pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -25,6 +25,10 @@ class SecretBackendRootCertArgs:
25
25
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
26
  country: Optional[pulumi.Input[str]] = None,
27
27
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
28
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
29
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
31
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
28
32
  format: Optional[pulumi.Input[str]] = None,
29
33
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
34
  issuer_name: Optional[pulumi.Input[str]] = None,
@@ -37,13 +41,18 @@ class SecretBackendRootCertArgs:
37
41
  managed_key_name: Optional[pulumi.Input[str]] = None,
38
42
  max_path_length: Optional[pulumi.Input[int]] = None,
39
43
  namespace: Optional[pulumi.Input[str]] = None,
44
+ not_after: Optional[pulumi.Input[str]] = None,
40
45
  organization: Optional[pulumi.Input[str]] = None,
41
46
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
42
47
  ou: Optional[pulumi.Input[str]] = None,
43
48
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
49
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
50
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
51
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
44
52
  postal_code: Optional[pulumi.Input[str]] = None,
45
53
  private_key_format: Optional[pulumi.Input[str]] = None,
46
54
  province: Optional[pulumi.Input[str]] = None,
55
+ signature_bits: Optional[pulumi.Input[int]] = None,
47
56
  street_address: Optional[pulumi.Input[str]] = None,
48
57
  ttl: Optional[pulumi.Input[str]] = None,
49
58
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
@@ -56,6 +65,10 @@ class SecretBackendRootCertArgs:
56
65
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
57
66
  :param pulumi.Input[str] country: The country
58
67
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
68
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
69
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
70
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
71
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
59
72
  :param pulumi.Input[str] format: The format of data
60
73
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
61
74
  :param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
@@ -76,13 +89,18 @@ class SecretBackendRootCertArgs:
76
89
  The value should not contain leading or trailing forward slashes.
77
90
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
78
91
  *Available only for Vault Enterprise*.
92
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
79
93
  :param pulumi.Input[str] organization: The organization
80
94
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
81
95
  :param pulumi.Input[str] ou: The organization unit
82
96
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
97
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
98
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
99
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
83
100
  :param pulumi.Input[str] postal_code: The postal code
84
101
  :param pulumi.Input[str] private_key_format: The private key format
85
102
  :param pulumi.Input[str] province: The province
103
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
86
104
  :param pulumi.Input[str] street_address: The street address
87
105
  :param pulumi.Input[str] ttl: Time to live
88
106
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
@@ -96,6 +114,14 @@ class SecretBackendRootCertArgs:
96
114
  pulumi.set(__self__, "country", country)
97
115
  if exclude_cn_from_sans is not None:
98
116
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
117
+ if excluded_dns_domains is not None:
118
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
119
+ if excluded_email_addresses is not None:
120
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
121
+ if excluded_ip_ranges is not None:
122
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
123
+ if excluded_uri_domains is not None:
124
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
99
125
  if format is not None:
100
126
  pulumi.set(__self__, "format", format)
101
127
  if ip_sans is not None:
@@ -120,6 +146,8 @@ class SecretBackendRootCertArgs:
120
146
  pulumi.set(__self__, "max_path_length", max_path_length)
121
147
  if namespace is not None:
122
148
  pulumi.set(__self__, "namespace", namespace)
149
+ if not_after is not None:
