92
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
79
93
|
:param pulumi.Input[str] organization: The organization
|
80
94
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
81
95
|
:param pulumi.Input[str] ou: The organization unit
|
82
96
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
97
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
98
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
99
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
83
100
|
:param pulumi.Input[str] postal_code: The postal code
|
84
101
|
:param pulumi.Input[str] private_key_format: The private key format
|
85
102
|
:param pulumi.Input[str] province: The province
|
103
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
86
104
|
:param pulumi.Input[str] street_address: The street address
|
87
105
|
:param pulumi.Input[str] ttl: Time to live
|
88
106
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
@@ -96,6 +114,14 @@ class SecretBackendRootCertArgs:
|
|
96
114
|
pulumi.set(__self__, "country", country)
|
97
115
|
if exclude_cn_from_sans is not None:
|
98
116
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
117
|
+
if excluded_dns_domains is not None:
|
118
|
+
pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
|
119
|
+
if excluded_email_addresses is not None:
|
120
|
+
pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
|
121
|
+
if excluded_ip_ranges is not None:
|
122
|
+
pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
|
123
|
+
if excluded_uri_domains is not None:
|
124
|
+
pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
|
99
125
|
if format is not None:
|
100
126
|
pulumi.set(__self__, "format", format)
|
101
127
|
if ip_sans is not None:
|
@@ -120,6 +146,8 @@ class SecretBackendRootCertArgs:
|
|
120
146
|
pulumi.set(__self__, "max_path_length", max_path_length)
|
121
147
|
if namespace is not None:
|
122
148
|
pulumi.set(__self__, "namespace", namespace)
|
149
|
+
if not_after is not None:
|
150
|
+
pulumi.set(__self__, "not_after", not_after)
|
123
151
|
if organization is not None:
|
124
152
|
pulumi.set(__self__, "organization", organization)
|
125
153
|
if other_sans is not None:
|
@@ -128,12 +156,20 @@ class SecretBackendRootCertArgs:
|
|
128
156
|
pulumi.set(__self__, "ou", ou)
|
129
157
|
if permitted_dns_domains is not None:
|
130
158
|
pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
|
159
|
+
if permitted_email_addresses is not None:
|
160
|
+
pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
|
161
|
+
if permitted_ip_ranges is not None:
|
162
|
+
pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
|
163
|
+
if permitted_uri_domains is not None:
|
164
|
+
pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
|
131
165
|
if postal_code is not None:
|
132
166
|
pulumi.set(__self__, "postal_code", postal_code)
|
133
167
|
if private_key_format is not None:
|
134
168
|
pulumi.set(__self__, "private_key_format", private_key_format)
|
135
169
|
if province is not None:
|
136
170
|
pulumi.set(__self__, "province", province)
|
171
|
+
if signature_bits is not None:
|
172
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
137
173
|
if street_address is not None:
|
138
174
|
pulumi.set(__self__, "street_address", street_address)
|
139
175
|
if ttl is not None:
|
@@ -214,6 +250,54 @@ class SecretBackendRootCertArgs:
|
|
214
250
|
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
|
215
251
|
pulumi.set(self, "exclude_cn_from_sans", value)
|
216
252
|
|
253
|
+
@property
|
254
|
+
@pulumi.getter(name="excludedDnsDomains")
|
255
|
+
def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
256
|
+
"""
|
257
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
258
|
+
"""
|
259
|
+
return pulumi.get(self, "excluded_dns_domains")
|
260
|
+
|
261
|
+
@excluded_dns_domains.setter
|
262
|
+
def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
263
|
+
pulumi.set(self, "excluded_dns_domains", value)
|
264
|
+
|
265
|
+
@property
|
266
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
267
|
+
def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
268
|
+
"""
|
269
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
270
|
+
"""
|
271
|
+
return pulumi.get(self, "excluded_email_addresses")
|
272
|
+
|
273
|
+
@excluded_email_addresses.setter
|
274
|
+
def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
275
|
+
pulumi.set(self, "excluded_email_addresses", value)
|
276
|
+
|
277
|
+
@property
|
278
|
+
@pulumi.getter(name="excludedIpRanges")
|
279
|
+
def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
280
|
+
"""
|
281
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
