pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -26,7 +26,7 @@ class GetBackendIssuerResult:
|
|
26
26
|
"""
|
27
27
|
A collection of values returned by getBackendIssuer.
|
28
28
|
"""
|
29
|
-
def __init__(__self__, backend=None, ca_chains=None, certificate=None, id=None, issuer_id=None, issuer_name=None, issuer_ref=None, key_id=None, leaf_not_after_behavior=None, manual_chains=None, namespace=None, usage=None):
|
29
|
+
def __init__(__self__, backend=None, ca_chains=None, certificate=None, disable_critical_extension_checks=None, disable_name_checks=None, disable_name_constraint_checks=None, disable_path_length_checks=None, id=None, issuer_id=None, issuer_name=None, issuer_ref=None, key_id=None, leaf_not_after_behavior=None, manual_chains=None, namespace=None, usage=None):
|
30
30
|
if backend and not isinstance(backend, str):
|
31
31
|
raise TypeError("Expected argument 'backend' to be a str")
|
32
32
|
pulumi.set(__self__, "backend", backend)
|
@@ -36,6 +36,18 @@ class GetBackendIssuerResult:
|
|
36
36
|
if certificate and not isinstance(certificate, str):
|
37
37
|
raise TypeError("Expected argument 'certificate' to be a str")
|
38
38
|
pulumi.set(__self__, "certificate", certificate)
|
39
|
+
if disable_critical_extension_checks and not isinstance(disable_critical_extension_checks, bool):
|
40
|
+
raise TypeError("Expected argument 'disable_critical_extension_checks' to be a bool")
|
41
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
42
|
+
if disable_name_checks and not isinstance(disable_name_checks, bool):
|
43
|
+
raise TypeError("Expected argument 'disable_name_checks' to be a bool")
|
44
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
45
|
+
if disable_name_constraint_checks and not isinstance(disable_name_constraint_checks, bool):
|
46
|
+
raise TypeError("Expected argument 'disable_name_constraint_checks' to be a bool")
|
47
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
48
|
+
if disable_path_length_checks and not isinstance(disable_path_length_checks, bool):
|
49
|
+
raise TypeError("Expected argument 'disable_path_length_checks' to be a bool")
|
50
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
39
51
|
if id and not isinstance(id, str):
|
40
52
|
raise TypeError("Expected argument 'id' to be a str")
|
41
53
|
pulumi.set(__self__, "id", id)
|
@@ -85,6 +97,49 @@ class GetBackendIssuerResult:
|
|
85
97
|
"""
|
86
98
|
return pulumi.get(self, "certificate")
|
87
99
|
|
100
|
+
@property
|
101
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
102
|
+
def disable_critical_extension_checks(self) -> Optional[bool]:
|
103
|
+
"""
|
104
|
+
This determines whether this
|
105
|
+
issuer is able to issue certificates where the chain of trust (including the
|
106
|
+
issued certificate) contain critical extensions not processed by Vault.
|
107
|
+
"""
|
108
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
109
|
+
|
110
|
+
@property
|
111
|
+
@pulumi.getter(name="disableNameChecks")
|
112
|
+
def disable_name_checks(self) -> Optional[bool]:
|
113
|
+
"""
|
114
|
+
This determines whether this issuer is able
|
115
|
+
to issue certificates where the chain of trust (including the final issued
|
116
|
+
certificate) contains a link in which the subject of the issuing certificate
|
117
|
+
does not match the named issuer of the certificate it signed.
|
118
|
+
"""
|
119
|
+
return pulumi.get(self, "disable_name_checks")
|
120
|
+
|
121
|
+
@property
|
122
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
123
|
+
def disable_name_constraint_checks(self) -> Optional[bool]:
|
124
|
+
"""
|
125
|
+
This determines whether this
|
126
|
+
issuer is able to issue certificates where the chain of trust (including the
|
127
|
+
final issued certificate) violates the name constraints critical extension of
|
128
|
+
one of the issuer certificates in the chain.
|
129
|
+
"""
|
130
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
131
|
+
|
132
|
+
@property
|
133
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
134
|
+
def disable_path_length_checks(self) -> Optional[bool]:
|
135
|
+
"""
|
136
|
+
This determines whether this issuer
|
137
|
+
is able to issue certificates where the chain of trust (including the final
|
138
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
139
|
+
chain.