150
+ pulumi.set(__self__, "not_after", not_after)
123
151
  if organization is not None:
124
152
  pulumi.set(__self__, "organization", organization)
125
153
  if other_sans is not None:
@@ -128,12 +156,20 @@ class SecretBackendRootCertArgs:
128
156
  pulumi.set(__self__, "ou", ou)
129
157
  if permitted_dns_domains is not None:
130
158
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
159
+ if permitted_email_addresses is not None:
160
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
161
+ if permitted_ip_ranges is not None:
162
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
163
+ if permitted_uri_domains is not None:
164
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
131
165
  if postal_code is not None:
132
166
  pulumi.set(__self__, "postal_code", postal_code)
133
167
  if private_key_format is not None:
134
168
  pulumi.set(__self__, "private_key_format", private_key_format)
135
169
  if province is not None:
136
170
  pulumi.set(__self__, "province", province)
171
+ if signature_bits is not None:
172
+ pulumi.set(__self__, "signature_bits", signature_bits)
137
173
  if street_address is not None:
138
174
  pulumi.set(__self__, "street_address", street_address)
139
175
  if ttl is not None:
@@ -214,6 +250,54 @@ class SecretBackendRootCertArgs:
214
250
  def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
215
251
  pulumi.set(self, "exclude_cn_from_sans", value)
216
252
 
253
+ @property
254
+ @pulumi.getter(name="excludedDnsDomains")
255
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
256
+ """
257
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
258
+ """
259
+ return pulumi.get(self, "excluded_dns_domains")
260
+
261
+ @excluded_dns_domains.setter
262
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
263
+ pulumi.set(self, "excluded_dns_domains", value)
264
+
265
+ @property
266
+ @pulumi.getter(name="excludedEmailAddresses")
267
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
268
+ """
269
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
270
+ """
271
+ return pulumi.get(self, "excluded_email_addresses")
272
+
273
+ @excluded_email_addresses.setter
274
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
275
+ pulumi.set(self, "excluded_email_addresses", value)
276
+
277
+ @property
278
+ @pulumi.getter(name="excludedIpRanges")
279
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
280
+ """
281
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
282
+ """
283
+ return pulumi.get(self, "excluded_ip_ranges")
284
+
285
+ @excluded_ip_ranges.setter
286
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
287
+ pulumi.set(self, "excluded_ip_ranges", value)
288
+
289
+ @property
290
+ @pulumi.getter(name="excludedUriDomains")
291
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
292
+ """
293
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
294
+ """
295
+ return pulumi.get(self, "excluded_uri_domains")
296
+
297
+ @excluded_uri_domains.setter
298
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
299
+ pulumi.set(self, "excluded_uri_domains", value)
300
+
217
301
  @property
218
302
  @pulumi.getter
219
303
  def format(self) -> Optional[pulumi.Input[str]]:
@@ -366,6 +450,18 @@ class SecretBackendRootCertArgs:
366
450
  def namespace(self, value: Optional[pulumi.Input[str]]):
367
451
  pulumi.set(self, "namespace", value)
368
452
 
453
+ @property
454
+ @pulumi.getter(name="notAfter")
455
+ def not_after(self) -> Optional[pulumi.Input[str]]:
456
+ """
457
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
458
+ """
459
+ return pulumi.get(self, "not_after")
460
+
461
+ @not_after.setter
462
+ def not_after(self, value: Optional[pulumi.Input[str]]):
463
+ pulumi.set(self, "not_after", value)
464
+
369
465
  @property
370
466
  @pulumi.getter
371
467
  def organization(self) -> Optional[pulumi.Input[str]]:
@@ -414,6 +510,42 @@ class SecretBackendRootCertArgs:
414
510
  def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
415
511
  pulumi.set(self, "permitted_dns_domains", value)
416
512
 
513
+ @property
514
+ @pulumi.getter(name="permittedEmailAddresses")
515
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
516
+ """
517
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
518
+ """
519
+ return pulumi.get(self, "permitted_email_addresses")
520
+
521
+ @permitted_email_addresses.setter
522
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
523