282
|
+
"""
|
283
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
284
|
+
|
285
|
+
@excluded_ip_ranges.setter
|
286
|
+
def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
287
|
+
pulumi.set(self, "excluded_ip_ranges", value)
|
288
|
+
|
289
|
+
@property
|
290
|
+
@pulumi.getter(name="excludedUriDomains")
|
291
|
+
def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
292
|
+
"""
|
293
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
294
|
+
"""
|
295
|
+
return pulumi.get(self, "excluded_uri_domains")
|
296
|
+
|
297
|
+
@excluded_uri_domains.setter
|
298
|
+
def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
299
|
+
pulumi.set(self, "excluded_uri_domains", value)
|
300
|
+
|
217
301
|
@property
|
218
302
|
@pulumi.getter
|
219
303
|
def format(self) -> Optional[pulumi.Input[str]]:
|
@@ -366,6 +450,18 @@ class SecretBackendRootCertArgs:
|
|
366
450
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
367
451
|
pulumi.set(self, "namespace", value)
|
368
452
|
|
453
|
+
@property
|
454
|
+
@pulumi.getter(name="notAfter")
|
455
|
+
def not_after(self) -> Optional[pulumi.Input[str]]:
|
456
|
+
"""
|
457
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
458
|
+
"""
|
459
|
+
return pulumi.get(self, "not_after")
|
460
|
+
|
461
|
+
@not_after.setter
|
462
|
+
def not_after(self, value: Optional[pulumi.Input[str]]):
|
463
|
+
pulumi.set(self, "not_after", value)
|
464
|
+
|
369
465
|
@property
|
370
466
|
@pulumi.getter
|
371
467
|
def organization(self) -> Optional[pulumi.Input[str]]:
|
@@ -414,6 +510,42 @@ class SecretBackendRootCertArgs:
|
|
414
510
|
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
415
511
|
pulumi.set(self, "permitted_dns_domains", value)
|
416
512
|
|
513
|
+
@property
|
514
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
515
|
+
def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
516
|
+
"""
|
517
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
518
|
+
"""
|
519
|
+
return pulumi.get(self, "permitted_email_addresses")
|
520
|
+
|
521
|
+
@permitted_email_addresses.setter
|
522
|
+
def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
523
|
+
pulumi.set(self, "permitted_email_addresses", value)
|
524
|
+
|
525
|
+
@property
|
526
|
+
@pulumi.getter(name="permittedIpRanges")
|
527
|
+
def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
528
|
+
"""
|
529
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
530
|
+
"""
|
531
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
532
|
+
|
533
|
+
@permitted_ip_ranges.setter
|
534
|
+
def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
535
|
+
pulumi.set(self, "permitted_ip_ranges", value)
|
536
|
+
|
537
|
+
@property
|
538
|
+
@pulumi.getter(name="permittedUriDomains")
|
539
|
+
def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
540
|
+
"""
|
541
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
542
|
+
"""
|
543
|
+
return pulumi.get(self, "permitted_uri_domains")
|
544
|
+
|
545
|
+
@permitted_uri_domains.setter
|
546
|
+
def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
547
|
+
pulumi.set(self, "permitted_uri_domains", value)
|
548
|
+
|
417
549
|
@property
|
418
550
|
@pulumi.getter(name="postalCode")
|
419
551
|
def postal_code(self) -> Optional[pulumi.Input[str]]:
|
@@ -450,6 +582,18 @@ class SecretBackendRootCertArgs:
|
|
450
582
|
def province(self, value: Optional[pulumi.Input[str]]):
|
451
583
|
pulumi.set(self, "province", value)
|
452
584
|
|
585
|
+
@property
|
586
|
+
@pulumi.getter(name="signatureBits")
|
587
|
+
def signature_bits(self) -> Optional[pulumi.Input[int]]:
|
588
|
+
"""
|
589
|
+
The number of bits to use in the signature algorithm
|
590
|
+
"""
|
591
|
+
return pulumi.get(self, "signature_bits")
|
592
|
+
|
593
|
+
@signature_bits.setter
|
594
|
+
def signature_bits(self, value: Optional[pulumi.Input[int]]):
|
595
|
+
pulumi.set(self, "signature_bits", value)
|
596
|
+
|
453
597
|
@property
|
454
598
|
@pulumi.getter(name="streetAddress")
|
455
599
|
def street_address(self) -> Optional[pulumi.Input[str]]:
|
@@ -496,6 +640,10 @@ class _SecretBackendRootCertState:
|
|
496
640
|
common_name: Optional[pulumi.Input[str]] = None,
|
497
641
|
country: Optional[pulumi.Input[str]] = None,
|
498
642
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
643
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
644
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
645
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
646
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
499
647
|
format: Optional[pulumi.Input[str]] = None,
|
500
648