|
140
|
+
"""
|
141
|
+
return pulumi.get(self, "disable_path_length_checks")
|
142
|
+
|
88
143
|
@property
|
89
144
|
@pulumi.getter
|
90
145
|
def id(self) -> str:
|
@@ -162,6 +217,10 @@ class AwaitableGetBackendIssuerResult(GetBackendIssuerResult):
|
|
162
217
|
backend=self.backend,
|
163
218
|
ca_chains=self.ca_chains,
|
164
219
|
certificate=self.certificate,
|
220
|
+
disable_critical_extension_checks=self.disable_critical_extension_checks,
|
221
|
+
disable_name_checks=self.disable_name_checks,
|
222
|
+
disable_name_constraint_checks=self.disable_name_constraint_checks,
|
223
|
+
disable_path_length_checks=self.disable_path_length_checks,
|
165
224
|
id=self.id,
|
166
225
|
issuer_id=self.issuer_id,
|
167
226
|
issuer_name=self.issuer_name,
|
@@ -174,6 +233,10 @@ class AwaitableGetBackendIssuerResult(GetBackendIssuerResult):
|
|
174
233
|
|
175
234
|
|
176
235
|
def get_backend_issuer(backend: Optional[str] = None,
|
236
|
+
disable_critical_extension_checks: Optional[bool] = None,
|
237
|
+
disable_name_checks: Optional[bool] = None,
|
238
|
+
disable_name_constraint_checks: Optional[bool] = None,
|
239
|
+
disable_path_length_checks: Optional[bool] = None,
|
177
240
|
issuer_ref: Optional[str] = None,
|
178
241
|
namespace: Optional[str] = None,
|
179
242
|
opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendIssuerResult:
|
@@ -201,6 +264,21 @@ def get_backend_issuer(backend: Optional[str] = None,
|
|
201
264
|
|
202
265
|
:param str backend: The path to the PKI secret backend to
|
203
266
|
read the issuer from, with no leading or trailing `/`s.
|
267
|
+
:param bool disable_critical_extension_checks: This determines whether this
|
268
|
+
issuer is able to issue certificates where the chain of trust (including the
|
269
|
+
issued certificate) contain critical extensions not processed by Vault.
|
270
|
+
:param bool disable_name_checks: This determines whether this issuer is able
|
271
|
+
to issue certificates where the chain of trust (including the final issued
|
272
|
+
certificate) contains a link in which the subject of the issuing certificate
|
273
|
+
does not match the named issuer of the certificate it signed.
|
274
|
+
:param bool disable_name_constraint_checks: This determines whether this
|
275
|
+
issuer is able to issue certificates where the chain of trust (including the
|
276
|
+
final issued certificate) violates the name constraints critical extension of
|
277
|
+
one of the issuer certificates in the chain.
|
278
|
+
:param bool disable_path_length_checks: This determines whether this issuer
|
279
|
+
is able to issue certificates where the chain of trust (including the final
|
280
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
281
|
+
chain.
|
204
282
|
:param str issuer_ref: Reference to an existing issuer.
|
205
283
|
:param str namespace: The namespace of the target resource.
|
206
284
|
The value should not contain leading or trailing forward slashes.
|
@@ -209,6 +287,10 @@ def get_backend_issuer(backend: Optional[str] = None,
|
|
209
287
|
"""
|
210
288
|
__args__ = dict()
|
211
289
|
__args__['backend'] = backend
|
290
|
+
__args__['disableCriticalExtensionChecks'] = disable_critical_extension_checks
|
291
|
+
__args__['disableNameChecks'] = disable_name_checks
|
292
|
+
__args__['disableNameConstraintChecks'] = disable_name_constraint_checks
|
293
|
+
__args__['disablePathLengthChecks'] = disable_path_length_checks
|
212
294
|
__args__['issuerRef'] = issuer_ref
|
213
295
|
__args__['namespace'] = namespace
|
214
296
|
opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
@@ -218,6 +300,10 @@ def get_backend_issuer(backend: Optional[str] = None,
|
|
218
300
|
backend=pulumi.get(__ret__, 'backend'),
|
219
301
|
ca_chains=pulumi.get(__ret__, 'ca_chains'),
|
220
302
|
certificate=pulumi.get(__ret__, 'certificate'),
|
303
|
+
disable_critical_extension_checks=pulumi.get(__ret__, 'disable_critical_extension_checks'),
|
304
|
+
disable_name_checks=pulumi.get(__ret__, 'disable_name_checks'),
|
305
|
+
disable_name_constraint_checks=pulumi.get(__ret__, 'disable_name_constraint_checks'),
|
306
|
+
disable_path_length_checks=pulumi.get(__ret__, 'disable_path_length_checks'),
|
221
307
|
id=pulumi.get(__ret__, 'id'),
|
222
308
|
issuer_id=pulumi.get(__ret__, 'issuer_id'),
|
223
309
|
issuer_name=pulumi.get(__ret__, 'issuer_name'),
|
@@ -228,6 +314,10 @@ def get_backend_issuer(backend: Optional[str] = None,
|
|
228
314
|
namespace=pulumi.get(__ret__, 'namespace'),
|
229
315
|
usage=pulumi.get(__ret__, 'usage'))
|
230
316
|
def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
|
317
|
+
disable_critical_extension_checks: Optional[pulumi.Input[Optional[bool]]] = None,
|
318
|
+
disable_name_checks: Optional[pulumi.Input[Optional[bool]]] = None,
|
319
|
+
disable_name_constraint_checks: Optional[pulumi.Input[Optional[bool]]] = None,
|
320
|
+
disable_path_length_checks: Optional[pulumi.Input[Optional[bool]]] = None,
|
231
321
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
232
322
|
namespace: Optional[pulumi.Input[Optional[str]]] = None,
|
233
323
|
opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendIssuerResult]:
|
@@ -255,6 +345,21 @@ def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
|
|
255
345
|
|
256
346
|
:param str backend: The path to the PKI secret backend to
|
257
347
|
read the issuer from, with no leading or trailing `/`s.