+ pulumi.set(self, "permitted_email_addresses", value)
524
+
525
+ @property
526
+ @pulumi.getter(name="permittedIpRanges")
527
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
528
+ """
529
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
530
+ """
531
+ return pulumi.get(self, "permitted_ip_ranges")
532
+
533
+ @permitted_ip_ranges.setter
534
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
535
+ pulumi.set(self, "permitted_ip_ranges", value)
536
+
537
+ @property
538
+ @pulumi.getter(name="permittedUriDomains")
539
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
540
+ """
541
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
542
+ """
543
+ return pulumi.get(self, "permitted_uri_domains")
544
+
545
+ @permitted_uri_domains.setter
546
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
547
+ pulumi.set(self, "permitted_uri_domains", value)
548
+
417
549
  @property
418
550
  @pulumi.getter(name="postalCode")
419
551
  def postal_code(self) -> Optional[pulumi.Input[str]]:
@@ -450,6 +582,18 @@ class SecretBackendRootCertArgs:
450
582
  def province(self, value: Optional[pulumi.Input[str]]):
451
583
  pulumi.set(self, "province", value)
452
584
 
585
+ @property
586
+ @pulumi.getter(name="signatureBits")
587
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
588
+ """
589
+ The number of bits to use in the signature algorithm
590
+ """
591
+ return pulumi.get(self, "signature_bits")
592
+
593
+ @signature_bits.setter
594
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
595
+ pulumi.set(self, "signature_bits", value)
596
+
453
597
  @property
454
598
  @pulumi.getter(name="streetAddress")
455
599
  def street_address(self) -> Optional[pulumi.Input[str]]:
@@ -496,6 +640,10 @@ class _SecretBackendRootCertState:
496
640
  common_name: Optional[pulumi.Input[str]] = None,
497
641
  country: Optional[pulumi.Input[str]] = None,
498
642
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
643
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
644
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
645
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
646
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
499
647
  format: Optional[pulumi.Input[str]] = None,
500
648
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
501
649
  issuer_id: Optional[pulumi.Input[str]] = None,
@@ -511,14 +659,19 @@ class _SecretBackendRootCertState:
511
659
  managed_key_name: Optional[pulumi.Input[str]] = None,
512
660
  max_path_length: Optional[pulumi.Input[int]] = None,
513
661
  namespace: Optional[pulumi.Input[str]] = None,
662
+ not_after: Optional[pulumi.Input[str]] = None,
514
663
  organization: Optional[pulumi.Input[str]] = None,
515
664
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
516
665
  ou: Optional[pulumi.Input[str]] = None,
517
666
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
667
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
668
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
669
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
518
670
  postal_code: Optional[pulumi.Input[str]] = None,
519
671
  private_key_format: Optional[pulumi.Input[str]] = None,
520
672
  province: Optional[pulumi.Input[str]] = None,
521
673
  serial_number: Optional[pulumi.Input[str]] = None,
674
+ signature_bits: Optional[pulumi.Input[int]] = None,
522
675
  street_address: Optional[pulumi.Input[str]] = None,
523
676
  ttl: Optional[pulumi.Input[str]] = None,
524
677
  type: Optional[pulumi.Input[str]] = None,
@@ -531,6 +684,10 @@ class _SecretBackendRootCertState:
531
684
  :param pulumi.Input[str] common_name: CN of intermediate to create
532
685
  :param pulumi.Input[str] country: The country
533
686
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
687
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
688
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
689
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
690
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
534
691
  :param pulumi.Input[str] format: The format of data
535
692
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
536
693
  :param pulumi.Input[str] issuer_id: The ID of the generated issuer.
@@ -554,14 +711,19 @@ class _SecretBackendRootCertState:
554
711
  The value should not contain leading or trailing forward slashes.
555
712
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
556
713
  *Available only for Vault Enterprise*.