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
501
649
|
issuer_id: Optional[pulumi.Input[str]] = None,
|
@@ -511,14 +659,19 @@ class _SecretBackendRootCertState:
|
|
511
659
|
managed_key_name: Optional[pulumi.Input[str]] = None,
|
512
660
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
513
661
|
namespace: Optional[pulumi.Input[str]] = None,
|
662
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
514
663
|
organization: Optional[pulumi.Input[str]] = None,
|
515
664
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
516
665
|
ou: Optional[pulumi.Input[str]] = None,
|
517
666
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
667
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
668
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
669
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
518
670
|
postal_code: Optional[pulumi.Input[str]] = None,
|
519
671
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
520
672
|
province: Optional[pulumi.Input[str]] = None,
|
521
673
|
serial_number: Optional[pulumi.Input[str]] = None,
|
674
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
522
675
|
street_address: Optional[pulumi.Input[str]] = None,
|
523
676
|
ttl: Optional[pulumi.Input[str]] = None,
|
524
677
|
type: Optional[pulumi.Input[str]] = None,
|
@@ -531,6 +684,10 @@ class _SecretBackendRootCertState:
|
|
531
684
|
:param pulumi.Input[str] common_name: CN of intermediate to create
|
532
685
|
:param pulumi.Input[str] country: The country
|
533
686
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
687
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
688
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
689
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
690
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
534
691
|
:param pulumi.Input[str] format: The format of data
|
535
692
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
536
693
|
:param pulumi.Input[str] issuer_id: The ID of the generated issuer.
|
@@ -554,14 +711,19 @@ class _SecretBackendRootCertState:
|
|
554
711
|
The value should not contain leading or trailing forward slashes.
|
555
712
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
556
713
|
*Available only for Vault Enterprise*.
|
714
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
557
715
|
:param pulumi.Input[str] organization: The organization
|
558
716
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
559
717
|
:param pulumi.Input[str] ou: The organization unit
|
560
718
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
719
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
720
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
721
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
561
722
|
:param pulumi.Input[str] postal_code: The postal code
|
562
723
|
:param pulumi.Input[str] private_key_format: The private key format
|
563
724
|
:param pulumi.Input[str] province: The province
|
564
725
|
:param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
|
726
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
565
727
|
:param pulumi.Input[str] street_address: The street address
|
566
728
|
:param pulumi.Input[str] ttl: Time to live
|
567
729
|
:param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
|
@@ -580,6 +742,14 @@ class _SecretBackendRootCertState:
|
|
580
742
|
pulumi.set(__self__, "country", country)
|
581
743
|
if exclude_cn_from_sans is not None:
|
582
744
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
745
|
+
if excluded_dns_domains is not None:
|
746
|
+
pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
|
747
|
+
if excluded_email_addresses is not None:
|
748
|
+
pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
|
749
|
+
if excluded_ip_ranges is not None:
|
750
|
+
pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
|
751
|
+
if excluded_uri_domains is not None:
|
752
|
+
pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
|
583
753
|
if format is not None:
|
584
754
|
pulumi.set(__self__, "format", format)
|
585
755
|
if ip_sans is not None:
|
@@ -610,6 +780,8 @@ class _SecretBackendRootCertState:
|
|
610
780
|
pulumi.set(__self__, "max_path_length", max_path_length)
|
611
781
|
if namespace is not None:
|
612
782
|
pulumi.set(__self__, "namespace", namespace)
|
783
|
+
if not_after is not None:
|
784
|
+
pulumi.set(__self__, "not_after", not_after)
|
613
785
|
if organization is not None:
|
614
786
|
pulumi.set(__self__, "organization", organization)
|
615
787
|
if other_sans is not None:
|
@@ -618,6 +790,12 @@ class _SecretBackendRootCertState:
|
|
618
790
|
pulumi.set(__self__, "ou", ou)
|
619
791
|
