pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -26,7 +26,7 @@ class GetBackendIssuerResult:
26
26
  """
27
27
  A collection of values returned by getBackendIssuer.
28
28
  """
29
- def __init__(__self__, backend=None, ca_chains=None, certificate=None, id=None, issuer_id=None, issuer_name=None, issuer_ref=None, key_id=None, leaf_not_after_behavior=None, manual_chains=None, namespace=None, usage=None):
29
+ def __init__(__self__, backend=None, ca_chains=None, certificate=None, disable_critical_extension_checks=None, disable_name_checks=None, disable_name_constraint_checks=None, disable_path_length_checks=None, id=None, issuer_id=None, issuer_name=None, issuer_ref=None, key_id=None, leaf_not_after_behavior=None, manual_chains=None, namespace=None, usage=None):
30
30
  if backend and not isinstance(backend, str):
31
31
  raise TypeError("Expected argument 'backend' to be a str")
32
32
  pulumi.set(__self__, "backend", backend)
@@ -36,6 +36,18 @@ class GetBackendIssuerResult:
36
36
  if certificate and not isinstance(certificate, str):
37
37
  raise TypeError("Expected argument 'certificate' to be a str")
38
38
  pulumi.set(__self__, "certificate", certificate)
39
+ if disable_critical_extension_checks and not isinstance(disable_critical_extension_checks, bool):
40
+ raise TypeError("Expected argument 'disable_critical_extension_checks' to be a bool")
41
+ pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
42
+ if disable_name_checks and not isinstance(disable_name_checks, bool):
43
+ raise TypeError("Expected argument 'disable_name_checks' to be a bool")
44
+ pulumi.set(__self__, "disable_name_checks", disable_name_checks)
45
+ if disable_name_constraint_checks and not isinstance(disable_name_constraint_checks, bool):
46
+ raise TypeError("Expected argument 'disable_name_constraint_checks' to be a bool")
47
+ pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
48
+ if disable_path_length_checks and not isinstance(disable_path_length_checks, bool):
49
+ raise TypeError("Expected argument 'disable_path_length_checks' to be a bool")
50
+ pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
39
51
  if id and not isinstance(id, str):
40
52
  raise TypeError("Expected argument 'id' to be a str")
41
53
  pulumi.set(__self__, "id", id)
@@ -85,6 +97,49 @@ class GetBackendIssuerResult:
85
97
  """
86
98
  return pulumi.get(self, "certificate")
87
99
 
100
+ @property
101
+ @pulumi.getter(name="disableCriticalExtensionChecks")
102
+ def disable_critical_extension_checks(self) -> Optional[bool]:
103
+ """
104
+ This determines whether this
105
+ issuer is able to issue certificates where the chain of trust (including the
106
+ issued certificate) contain critical extensions not processed by Vault.
107
+ """
108
+ return pulumi.get(self, "disable_critical_extension_checks")
109
+
110
+ @property
111
+ @pulumi.getter(name="disableNameChecks")
112
+ def disable_name_checks(self) -> Optional[bool]:
113
+ """
114
+ This determines whether this issuer is able
115
+ to issue certificates where the chain of trust (including the final issued
116
+ certificate) contains a link in which the subject of the issuing certificate
117
+ does not match the named issuer of the certificate it signed.
118
+ """
119
+ return pulumi.get(self, "disable_name_checks")
120
+
121
+ @property
122
+ @pulumi.getter(name="disableNameConstraintChecks")
123
+ def disable_name_constraint_checks(self) -> Optional[bool]:
124
+ """
125
+ This determines whether this
126
+ issuer is able to issue certificates where the chain of trust (including the
127
+ final issued certificate) violates the name constraints critical extension of
128
+ one of the issuer certificates in the chain.
129
+ """
130
+ return pulumi.get(self, "disable_name_constraint_checks")
131
+
132
+ @property
133
+ @pulumi.getter(name="disablePathLengthChecks")
134
+ def disable_path_length_checks(self) -> Optional[bool]:
135
+ """
136
+ This determines whether this issuer
137
+ is able to issue certificates where the chain of trust (including the final
138
+ issued certificate) is longer than allowed by a certificate authority in that
139
+ chain.
140
+ """
141
+ return pulumi.get(self, "disable_path_length_checks")
142
+
88
143
  @property
89
144
  @pulumi.getter
90
145
  def id(self) -> str:
@@ -162,6 +217,10 @@ class AwaitableGetBackendIssuerResult(GetBackendIssuerResult):
162
217
  backend=self.backend,
163
218
  ca_chains=self.ca_chains,
164
219
  certificate=self.certificate,
220
+ disable_critical_extension_checks=self.disable_critical_extension_checks,
221
+ disable_name_checks=self.disable_name_checks,
222
+ disable_name_constraint_checks=self.disable_name_constraint_checks,
223
+ disable_path_length_checks=self.disable_path_length_checks,
165
224
  id=self.id,
166
225
  issuer_id=self.issuer_id,
167
226
  issuer_name=self.issuer_name,
@@ -174,6 +233,10 @@ class AwaitableGetBackendIssuerResult(GetBackendIssuerResult):
174
233
 