714
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
557
715
  :param pulumi.Input[str] organization: The organization
558
716
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
559
717
  :param pulumi.Input[str] ou: The organization unit
560
718
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
719
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
720
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
721
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
561
722
  :param pulumi.Input[str] postal_code: The postal code
562
723
  :param pulumi.Input[str] private_key_format: The private key format
563
724
  :param pulumi.Input[str] province: The province
564
725
  :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
726
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
565
727
  :param pulumi.Input[str] street_address: The street address
566
728
  :param pulumi.Input[str] ttl: Time to live
567
729
  :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
@@ -580,6 +742,14 @@ class _SecretBackendRootCertState:
580
742
  pulumi.set(__self__, "country", country)
581
743
  if exclude_cn_from_sans is not None:
582
744
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
745
+ if excluded_dns_domains is not None:
746
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
747
+ if excluded_email_addresses is not None:
748
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
749
+ if excluded_ip_ranges is not None:
750
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
751
+ if excluded_uri_domains is not None:
752
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
583
753
  if format is not None:
584
754
  pulumi.set(__self__, "format", format)
585
755
  if ip_sans is not None:
@@ -610,6 +780,8 @@ class _SecretBackendRootCertState:
610
780
  pulumi.set(__self__, "max_path_length", max_path_length)
611
781
  if namespace is not None:
612
782
  pulumi.set(__self__, "namespace", namespace)
783
+ if not_after is not None:
784
+ pulumi.set(__self__, "not_after", not_after)
613
785
  if organization is not None:
614
786
  pulumi.set(__self__, "organization", organization)
615
787
  if other_sans is not None:
@@ -618,6 +790,12 @@ class _SecretBackendRootCertState:
618
790
  pulumi.set(__self__, "ou", ou)
619
791
  if permitted_dns_domains is not None:
620
792
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
793
+ if permitted_email_addresses is not None:
794
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
795
+ if permitted_ip_ranges is not None:
796
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
797
+ if permitted_uri_domains is not None:
798
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
621
799
  if postal_code is not None:
622
800
  pulumi.set(__self__, "postal_code", postal_code)
623
801
  if private_key_format is not None:
@@ -626,6 +804,8 @@ class _SecretBackendRootCertState:
626
804
  pulumi.set(__self__, "province", province)
627
805
  if serial_number is not None:
628
806
  pulumi.set(__self__, "serial_number", serial_number)
807
+ if signature_bits is not None:
808
+ pulumi.set(__self__, "signature_bits", signature_bits)
629
809
  if street_address is not None:
630
810
  pulumi.set(__self__, "street_address", street_address)
631
811
  if ttl is not None:
@@ -707,6 +887,54 @@ class _SecretBackendRootCertState:
707
887
  def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
708
888
  pulumi.set(self, "exclude_cn_from_sans", value)
709
889
 
890
+ @property
891
+ @pulumi.getter(name="excludedDnsDomains")
892
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
893
+ """
894
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
895
+ """
896
+ return pulumi.get(self, "excluded_dns_domains")
897
+
898
+ @excluded_dns_domains.setter
899
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
900
+ pulumi.set(self, "excluded_dns_domains", value)
901
+
902
+ @property
903
+ @pulumi.getter(name="excludedEmailAddresses")
904
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
905
+ """
906
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
907
+ """
908
+ return pulumi.get(self, "excluded_email_addresses")
909
+
910
+ @excluded_email_addresses.setter
911
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
912
+ pulumi.set(self, "excluded_email_addresses", value)
913
+
914
+ @property
915
+ @pulumi.getter(name="excludedIpRanges")
916
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
917
+ """
918
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
919
+ """
920
+ return pulumi.get(self, "excluded_ip_ranges")
921
+
922
+ @excluded_ip_ranges.setter
923
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
924
+ pulumi.set(self, "excluded_ip_ranges", value)
925
+
926
+ @property
927
+ @pulumi.getter(name="excludedUriDomains")
928
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
929
+ """
930
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
931
+ """
932
+ return pulumi.get(self, "excluded_uri_domains")
933
+
934
+ @excluded_uri_domains.setter
935
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
936
+ pulumi.set(self, "excluded_uri_domains", value)
937
+
710
938
  @property
711
939
  @pulumi.getter
712
940
  def format(self) -> Optional[pulumi.Input[str]]:
@@ -895,6 +1123,18 @@ class _SecretBackendRootCertState:
895
1123
  def namespace(self, value: Optional[pulumi.Input[str]]):
896
1124
  pulumi.set(self, "namespace", value)
897
1125
 
1126
+ @property
1127
+ @pulumi.getter(name="notAfter")