if permitted_dns_domains is not None:
|
620
792
|
pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
|
793
|
+
if permitted_email_addresses is not None:
|
794
|
+
pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
|
795
|
+
if permitted_ip_ranges is not None:
|
796
|
+
pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
|
797
|
+
if permitted_uri_domains is not None:
|
798
|
+
pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
|
621
799
|
if postal_code is not None:
|
622
800
|
pulumi.set(__self__, "postal_code", postal_code)
|
623
801
|
if private_key_format is not None:
|
@@ -626,6 +804,8 @@ class _SecretBackendRootCertState:
|
|
626
804
|
pulumi.set(__self__, "province", province)
|
627
805
|
if serial_number is not None:
|
628
806
|
pulumi.set(__self__, "serial_number", serial_number)
|
807
|
+
if signature_bits is not None:
|
808
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
629
809
|
if street_address is not None:
|
630
810
|
pulumi.set(__self__, "street_address", street_address)
|
631
811
|
if ttl is not None:
|
@@ -707,6 +887,54 @@ class _SecretBackendRootCertState:
|
|
707
887
|
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
|
708
888
|
pulumi.set(self, "exclude_cn_from_sans", value)
|
709
889
|
|
890
|
+
@property
|
891
|
+
@pulumi.getter(name="excludedDnsDomains")
|
892
|
+
def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
893
|
+
"""
|
894
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
895
|
+
"""
|
896
|
+
return pulumi.get(self, "excluded_dns_domains")
|
897
|
+
|
898
|
+
@excluded_dns_domains.setter
|
899
|
+
def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
900
|
+
pulumi.set(self, "excluded_dns_domains", value)
|
901
|
+
|
902
|
+
@property
|
903
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
904
|
+
def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
905
|
+
"""
|
906
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
907
|
+
"""
|
908
|
+
return pulumi.get(self, "excluded_email_addresses")
|
909
|
+
|
910
|
+
@excluded_email_addresses.setter
|
911
|
+
def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
912
|
+
pulumi.set(self, "excluded_email_addresses", value)
|
913
|
+
|
914
|
+
@property
|
915
|
+
@pulumi.getter(name="excludedIpRanges")
|
916
|
+
def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
917
|
+
"""
|
918
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
919
|
+
"""
|
920
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
921
|
+
|
922
|
+
@excluded_ip_ranges.setter
|
923
|
+
def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
924
|
+
pulumi.set(self, "excluded_ip_ranges", value)
|
925
|
+
|
926
|
+
@property
|
927
|
+
@pulumi.getter(name="excludedUriDomains")
|
928
|
+
def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
929
|
+
"""
|
930
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
931
|
+
"""
|
932
|
+
return pulumi.get(self, "excluded_uri_domains")
|
933
|
+
|
934
|
+
@excluded_uri_domains.setter
|
935
|
+
def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
936
|
+
pulumi.set(self, "excluded_uri_domains", value)
|
937
|
+
|
710
938
|
@property
|
711
939
|
@pulumi.getter
|
712
940
|
def format(self) -> Optional[pulumi.Input[str]]:
|
@@ -895,6 +1123,18 @@ class _SecretBackendRootCertState:
|
|
895
1123
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
896
1124
|
pulumi.set(self, "namespace", value)
|
897
1125
|
|
1126
|
+
@property
|
1127
|
+
@pulumi.getter(name="notAfter")
|
1128
|
+
def not_after(self) -> Optional[pulumi.Input[str]]:
|
1129
|
+
"""
|
1130
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1131
|
+
"""
|
1132
|
+
return pulumi.get(self, "not_after")
|
1133
|
+
|
1134
|
+
@not_after.setter
|
1135
|
+
def not_after(self, value: Optional[pulumi.Input[str]]):
|
1136
|
+
pulumi.set(self, "not_after", value)
|
1137
|
+
|
898
1138
|
@property
|
899
1139
|
@pulumi.getter
|
900
1140
|
def organization(self) -> Optional[pulumi.Input[str]]:
|
@@ -943,6 +1183,42 @@ class _SecretBackendRootCertState:
|
|
943
1183
|
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
944
1184
|
pulumi.set(self, "permitted_dns_domains", value)
|
945
1185
|
|
1186
|
+
@property
|
1187
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
1188
|
+
def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1189
|
+
"""
|
1190
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1191
|
+
"""
|
1192
|
+
return pulumi.get(self, "permitted_email_addresses")
|
1193
|
+
|
1194
|
+
@permitted_email_addresses.setter
|
1195
|
+
def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1196
|
+
pulumi.set(self, "permitted_email_addresses", value)