175
234
 
176
235
  def get_backend_issuer(backend: Optional[str] = None,
236
+ disable_critical_extension_checks: Optional[bool] = None,
237
+ disable_name_checks: Optional[bool] = None,
238
+ disable_name_constraint_checks: Optional[bool] = None,
239
+ disable_path_length_checks: Optional[bool] = None,
177
240
  issuer_ref: Optional[str] = None,
178
241
  namespace: Optional[str] = None,
179
242
  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendIssuerResult:
@@ -201,6 +264,21 @@ def get_backend_issuer(backend: Optional[str] = None,
201
264
 
202
265
  :param str backend: The path to the PKI secret backend to
203
266
  read the issuer from, with no leading or trailing `/`s.
267
+ :param bool disable_critical_extension_checks: This determines whether this
268
+ issuer is able to issue certificates where the chain of trust (including the
269
+ issued certificate) contain critical extensions not processed by Vault.
270
+ :param bool disable_name_checks: This determines whether this issuer is able
271
+ to issue certificates where the chain of trust (including the final issued
272
+ certificate) contains a link in which the subject of the issuing certificate
273
+ does not match the named issuer of the certificate it signed.
274
+ :param bool disable_name_constraint_checks: This determines whether this
275
+ issuer is able to issue certificates where the chain of trust (including the
276
+ final issued certificate) violates the name constraints critical extension of
277
+ one of the issuer certificates in the chain.
278
+ :param bool disable_path_length_checks: This determines whether this issuer
279
+ is able to issue certificates where the chain of trust (including the final
280
+ issued certificate) is longer than allowed by a certificate authority in that
281
+ chain.
204
282
  :param str issuer_ref: Reference to an existing issuer.
205
283
  :param str namespace: The namespace of the target resource.
206
284
  The value should not contain leading or trailing forward slashes.
@@ -209,6 +287,10 @@ def get_backend_issuer(backend: Optional[str] = None,
209
287
  """
210
288
  __args__ = dict()
211
289
  __args__['backend'] = backend
290
+ __args__['disableCriticalExtensionChecks'] = disable_critical_extension_checks
291
+ __args__['disableNameChecks'] = disable_name_checks
292
+ __args__['disableNameConstraintChecks'] = disable_name_constraint_checks
293
+ __args__['disablePathLengthChecks'] = disable_path_length_checks
212
294
  __args__['issuerRef'] = issuer_ref
213
295
  __args__['namespace'] = namespace
214
296
  opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
@@ -218,6 +300,10 @@ def get_backend_issuer(backend: Optional[str] = None,
218
300
  backend=pulumi.get(__ret__, 'backend'),
219
301
  ca_chains=pulumi.get(__ret__, 'ca_chains'),
220
302
  certificate=pulumi.get(__ret__, 'certificate'),
303
+ disable_critical_extension_checks=pulumi.get(__ret__, 'disable_critical_extension_checks'),
304
+ disable_name_checks=pulumi.get(__ret__, 'disable_name_checks'),
305
+ disable_name_constraint_checks=pulumi.get(__ret__, 'disable_name_constraint_checks'),
306
+ disable_path_length_checks=pulumi.get(__ret__, 'disable_path_length_checks'),
221
307
  id=pulumi.get(__ret__, 'id'),
222
308
  issuer_id=pulumi.get(__ret__, 'issuer_id'),
223
309
  issuer_name=pulumi.get(__ret__, 'issuer_name'),
@@ -228,6 +314,10 @@ def get_backend_issuer(backend: Optional[str] = None,
228
314
  namespace=pulumi.get(__ret__, 'namespace'),
229
315
  usage=pulumi.get(__ret__, 'usage'))
230
316
  def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
317
+ disable_critical_extension_checks: Optional[pulumi.Input[Optional[bool]]] = None,
318
+ disable_name_checks: Optional[pulumi.Input[Optional[bool]]] = None,
319
+ disable_name_constraint_checks: Optional[pulumi.Input[Optional[bool]]] = None,
320
+ disable_path_length_checks: Optional[pulumi.Input[Optional[bool]]] = None,
231
321
  issuer_ref: Optional[pulumi.Input[str]] = None,
232
322
  namespace: Optional[pulumi.Input[Optional[str]]] = None,
233
323
  opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendIssuerResult]:
@@ -255,6 +345,21 @@ def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
255
345
 