1128
+ def not_after(self) -> Optional[pulumi.Input[str]]:
1129
+ """
1130
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1131
+ """
1132
+ return pulumi.get(self, "not_after")
1133
+
1134
+ @not_after.setter
1135
+ def not_after(self, value: Optional[pulumi.Input[str]]):
1136
+ pulumi.set(self, "not_after", value)
1137
+
898
1138
  @property
899
1139
  @pulumi.getter
900
1140
  def organization(self) -> Optional[pulumi.Input[str]]:
@@ -943,6 +1183,42 @@ class _SecretBackendRootCertState:
943
1183
  def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
944
1184
  pulumi.set(self, "permitted_dns_domains", value)
945
1185
 
1186
+ @property
1187
+ @pulumi.getter(name="permittedEmailAddresses")
1188
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1189
+ """
1190
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1191
+ """
1192
+ return pulumi.get(self, "permitted_email_addresses")
1193
+
1194
+ @permitted_email_addresses.setter
1195
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1196
+ pulumi.set(self, "permitted_email_addresses", value)
1197
+
1198
+ @property
1199
+ @pulumi.getter(name="permittedIpRanges")
1200
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1201
+ """
1202
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1203
+ """
1204
+ return pulumi.get(self, "permitted_ip_ranges")
1205
+
1206
+ @permitted_ip_ranges.setter
1207
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1208
+ pulumi.set(self, "permitted_ip_ranges", value)
1209
+
1210
+ @property
1211
+ @pulumi.getter(name="permittedUriDomains")
1212
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1213
+ """
1214
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1215
+ """
1216
+ return pulumi.get(self, "permitted_uri_domains")
1217
+
1218
+ @permitted_uri_domains.setter
1219
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1220
+ pulumi.set(self, "permitted_uri_domains", value)
1221
+
946
1222
  @property
947
1223
  @pulumi.getter(name="postalCode")
948
1224
  def postal_code(self) -> Optional[pulumi.Input[str]]:
@@ -991,6 +1267,18 @@ class _SecretBackendRootCertState:
991
1267
  def serial_number(self, value: Optional[pulumi.Input[str]]):
992
1268
  pulumi.set(self, "serial_number", value)
993
1269
 
1270
+ @property
1271
+ @pulumi.getter(name="signatureBits")
1272
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
1273
+ """
1274
+ The number of bits to use in the signature algorithm
1275
+ """
1276
+ return pulumi.get(self, "signature_bits")
1277
+
1278
+ @signature_bits.setter
1279
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
1280
+ pulumi.set(self, "signature_bits", value)
1281
+
994
1282
  @property
995
1283
  @pulumi.getter(name="streetAddress")
996
1284
  def street_address(self) -> Optional[pulumi.Input[str]]:
@@ -1051,6 +1339,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1051
1339
  common_name: Optional[pulumi.Input[str]] = None,
1052
1340
  country: Optional[pulumi.Input[str]] = None,
1053
1341
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1342
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1343
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1344
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1345
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1054
1346
  format: Optional[pulumi.Input[str]] = None,
1055
1347
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1056
1348
  issuer_name: Optional[pulumi.Input[str]] = None,
@@ -1063,13 +1355,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
1063
1355
  managed_key_name: Optional[pulumi.Input[str]] = None,
1064
1356
  max_path_length: Optional[pulumi.Input[int]] = None,
1065
1357
  namespace: Optional[pulumi.Input[str]] = None,
1358
+ not_after: Optional[pulumi.Input[str]] = None,
1066
1359
  organization: Optional[pulumi.Input[str]] = None,
1067
1360
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1068
1361
  ou: Optional[pulumi.Input[str]] = None,
1069
1362
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1363
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1364
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1365
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1070
1366
  postal_code: Optional[pulumi.Input[str]] = None,
1071
1367
  private_key_format: Optional[pulumi.Input[str]] = None,
1072
1368
  province: Optional[pulumi.Input[str]] = None,
1369
+ signature_bits: Optional[pulumi.Input[int]] = None,
1073
1370
  street_address: Optional[pulumi.Input[str]] = None,
1074
1371
  ttl: Optional[pulumi.Input[str]] = None,
1075
1372
  type: Optional[pulumi.Input[str]] = None,
@@ -1104,6 +1401,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1104
1401
  :param pulumi.Input[str] common_name: CN of intermediate to create
1105
1402
  :param pulumi.Input[str] country: The country
1106
1403
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1404
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1405
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1406
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1407
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1107
1408
  :param pulumi.Input[str] format: The format of data
1108
1409
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
1109
1410
  :param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
@@ -1124,13 +1425,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
1124
1425
  The value should not contain leading or trailing forward slashes.