|
1197
|
+
|
1198
|
+
@property
|
1199
|
+
@pulumi.getter(name="permittedIpRanges")
|
1200
|
+
def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1201
|
+
"""
|
1202
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1203
|
+
"""
|
1204
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
1205
|
+
|
1206
|
+
@permitted_ip_ranges.setter
|
1207
|
+
def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1208
|
+
pulumi.set(self, "permitted_ip_ranges", value)
|
1209
|
+
|
1210
|
+
@property
|
1211
|
+
@pulumi.getter(name="permittedUriDomains")
|
1212
|
+
def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1213
|
+
"""
|
1214
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1215
|
+
"""
|
1216
|
+
return pulumi.get(self, "permitted_uri_domains")
|
1217
|
+
|
1218
|
+
@permitted_uri_domains.setter
|
1219
|
+
def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1220
|
+
pulumi.set(self, "permitted_uri_domains", value)
|
1221
|
+
|
946
1222
|
@property
|
947
1223
|
@pulumi.getter(name="postalCode")
|
948
1224
|
def postal_code(self) -> Optional[pulumi.Input[str]]:
|
@@ -991,6 +1267,18 @@ class _SecretBackendRootCertState:
|
|
991
1267
|
def serial_number(self, value: Optional[pulumi.Input[str]]):
|
992
1268
|
pulumi.set(self, "serial_number", value)
|
993
1269
|
|
1270
|
+
@property
|
1271
|
+
@pulumi.getter(name="signatureBits")
|
1272
|
+
def signature_bits(self) -> Optional[pulumi.Input[int]]:
|
1273
|
+
"""
|
1274
|
+
The number of bits to use in the signature algorithm
|
1275
|
+
"""
|
1276
|
+
return pulumi.get(self, "signature_bits")
|
1277
|
+
|
1278
|
+
@signature_bits.setter
|
1279
|
+
def signature_bits(self, value: Optional[pulumi.Input[int]]):
|
1280
|
+
pulumi.set(self, "signature_bits", value)
|
1281
|
+
|
994
1282
|
@property
|
995
1283
|
@pulumi.getter(name="streetAddress")
|
996
1284
|
def street_address(self) -> Optional[pulumi.Input[str]]:
|
@@ -1051,6 +1339,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1051
1339
|
common_name: Optional[pulumi.Input[str]] = None,
|
1052
1340
|
country: Optional[pulumi.Input[str]] = None,
|
1053
1341
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1342
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1343
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1344
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1345
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1054
1346
|
format: Optional[pulumi.Input[str]] = None,
|
1055
1347
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1056
1348
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
@@ -1063,13 +1355,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1063
1355
|
managed_key_name: Optional[pulumi.Input[str]] = None,
|
1064
1356
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
1065
1357
|
namespace: Optional[pulumi.Input[str]] = None,
|
1358
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
1066
1359
|
organization: Optional[pulumi.Input[str]] = None,
|
1067
1360
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1068
1361
|
ou: Optional[pulumi.Input[str]] = None,
|
1069
1362
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1363
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1364
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1365
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1070
1366
|
postal_code: Optional[pulumi.Input[str]] = None,
|
1071
1367
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
1072
1368
|
province: Optional[pulumi.Input[str]] = None,
|
1369
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
1073
1370
|
street_address: Optional[pulumi.Input[str]] = None,
|
1074
1371
|
ttl: Optional[pulumi.Input[str]] = None,
|
1075
1372
|
type: Optional[pulumi.Input[str]] = None,
|
@@ -1104,6 +1401,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1104
1401
|
:param pulumi.Input[str] common_name: CN of intermediate to create
|
1105
1402
|
:param pulumi.Input[str] country: The country
|
1106
1403
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1404
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1405
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1406
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1407
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1107
1408
|
:param pulumi.Input[str] format: The format of data
|
1108
1409
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
1109
1410
|
:param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
|
@@ -1124,13 +1425,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1124
1425
|
The value should not contain leading or trailing forward slashes.