256
346
  :param str backend: The path to the PKI secret backend to
257
347
  read the issuer from, with no leading or trailing `/`s.
348
+ :param bool disable_critical_extension_checks: This determines whether this
349
+ issuer is able to issue certificates where the chain of trust (including the
350
+ issued certificate) contain critical extensions not processed by Vault.
351
+ :param bool disable_name_checks: This determines whether this issuer is able
352
+ to issue certificates where the chain of trust (including the final issued
353
+ certificate) contains a link in which the subject of the issuing certificate
354
+ does not match the named issuer of the certificate it signed.
355
+ :param bool disable_name_constraint_checks: This determines whether this
356
+ issuer is able to issue certificates where the chain of trust (including the
357
+ final issued certificate) violates the name constraints critical extension of
358
+ one of the issuer certificates in the chain.
359
+ :param bool disable_path_length_checks: This determines whether this issuer
360
+ is able to issue certificates where the chain of trust (including the final
361
+ issued certificate) is longer than allowed by a certificate authority in that
362
+ chain.
258
363
  :param str issuer_ref: Reference to an existing issuer.
259
364
  :param str namespace: The namespace of the target resource.
260
365
  The value should not contain leading or trailing forward slashes.
@@ -263,6 +368,10 @@ def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
263
368
  """
264
369
  __args__ = dict()
265
370
  __args__['backend'] = backend
371
+ __args__['disableCriticalExtensionChecks'] = disable_critical_extension_checks
372
+ __args__['disableNameChecks'] = disable_name_checks
373
+ __args__['disableNameConstraintChecks'] = disable_name_constraint_checks
374
+ __args__['disablePathLengthChecks'] = disable_path_length_checks
266
375
  __args__['issuerRef'] = issuer_ref
267
376
  __args__['namespace'] = namespace
268
377
  opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
@@ -271,6 +380,10 @@ def get_backend_issuer_output(backend: Optional[pulumi.Input[str]] = None,
271
380
  backend=pulumi.get(__response__, 'backend'),
272
381
  ca_chains=pulumi.get(__response__, 'ca_chains'),
273
382
  certificate=pulumi.get(__response__, 'certificate'),
383
+ disable_critical_extension_checks=pulumi.get(__response__, 'disable_critical_extension_checks'),
384
+ disable_name_checks=pulumi.get(__response__, 'disable_name_checks'),
385
+ disable_name_constraint_checks=pulumi.get(__response__, 'disable_name_constraint_checks'),
386
+ disable_path_length_checks=pulumi.get(__response__, 'disable_path_length_checks'),
274
387
  id=pulumi.get(__response__, 'id'),
275
388
  issuer_id=pulumi.get(__response__, 'issuer_id'),
276
389
  issuer_name=pulumi.get(__response__, 'issuer_name'),
@@ -81,8 +81,6 @@ class SecretBackendRolePolicyIdentifier(dict):
81
81
  """
82
82
  :param str oid: The OID for the policy identifier
83
83
  :param str cps: The URL of the CPS for the policy identifier
84
-
85
- Example usage:
86
84
  :param str notice: A notice for the policy identifier
87
85
  """
88
86
  pulumi.set(__self__, "oid", oid)
@@ -104,8 +102,6 @@ class SecretBackendRolePolicyIdentifier(dict):
104
102
  def cps(self) -> Optional[str]:
105
103
  """
106
104
  The URL of the CPS for the policy identifier
107
-
108
- Example usage:
109
105
  """
110
106
  return pulumi.get(self, "cps")
111
107