|
348
|
+
:param bool disable_critical_extension_checks: This determines whether this
|
349
|
+
issuer is able to issue certificates where the chain of trust (including the
|
350
|
+
issued certificate) contain critical extensions not processed by Vault.
|
351
|
+
:param bool disable_name_checks: This determines whether this issuer is able
|
352
|
+
to issue certificates where the chain of trust (including the final issued
|
353
|
+
certificate) contains a link in which the subject of the issuing certificate
|
354
|
+
does not match the named issuer of the certificate it signed.
|
355
|
+
:param bool disable_name_constraint_checks: This determines whether this
|
356
|
+
issuer is able to issue certificates where the chain of trust (including the
|
357
|
+
final issued certificate) violates the name constraints critical extension of
|
358
|
+
one of the issuer certificates in the chain.
|
359
|
+
:param bool disable_path_length_checks: This determines whether this issuer
|
360
|
+
is able to issue certificates where the chain of trust (including the final
|
361
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
362
|
+
chain.
|
258
363
|
:param str issuer_ref: Reference to an existing issuer.
|
259
364
|
:param str namespace: The namespace of the target resource.
|
260
365
|
The value should not contain leading or trailing forward slashes.
|
@@ -263,6 +368,10 @@ def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
|
|
263
368
|
"""
|
264
369
|
__args__ = dict()
|
265
370
|
__args__['backend'] = backend
|
371
|
+
__args__['disableCriticalExtensionChecks'] = disable_critical_extension_checks
|
372
|
+
__args__['disableNameChecks'] = disable_name_checks
|
373
|
+
__args__['disableNameConstraintChecks'] = disable_name_constraint_checks
|
374
|
+
__args__['disablePathLengthChecks'] = disable_path_length_checks
|
266
375
|
__args__['issuerRef'] = issuer_ref
|
267
376
|
__args__['namespace'] = namespace
|
268
377
|
opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
|
@@ -271,6 +380,10 @@ def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
|
|
271
380
|
backend=pulumi.get(__response__, 'backend'),
|
272
381
|
ca_chains=pulumi.get(__response__, 'ca_chains'),
|
273
382
|
certificate=pulumi.get(__response__, 'certificate'),
|
383
|
+
disable_critical_extension_checks=pulumi.get(__response__, 'disable_critical_extension_checks'),
|
384
|
+
disable_name_checks=pulumi.get(__response__, 'disable_name_checks'),
|
385
|
+
disable_name_constraint_checks=pulumi.get(__response__, 'disable_name_constraint_checks'),
|
386
|
+
disable_path_length_checks=pulumi.get(__response__, 'disable_path_length_checks'),
|
274
387
|
id=pulumi.get(__response__, 'id'),
|
275
388
|
issuer_id=pulumi.get(__response__, 'issuer_id'),
|
276
389
|
issuer_name=pulumi.get(__response__, 'issuer_name'),
|
@@ -81,8 +81,6 @@ class SecretBackendRolePolicyIdentifier(dict):
|
|
81
81
|
"""
|
82
82
|
:param str oid: The OID for the policy identifier
|
83
83
|
:param str cps: The URL of the CPS for the policy identifier
|
84
|
-
|
85
|
-
Example usage:
|
86
84
|
:param str notice: A notice for the policy identifier
|
87
85
|
"""
|
88
86
|
pulumi.set(__self__, "oid", oid)
|
@@ -104,8 +102,6 @@ class SecretBackendRolePolicyIdentifier(dict):
|
|
104
102
|
def cps(self) -> Optional[str]:
|
105
103
|
"""
|
106
104
|
The URL of the CPS for the policy identifier
|
107
|
-
|
108
|
-
Example usage:
|
109
105
|
"""
|
110
106
|
return pulumi.get(self, "cps")
|
111
107
|
|