|
1125
1426
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1126
1427
|
*Available only for Vault Enterprise*.
|
1428
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1127
1429
|
:param pulumi.Input[str] organization: The organization
|
1128
1430
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
1129
1431
|
:param pulumi.Input[str] ou: The organization unit
|
1130
1432
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
1433
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1434
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1435
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1131
1436
|
:param pulumi.Input[str] postal_code: The postal code
|
1132
1437
|
:param pulumi.Input[str] private_key_format: The private key format
|
1133
1438
|
:param pulumi.Input[str] province: The province
|
1439
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
1134
1440
|
:param pulumi.Input[str] street_address: The street address
|
1135
1441
|
:param pulumi.Input[str] ttl: Time to live
|
1136
1442
|
:param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
|
@@ -1185,6 +1491,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1185
1491
|
common_name: Optional[pulumi.Input[str]] = None,
|
1186
1492
|
country: Optional[pulumi.Input[str]] = None,
|
1187
1493
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1494
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1495
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1496
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1497
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1188
1498
|
format: Optional[pulumi.Input[str]] = None,
|
1189
1499
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1190
1500
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
@@ -1197,13 +1507,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1197
1507
|
managed_key_name: Optional[pulumi.Input[str]] = None,
|
1198
1508
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
1199
1509
|
namespace: Optional[pulumi.Input[str]] = None,
|
1510
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
1200
1511
|
organization: Optional[pulumi.Input[str]] = None,
|
1201
1512
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1202
1513
|
ou: Optional[pulumi.Input[str]] = None,
|
1203
1514
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1515
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1516
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1517
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1204
1518
|
postal_code: Optional[pulumi.Input[str]] = None,
|
1205
1519
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
1206
1520
|
province: Optional[pulumi.Input[str]] = None,
|
1521
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
1207
1522
|
street_address: Optional[pulumi.Input[str]] = None,
|
1208
1523
|
ttl: Optional[pulumi.Input[str]] = None,
|
1209
1524
|
type: Optional[pulumi.Input[str]] = None,
|
@@ -1226,6 +1541,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1226
1541
|
__props__.__dict__["common_name"] = common_name
|
1227
1542
|
__props__.__dict__["country"] = country
|
1228
1543
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
1544
|
+
__props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
|
1545
|
+
__props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
|
1546
|
+
__props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
|
1547
|
+
__props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
|
1229
1548
|
__props__.__dict__["format"] = format
|
1230
1549
|
__props__.__dict__["ip_sans"] = ip_sans
|
1231
1550
|
__props__.__dict__["issuer_name"] = issuer_name
|
@@ -1238,13 +1557,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1238
1557
|
__props__.__dict__["managed_key_name"] = managed_key_name
|
1239
1558
|
__props__.__dict__["max_path_length"] = max_path_length
|
1240
1559
|
__props__.__dict__["namespace"] = namespace
|
1560
|
+
__props__.__dict__["not_after"] = not_after
|
1241
1561
|
__props__.__dict__["organization"] = organization
|
1242
1562
|
__props__.__dict__["other_sans"] = other_sans
|
1243
1563
|
__props__.__dict__["ou"] = ou
|
1244
1564
|
__props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
|
1565
|
+
__props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
|
1566
|
+
__props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
|
1567
|
+
__props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
|
1245
1568
|
__props__.__dict__["postal_code"] = postal_code
|
1246
1569
|
__props__.__dict__["private_key_format"] = private_key_format
|
1247
1570
|
__props__.__dict__["province"] = province
|
1571
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1248
1572
|
__props__.__dict__["street_address"] = street_address
|
1249
1573
|
__props__.__dict__["ttl"] = ttl
|
1250
1574
|
if type is None and not opts.urn:
|