1125
1426
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1126
1427
  *Available only for Vault Enterprise*.
1428
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1127
1429
  :param pulumi.Input[str] organization: The organization
1128
1430
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
1129
1431
  :param pulumi.Input[str] ou: The organization unit
1130
1432
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1433
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1434
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1435
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1131
1436
  :param pulumi.Input[str] postal_code: The postal code
1132
1437
  :param pulumi.Input[str] private_key_format: The private key format
1133
1438
  :param pulumi.Input[str] province: The province
1439
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1134
1440
  :param pulumi.Input[str] street_address: The street address
1135
1441
  :param pulumi.Input[str] ttl: Time to live
1136
1442
  :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
@@ -1185,6 +1491,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1185
1491
  common_name: Optional[pulumi.Input[str]] = None,
1186
1492
  country: Optional[pulumi.Input[str]] = None,
1187
1493
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1494
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1495
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1496
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1497
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1188
1498
  format: Optional[pulumi.Input[str]] = None,
1189
1499
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1190
1500
  issuer_name: Optional[pulumi.Input[str]] = None,
@@ -1197,13 +1507,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
1197
1507
  managed_key_name: Optional[pulumi.Input[str]] = None,
1198
1508
  max_path_length: Optional[pulumi.Input[int]] = None,
1199
1509
  namespace: Optional[pulumi.Input[str]] = None,
1510
+ not_after: Optional[pulumi.Input[str]] = None,
1200
1511
  organization: Optional[pulumi.Input[str]] = None,
1201
1512
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1202
1513
  ou: Optional[pulumi.Input[str]] = None,
1203
1514
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1515
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1516
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1517
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1204
1518
  postal_code: Optional[pulumi.Input[str]] = None,
1205
1519
  private_key_format: Optional[pulumi.Input[str]] = None,
1206
1520
  province: Optional[pulumi.Input[str]] = None,
1521
+ signature_bits: Optional[pulumi.Input[int]] = None,
1207
1522
  street_address: Optional[pulumi.Input[str]] = None,
1208
1523
  ttl: Optional[pulumi.Input[str]] = None,
1209
1524
  type: Optional[pulumi.Input[str]] = None,
@@ -1226,6 +1541,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1226
1541
  __props__.__dict__["common_name"] = common_name
1227
1542
  __props__.__dict__["country"] = country
1228
1543
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1544
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1545
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1546
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1547
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1229
1548
  __props__.__dict__["format"] = format
1230
1549
  __props__.__dict__["ip_sans"] = ip_sans
1231
1550
  __props__.__dict__["issuer_name"] = issuer_name
@@ -1238,13 +1557,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
1238
1557
  __props__.__dict__["managed_key_name"] = managed_key_name
1239
1558
  __props__.__dict__["max_path_length"] = max_path_length
1240
1559
  __props__.__dict__["namespace"] = namespace
1560
+ __props__.__dict__["not_after"] = not_after
1241
1561
  __props__.__dict__["organization"] = organization
1242
1562
  __props__.__dict__["other_sans"] = other_sans
1243
1563
  __props__.__dict__["ou"] = ou
1244
1564
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1565
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1566
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1567
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1245
1568
  __props__.__dict__["postal_code"] = postal_code
1246
1569
  __props__.__dict__["private_key_format"] = private_key_format
1247
1570
  __props__.__dict__["province"] = province
1571
+ __props__.__dict__["signature_bits"] = signature_bits
1248
1572
  __props__.__dict__["street_address"] = street_address
1249
1573
  __props__.__dict__["ttl"] = ttl
1250
1574
  if type is None and not opts.urn:
@@ -1272,6 +1596,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1272
1596
  common_name: Optional[pulumi.Input[str]] = None,
1273
1597
  country: Optional[pulumi.Input[str]] = None,
1274
1598
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1599
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1600
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1601
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1602
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1275
1603
  format: Optional[pulumi.Input[str]] = None,
1276
1604
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1277
1605
  issuer_id: Optional[pulumi.Input[str]] = None,
@@ -1287,14 +1615,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
1287
1615
  managed_key_name: Optional[pulumi.Input[str]] = None,
1288
1616
  max_path_length: Optional[pulumi.Input[int]] = None,
1289
1617
  namespace: Optional[pulumi.Input[str]] = None,
1618
+ not_after: Optional[pulumi.Input[str]] = None,
1290
1619
  organization: Optional[pulumi.Input[str]] = None,
1291
1620
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1292
1621
  ou: Optional[pulumi.Input[str]] = None,
1293
1622
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1623
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1624
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1625
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1294
1626
  postal_code: Optional[pulumi.Input[str]] = None,
1295
1627
  private_key_format: Optional[pulumi.Input[str]] = None,
1296
1628
  province: Optional[pulumi.Input[str]] = None,
1297
1629
  serial_number: Optional[pulumi.Input[str]] = None,
1630
+ signature_bits: Optional[pulumi.Input[int]] = None,
1298
1631
  street_address: Optional[pulumi.Input[str]] = None,
1299
1632
  ttl: Optional[pulumi.Input[str]] = None,
1300
1633
  type: Optional[pulumi.Input[str]] = None,
@@ -1312,6 +1645,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1312
1645
  :param pulumi.Input[str] common_name: CN of intermediate to create
1313
1646
  :param pulumi.Input[str] country: The country
1314
1647
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1648
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1649
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1650
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1651
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1315
1652
  :param pulumi.Input[str] format: The format of data
1316
1653
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
1317
1654
  :param pulumi.Input[str] issuer_id: The ID of the generated issuer.
@@ -1335,14 +1672,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
1335
1672
  The value should not contain leading or trailing forward slashes.
1336
1673
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1337
1674
  *Available only for Vault Enterprise*.
1675
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1338
1676
  :param pulumi.Input[str] organization: The organization
1339
1677
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
1340
1678
  :param pulumi.Input[str] ou: The organization unit
1341
1679
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1680
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1681
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1682
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1342
1683
  :param pulumi.Input[str] postal_code: The postal code
1343
1684
  :param pulumi.Input[str] private_key_format: The private key format
1344
1685
  :param pulumi.Input[str] province: The province
1345
1686
  :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
1687
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1346
1688
  :param pulumi.Input[str] street_address: The street address
1347
1689
  :param pulumi.Input[str] ttl: Time to live
1348
1690
  :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
@@ -1359,6 +1701,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1359
1701
  __props__.__dict__["common_name"] = common_name
1360
1702
  __props__.__dict__["country"] = country
1361
1703
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1704
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1705
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1706
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1707
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1362
1708
  __props__.__dict__["format"] = format
1363
1709
  __props__.__dict__["ip_sans"] = ip_sans
1364
1710
  __props__.__dict__["issuer_id"] = issuer_id
@@ -1374,14 +1720,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
1374
1720
  __props__.__dict__["managed_key_name"] = managed_key_name
1375