@@ -1272,6 +1596,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1272
1596
|
common_name: Optional[pulumi.Input[str]] = None,
|
1273
1597
|
country: Optional[pulumi.Input[str]] = None,
|
1274
1598
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1599
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1600
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1601
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1602
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1275
1603
|
format: Optional[pulumi.Input[str]] = None,
|
1276
1604
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1277
1605
|
issuer_id: Optional[pulumi.Input[str]] = None,
|
@@ -1287,14 +1615,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1287
1615
|
managed_key_name: Optional[pulumi.Input[str]] = None,
|
1288
1616
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
1289
1617
|
namespace: Optional[pulumi.Input[str]] = None,
|
1618
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
1290
1619
|
organization: Optional[pulumi.Input[str]] = None,
|
1291
1620
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1292
1621
|
ou: Optional[pulumi.Input[str]] = None,
|
1293
1622
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1623
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1624
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1625
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1294
1626
|
postal_code: Optional[pulumi.Input[str]] = None,
|
1295
1627
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
1296
1628
|
province: Optional[pulumi.Input[str]] = None,
|
1297
1629
|
serial_number: Optional[pulumi.Input[str]] = None,
|
1630
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
1298
1631
|
street_address: Optional[pulumi.Input[str]] = None,
|
1299
1632
|
ttl: Optional[pulumi.Input[str]] = None,
|
1300
1633
|
type: Optional[pulumi.Input[str]] = None,
|
@@ -1312,6 +1645,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1312
1645
|
:param pulumi.Input[str] common_name: CN of intermediate to create
|
1313
1646
|
:param pulumi.Input[str] country: The country
|
1314
1647
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1648
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1649
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1650
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1651
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1315
1652
|
:param pulumi.Input[str] format: The format of data
|
1316
1653
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
1317
1654
|
:param pulumi.Input[str] issuer_id: The ID of the generated issuer.
|
@@ -1335,14 +1672,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1335
1672
|
The value should not contain leading or trailing forward slashes.
|
1336
1673
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1337
1674
|
*Available only for Vault Enterprise*.
|
1675
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1338
1676
|
:param pulumi.Input[str] organization: The organization
|
1339
1677
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
1340
1678
|
:param pulumi.Input[str] ou: The organization unit
|
1341
1679
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
1680
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1681
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1682
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1342
1683
|
:param pulumi.Input[str] postal_code: The postal code
|
1343
1684
|
:param pulumi.Input[str] private_key_format: The private key format
|
1344
1685
|
:param pulumi.Input[str] province: The province
|
1345
1686
|
:param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
|
1687
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
1346
1688
|
:param pulumi.Input[str] street_address: The street address
|
1347
1689
|
:param pulumi.Input[str] ttl: Time to live
|
1348
1690
|
:param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
|
@@ -1359,6 +1701,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1359
1701
|
__props__.__dict__["common_name"] = common_name
|
1360
1702
|
__props__.__dict__["country"] = country
|
1361
1703
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
1704
|
+
__props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
|
1705
|
+
__props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
|
1706
|
+
__props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
|
1707
|
+
__props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
|
1362
1708
|
__props__.__dict__["format"] = format
|
1363
1709
|
__props__.__dict__["ip_sans"] = ip_sans
|
1364
1710
|
__props__.__dict__["issuer_id"] = issuer_id
|
@@ -1374,14 +1720,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1374
1720
|
__props__.__dict__["managed_key_name"] = managed_key_name
|
1375
1721
|
__props__.__dict__["max_path_length"] = max_path_length
|
1376
1722
|
__props__.__dict__["namespace"] = namespace
|
1723
|
+
__props__.__dict__["not_after"] = not_after
|
1377
1724
|
__props__.__dict__["organization"] = organization
|
1378
1725
|
__props__.__dict__["other_sans"] = other_sans
|
1379
1726
|
__props__.__dict__["ou"] = ou
|
1380
1727
|
__props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
|
1728
|
+
__props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
|
1729
|
+
__props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
|
1730
|
+
__props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
|
1381
1731
|
__props__.__dict__["postal_code"] = postal_code
|
1382
1732
|
__props__.__dict__["private_key_format"] = private_key_format
|
1383
1733
|
__props__.__dict__["province"] = province
|
1384
1734
|
__props__.__dict__["serial_number"] = serial_number
|
1735
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1385
1736
|
__props__.__dict__["street_address"] = street_address
|
1386
1737
|
__props__.__dict__["ttl"] = ttl
|
1387
1738
|
__props__.__dict__["type"] = type
|
@@ -1436,6 +1787,38 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1436
1787
|
"""
|
1437
1788
|
return pulumi.get(self, "exclude_cn_from_sans")
|
1438
1789
|
|
1790
|
+
@property
|
1791
|
+
@pulumi.getter(name="excludedDnsDomains")
|
1792
|
+
def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1793
|
+
"""
|
1794
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1795
|
+
"""
|
1796
|
+
return pulumi.get(self, "excluded_dns_domains")
|
1797
|
+
|
1798
|
+
@property
|
1799
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
1800
|
+
def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1801
|
+
"""
|
1802
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1803
|
+
"""
|
1804
|
+
return pulumi.get(self, "excluded_email_addresses")
|
1805
|
+
|
1806
|
+
@property
|
1807
|
+
@pulumi.getter(name="excludedIpRanges")
|
1808
|
+
def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1809
|
+
"""
|
1810
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1811
|
+
"""
|
1812
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
1813
|
+
|
1814
|
+
@property
|
1815
|
+
@pulumi.getter(name="excludedUriDomains")
|
1816
|
+
def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1817
|
+
"""
|
1818
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1819
|
+
"""
|
1820
|
+
return pulumi.get(self, "excluded_uri_domains")
|
1821
|
+
|
1439
1822
|
@property
|
1440
1823
|
@pulumi.getter
|
1441
1824
|
def format(self) -> pulumi.Output[Optional[str]]:
|
@@ -1564,6 +1947,14 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1564
1947
|
"""
|
1565
1948
|
return pulumi.get(self, "namespace")
|
1566
1949
|
|
1950
|
+
@property
|
1951
|
+
@pulumi.getter(name="notAfter")
|
1952
|
+
def not_after(self) -> pulumi.Output[Optional[str]]:
|
1953
|
+
"""
|
1954
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1955
|
+
"""
|
1956
|
+
return pulumi.get(self, "not_after")
|
1957
|
+
|
1567
1958
|
@property
|
1568
1959
|
@pulumi.getter
|
1569
1960
|
def organization(self) -> pulumi.Output[Optional[str]]:
|
@@ -1596,6 +1987,30 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1596
1987
|
"""
|
1597
1988
|
return pulumi.get(self, "permitted_dns_domains")
|
1598
1989
|
|
1990
|
+
@property
|
1991
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
1992
|
+
def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1993
|
+
"""
|
1994
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1995
|
+
"""
|
1996
|
+
return pulumi.get(self, "permitted_email_addresses")
|
1997
|
+
|
1998
|
+
@property
|
1999
|
+
@pulumi.getter(name="permittedIpRanges")
|
2000
|
+
def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2001
|
+
"""
|
2002
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
2003
|
+
"""
|
2004
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
2005
|
+
|
2006
|
+
@property
|
2007
|
+
@pulumi.getter(name="permittedUriDomains")
|
2008
|
+
def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2009
|
+
"""
|
2010
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
2011
|
+
"""
|
2012
|
+
return pulumi.get(self, "permitted_uri_domains")
|
2013
|
+
|
1599
2014
|
@property
|
1600
2015
|
@pulumi.getter(name="postalCode")
|
1601
2016
|
def postal_code(self) -> pulumi.Output[Optional[str]]:
|
@@ -1628,6 +2043,14 @@ class SecretBackendRootCert(pulumi.CustomResource):
|
|
1628
2043
|
"""
|
1629
2044
|
return pulumi.get(self, "serial_number")
|
1630
2045
|
|
2046
|
+
@property
|
2047
|
+
@pulumi.getter(name="signatureBits")
|
2048
|
+
def signature_bits(self) -> pulumi.Output[int]:
|
2049
|
+
"""
|
2050
|
+
The number of bits to use in the signature algorithm
|
2051
|
+
"""
|
2052
|
+
return pulumi.get(self, "signature_bits")
|
2053
|
+
|
1631
2054
|
@property
|
1632
2055
|
@pulumi.getter(name="streetAddress")
|
1633
2056
|
def street_address(self) -> pulumi.Output[Optional[str]]:
|