1721
  __props__.__dict__["max_path_length"] = max_path_length
1376
1722
  __props__.__dict__["namespace"] = namespace
1723
+ __props__.__dict__["not_after"] = not_after
1377
1724
  __props__.__dict__["organization"] = organization
1378
1725
  __props__.__dict__["other_sans"] = other_sans
1379
1726
  __props__.__dict__["ou"] = ou
1380
1727
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1728
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1729
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1730
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1381
1731
  __props__.__dict__["postal_code"] = postal_code
1382
1732
  __props__.__dict__["private_key_format"] = private_key_format
1383
1733
  __props__.__dict__["province"] = province
1384
1734
  __props__.__dict__["serial_number"] = serial_number
1735
+ __props__.__dict__["signature_bits"] = signature_bits
1385
1736
  __props__.__dict__["street_address"] = street_address
1386
1737
  __props__.__dict__["ttl"] = ttl
1387
1738
  __props__.__dict__["type"] = type
@@ -1436,6 +1787,38 @@ class SecretBackendRootCert(pulumi.CustomResource):
1436
1787
  """
1437
1788
  return pulumi.get(self, "exclude_cn_from_sans")
1438
1789
 
1790
+ @property
1791
+ @pulumi.getter(name="excludedDnsDomains")
1792
+ def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1793
+ """
1794
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1795
+ """
1796
+ return pulumi.get(self, "excluded_dns_domains")
1797
+
1798
+ @property
1799
+ @pulumi.getter(name="excludedEmailAddresses")
1800
+ def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
1801
+ """
1802
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1803
+ """
1804
+ return pulumi.get(self, "excluded_email_addresses")
1805
+
1806
+ @property
1807
+ @pulumi.getter(name="excludedIpRanges")
1808
+ def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
1809
+ """
1810
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1811
+ """
1812
+ return pulumi.get(self, "excluded_ip_ranges")
1813
+
1814
+ @property
1815
+ @pulumi.getter(name="excludedUriDomains")
1816
+ def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1817
+ """
1818
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1819
+ """
1820
+ return pulumi.get(self, "excluded_uri_domains")
1821
+
1439
1822
  @property
1440
1823
  @pulumi.getter
1441
1824
  def format(self) -> pulumi.Output[Optional[str]]:
@@ -1564,6 +1947,14 @@ class SecretBackendRootCert(pulumi.CustomResource):
1564
1947
  """
1565
1948
  return pulumi.get(self, "namespace")
1566
1949
 
1950
+ @property
1951
+ @pulumi.getter(name="notAfter")
1952
+ def not_after(self) -> pulumi.Output[Optional[str]]:
1953
+ """
1954
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1955
+ """
1956
+ return pulumi.get(self, "not_after")
1957
+
1567
1958
  @property
1568
1959
  @pulumi.getter
1569
1960
  def organization(self) -> pulumi.Output[Optional[str]]:
@@ -1596,6 +1987,30 @@ class SecretBackendRootCert(pulumi.CustomResource):
1596
1987
  """
1597
1988
  return pulumi.get(self, "permitted_dns_domains")
1598
1989
 
1990
+ @property
1991
+ @pulumi.getter(name="permittedEmailAddresses")
1992
+ def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
1993
+ """
1994
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1995
+ """
1996
+ return pulumi.get(self, "permitted_email_addresses")
1997
+
1998
+ @property
1999
+ @pulumi.getter(name="permittedIpRanges")
2000
+ def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
2001
+ """
2002
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
2003
+ """
2004
+ return pulumi.get(self, "permitted_ip_ranges")
2005
+
2006
+ @property
2007
+ @pulumi.getter(name="permittedUriDomains")
2008
+ def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
2009
+ """
2010
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
2011
+ """
2012
+ return pulumi.get(self, "permitted_uri_domains")
2013
+
1599
2014
  @property
1600
2015
  @pulumi.getter(name="postalCode")
1601
2016
  def postal_code(self) -> pulumi.Output[Optional[str]]:
@@ -1628,6 +2043,14 @@ class SecretBackendRootCert(pulumi.CustomResource):
1628
2043
  """
1629
2044
  return pulumi.get(self, "serial_number")
1630
2045
 
2046
+ @property
2047
+ @pulumi.getter(name="signatureBits")
2048
+ def signature_bits(self) -> pulumi.Output[int]:
2049
+ """
2050
+ The number of bits to use in the signature algorithm
2051
+ """
2052
+ return pulumi.get(self, "signature_bits")
2053
+
1631
2054
  @property
1632
2055
  @pulumi.getter(name="streetAddress")
1633
2056
  def street_address(self) -> pulumi.Output[Optional[str]]: