pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -25,23 +25,35 @@ class SecretBackendRootSignIntermediateArgs:
|
|
25
25
|
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
26
|
country: Optional[pulumi.Input[str]] = None,
|
27
27
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
28
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
29
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
31
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
32
|
format: Optional[pulumi.Input[str]] = None,
|
29
33
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
30
34
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
31
35
|
locality: Optional[pulumi.Input[str]] = None,
|
32
36
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
33
37
|
namespace: Optional[pulumi.Input[str]] = None,
|
38
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
39
|
+
not_before_duration: Optional[pulumi.Input[str]] = None,
|
34
40
|
organization: Optional[pulumi.Input[str]] = None,
|
35
41
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
36
42
|
ou: Optional[pulumi.Input[str]] = None,
|
37
43
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
44
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
45
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
46
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
38
47
|
postal_code: Optional[pulumi.Input[str]] = None,
|
39
48
|
province: Optional[pulumi.Input[str]] = None,
|
40
49
|
revoke: Optional[pulumi.Input[bool]] = None,
|
50
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
51
|
+
skid: Optional[pulumi.Input[str]] = None,
|
41
52
|
street_address: Optional[pulumi.Input[str]] = None,
|
42
53
|
ttl: Optional[pulumi.Input[str]] = None,
|
43
54
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
44
|
-
use_csr_values: Optional[pulumi.Input[bool]] = None
|
55
|
+
use_csr_values: Optional[pulumi.Input[bool]] = None,
|
56
|
+
use_pss: Optional[pulumi.Input[bool]] = None):
|
45
57
|
"""
|
46
58
|
The set of arguments for constructing a SecretBackendRootSignIntermediate resource.
|
47
59
|
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
@@ -50,6 +62,10 @@ class SecretBackendRootSignIntermediateArgs:
|
|
50
62
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
51
63
|
:param pulumi.Input[str] country: The country
|
52
64
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
65
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
53
69
|
:param pulumi.Input[str] format: The format of data
|
54
70
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
55
71
|
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
@@ -62,17 +78,27 @@ class SecretBackendRootSignIntermediateArgs:
|
|
62
78
|
The value should not contain leading or trailing forward slashes.
|
63
79
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
64
80
|
*Available only for Vault Enterprise*.
|
81
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
|
82
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
83
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
84
|
+
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
65
85
|
:param pulumi.Input[str] organization: The organization
|
66
86
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
67
87
|
:param pulumi.Input[str] ou: The organization unit
|
68
88
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
89
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
90
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
91
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
69
92
|
:param pulumi.Input[str] postal_code: The postal code
|
70
93
|
:param pulumi.Input[str] province: The province
|
71
94
|
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
95
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
96
|
+
:param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
72
97
|
:param pulumi.Input[str] street_address: The street address
|
73
98
|
:param pulumi.Input[str] ttl: Time to live
|
74
99
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
75
100
|
:param pulumi.Input[bool] use_csr_values: Preserve CSR values
|
101
|
+
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
76
102
|
"""
|
77
103
|
pulumi.set(__self__, "backend", backend)
|
78
104
|
pulumi.set(__self__, "common_name", common_name)
|
@@ -83,6 +109,14 @@ class SecretBackendRootSignIntermediateArgs:
|
|
83
109
|
pulumi.set(__self__, "country", country)
|
84
110
|
if exclude_cn_from_sans is not None:
|
85
111
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
112
|
+
if excluded_dns_domains is not None:
|
113
|
+
pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
|
114
|
+
if excluded_email_addresses is not None:
|
115
|
+
pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
|
116
|
+
if excluded_ip_ranges is not None:
|
117
|
+
pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
|
118
|
+
if excluded_uri_domains is not None:
|
119
|
+
pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
|
86
120
|
if format is not None:
|
87
121
|
pulumi.set(__self__, "format", format)
|
88
122
|
if ip_sans is not None:
|
@@ -95,6 +129,10 @@ class SecretBackendRootSignIntermediateArgs:
|
|
95
129
|
pulumi.set(__self__, "max_path_length", max_path_length)
|
96
130
|
if namespace is not None:
|
97
131
|
pulumi.set(__self__, "namespace", namespace)
|
132
|
+
if not_after is not None:
|
133
|
+
pulumi.set(__self__, "not_after", not_after)
|
134
|
+
if not_before_duration is not None:
|
135
|
+
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
98
136
|
if organization is not None:
|
99
137
|
pulumi.set(__self__, "organization", organization)
|
100
138
|
if other_sans is not None:
|
@@ -103,12 +141,22 @@ class SecretBackendRootSignIntermediateArgs:
|
|
103
141
|
pulumi.set(__self__, "ou", ou)
|
104
142
|
if permitted_dns_domains is not None:
|
105
143
|
pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
|
144
|
+
if permitted_email_addresses is not None:
|
145
|
+
pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
|
146
|
+
if permitted_ip_ranges is not None:
|
147
|
+
pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
|
148
|
+
if permitted_uri_domains is not None:
|
149
|
+
pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
|
106
150
|
if postal_code is not None:
|
107
151
|
pulumi.set(__self__, "postal_code", postal_code)
|
108
152
|
if province is not None:
|
109
153
|
pulumi.set(__self__, "province", province)
|
110
154
|
if revoke is not None:
|
111
155
|
pulumi.set(__self__, "revoke", revoke)
|
156
|
+
if signature_bits is not None:
|
157
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
158
|
+
if skid is not None:
|
159
|
+
pulumi.set(__self__, "skid", skid)
|
112
160
|
if street_address is not None:
|
113
161
|
pulumi.set(__self__, "street_address", street_address)
|
114
162
|
if ttl is not None:
|
@@ -117,6 +165,8 @@ class SecretBackendRootSignIntermediateArgs:
|
|
117
165
|
pulumi.set(__self__, "uri_sans", uri_sans)
|
118
166
|
if use_csr_values is not None:
|
119
167
|
pulumi.set(__self__, "use_csr_values", use_csr_values)
|
168
|
+
if use_pss is not None:
|
169
|
+
pulumi.set(__self__, "use_pss", use_pss)
|
120
170
|
|
121
171
|
@property
|
122
172
|
@pulumi.getter
|
@@ -190,6 +240,54 @@ class SecretBackendRootSignIntermediateArgs:
|
|
190
240
|
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
|
191
241
|
pulumi.set(self, "exclude_cn_from_sans", value)
|
192
242
|
|
243
|
+
@property
|
244
|
+
@pulumi.getter(name="excludedDnsDomains")
|
245
|
+
def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
246
|
+
"""
|
247
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
248
|
+
"""
|
249
|
+
return pulumi.get(self, "excluded_dns_domains")
|
250
|
+
|
251
|
+
@excluded_dns_domains.setter
|
252
|
+
def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
253
|
+
pulumi.set(self, "excluded_dns_domains", value)
|
254
|
+
|
255
|
+
@property
|
256
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
257
|
+
def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
258
|
+
"""
|
259
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
260
|
+
"""
|
261
|
+
return pulumi.get(self, "excluded_email_addresses")
|
262
|
+
|
263
|
+
@excluded_email_addresses.setter
|
264
|
+
def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
265
|
+
pulumi.set(self, "excluded_email_addresses", value)
|
266
|
+
|
267
|
+
@property
|
268
|
+
@pulumi.getter(name="excludedIpRanges")
|
269
|
+
def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
270
|
+
"""
|
271
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
272
|
+
"""
|
273
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
274
|
+
|
275
|
+
@excluded_ip_ranges.setter
|
276
|
+
def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
277
|
+
pulumi.set(self, "excluded_ip_ranges", value)
|
278
|
+
|
279
|
+
@property
|
280
|
+
@pulumi.getter(name="excludedUriDomains")
|
281
|
+
def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
282
|
+
"""
|
283
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
284
|
+
"""
|
285
|
+
return pulumi.get(self, "excluded_uri_domains")
|
286
|
+
|
287
|
+
@excluded_uri_domains.setter
|
288
|
+
def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
289
|
+
pulumi.set(self, "excluded_uri_domains", value)
|
290
|
+
|
193
291
|
@property
|
194
292
|
@pulumi.getter
|
195
293
|
def format(self) -> Optional[pulumi.Input[str]]:
|
@@ -268,6 +366,32 @@ class SecretBackendRootSignIntermediateArgs:
|
|
268
366
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
269
367
|
pulumi.set(self, "namespace", value)
|
270
368
|
|
369
|
+
@property
|
370
|
+
@pulumi.getter(name="notAfter")
|
371
|
+
def not_after(self) -> Optional[pulumi.Input[str]]:
|
372
|
+
"""
|
373
|
+
Set the Not After field of the certificate with specified date value.
|
374
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
375
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
376
|
+
"""
|
377
|
+
return pulumi.get(self, "not_after")
|
378
|
+
|
379
|
+
@not_after.setter
|
380
|
+
def not_after(self, value: Optional[pulumi.Input[str]]):
|
381
|
+
pulumi.set(self, "not_after", value)
|
382
|
+
|
383
|
+
@property
|
384
|
+
@pulumi.getter(name="notBeforeDuration")
|
385
|
+
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
386
|
+
"""
|
387
|
+
Specifies the duration by which to backdate the NotBefore property.
|
388
|
+
"""
|
389
|
+
return pulumi.get(self, "not_before_duration")
|
390
|
+
|
391
|
+
@not_before_duration.setter
|
392
|
+
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
393
|
+
pulumi.set(self, "not_before_duration", value)
|
394
|
+
|
271
395
|
@property
|
272
396
|
@pulumi.getter
|
273
397
|
def organization(self) -> Optional[pulumi.Input[str]]:
|
@@ -316,6 +440,42 @@ class SecretBackendRootSignIntermediateArgs:
|
|
316
440
|
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
317
441
|
pulumi.set(self, "permitted_dns_domains", value)
|
318
442
|
|
443
|
+
@property
|
444
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
445
|
+
def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
446
|
+
"""
|
447
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
448
|
+
"""
|
449
|
+
return pulumi.get(self, "permitted_email_addresses")
|
450
|
+
|
451
|
+
@permitted_email_addresses.setter
|
452
|
+
def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
453
|
+
pulumi.set(self, "permitted_email_addresses", value)
|
454
|
+
|
455
|
+
@property
|
456
|
+
@pulumi.getter(name="permittedIpRanges")
|
457
|
+
def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
458
|
+
"""
|
459
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
460
|
+
"""
|
461
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
462
|
+
|
463
|
+
@permitted_ip_ranges.setter
|
464
|
+
def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
465
|
+
pulumi.set(self, "permitted_ip_ranges", value)
|
466
|
+
|
467
|
+
@property
|
468
|
+
@pulumi.getter(name="permittedUriDomains")
|
469
|
+
def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
470
|
+
"""
|
471
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
472
|
+
"""
|
473
|
+
return pulumi.get(self, "permitted_uri_domains")
|
474
|
+
|
475
|
+
@permitted_uri_domains.setter
|
476
|
+
def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
477
|
+
pulumi.set(self, "permitted_uri_domains", value)
|
478
|
+
|
319
479
|
@property
|
320
480
|
@pulumi.getter(name="postalCode")
|
321
481
|
def postal_code(self) -> Optional[pulumi.Input[str]]:
|
@@ -352,6 +512,30 @@ class SecretBackendRootSignIntermediateArgs:
|
|
352
512
|
def revoke(self, value: Optional[pulumi.Input[bool]]):
|
353
513
|
pulumi.set(self, "revoke", value)
|
354
514
|
|
515
|
+
@property
|
516
|
+
@pulumi.getter(name="signatureBits")
|
517
|
+
def signature_bits(self) -> Optional[pulumi.Input[int]]:
|
518
|
+
"""
|
519
|
+
The number of bits to use in the signature algorithm
|
520
|
+
"""
|
521
|
+
return pulumi.get(self, "signature_bits")
|
522
|
+
|
523
|
+
@signature_bits.setter
|
524
|
+
def signature_bits(self, value: Optional[pulumi.Input[int]]):
|
525
|
+
pulumi.set(self, "signature_bits", value)
|
526
|
+
|
527
|
+
@property
|
528
|
+
@pulumi.getter
|
529
|
+
def skid(self) -> Optional[pulumi.Input[str]]:
|
530
|
+
"""
|
531
|
+
Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
532
|
+
"""
|
533
|
+
return pulumi.get(self, "skid")
|
534
|
+
|
535
|
+
@skid.setter
|
536
|
+
def skid(self, value: Optional[pulumi.Input[str]]):
|
537
|
+
pulumi.set(self, "skid", value)
|
538
|
+
|
355
539
|
@property
|
356
540
|
@pulumi.getter(name="streetAddress")
|
357
541
|
def street_address(self) -> Optional[pulumi.Input[str]]:
|
@@ -400,6 +584,18 @@ class SecretBackendRootSignIntermediateArgs:
|
|
400
584
|
def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
|
401
585
|
pulumi.set(self, "use_csr_values", value)
|
402
586
|
|
587
|
+
@property
|
588
|
+
@pulumi.getter(name="usePss")
|
589
|
+
def use_pss(self) -> Optional[pulumi.Input[bool]]:
|
590
|
+
"""
|
591
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
592
|
+
"""
|
593
|
+
return pulumi.get(self, "use_pss")
|
594
|
+
|
595
|
+
@use_pss.setter
|
596
|
+
def use_pss(self, value: Optional[pulumi.Input[bool]]):
|
597
|
+
pulumi.set(self, "use_pss", value)
|
598
|
+
|
403
599
|
|
404
600
|
@pulumi.input_type
|
405
601
|
class _SecretBackendRootSignIntermediateState:
|
@@ -413,6 +609,10 @@ class _SecretBackendRootSignIntermediateState:
|
|
413
609
|
country: Optional[pulumi.Input[str]] = None,
|
414
610
|
csr: Optional[pulumi.Input[str]] = None,
|
415
611
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
612
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
613
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
614
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
615
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
416
616
|
format: Optional[pulumi.Input[str]] = None,
|
417
617
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
418
618
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
@@ -420,18 +620,26 @@ class _SecretBackendRootSignIntermediateState:
|
|
420
620
|
locality: Optional[pulumi.Input[str]] = None,
|
421
621
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
422
622
|
namespace: Optional[pulumi.Input[str]] = None,
|
623
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
624
|
+
not_before_duration: Optional[pulumi.Input[str]] = None,
|
423
625
|
organization: Optional[pulumi.Input[str]] = None,
|
424
626
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
425
627
|
ou: Optional[pulumi.Input[str]] = None,
|
426
628
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
629
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
630
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
631
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
427
632
|
postal_code: Optional[pulumi.Input[str]] = None,
|
428
633
|
province: Optional[pulumi.Input[str]] = None,
|
429
634
|
revoke: Optional[pulumi.Input[bool]] = None,
|
430
635
|
serial_number: Optional[pulumi.Input[str]] = None,
|
636
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
637
|
+
skid: Optional[pulumi.Input[str]] = None,
|
431
638
|
street_address: Optional[pulumi.Input[str]] = None,
|
432
639
|
ttl: Optional[pulumi.Input[str]] = None,
|
433
640
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
434
|
-
use_csr_values: Optional[pulumi.Input[bool]] = None
|
641
|
+
use_csr_values: Optional[pulumi.Input[bool]] = None,
|
642
|
+
use_pss: Optional[pulumi.Input[bool]] = None):
|
435
643
|
"""
|
436
644
|
Input properties used for looking up and filtering SecretBackendRootSignIntermediate resources.
|
437
645
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
@@ -444,6 +652,10 @@ class _SecretBackendRootSignIntermediateState:
|
|
444
652
|
:param pulumi.Input[str] country: The country
|
445
653
|
:param pulumi.Input[str] csr: The CSR
|
446
654
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
655
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
656
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
657
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
658
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
447
659
|
:param pulumi.Input[str] format: The format of data
|
448
660
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
449
661
|
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
@@ -457,18 +669,28 @@ class _SecretBackendRootSignIntermediateState:
|
|
457
669
|
The value should not contain leading or trailing forward slashes.
|
458
670
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
459
671
|
*Available only for Vault Enterprise*.
|
672
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
|
673
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
674
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
675
|
+
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
460
676
|
:param pulumi.Input[str] organization: The organization
|
461
677
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
462
678
|
:param pulumi.Input[str] ou: The organization unit
|
463
679
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
680
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
681
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
682
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
464
683
|
:param pulumi.Input[str] postal_code: The postal code
|
465
684
|
:param pulumi.Input[str] province: The province
|
466
685
|
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
467
686
|
:param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
|
687
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
688
|
+
:param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
468
689
|
:param pulumi.Input[str] street_address: The street address
|
469
690
|
:param pulumi.Input[str] ttl: Time to live
|
470
691
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
471
692
|
:param pulumi.Input[bool] use_csr_values: Preserve CSR values
|
693
|
+
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
472
694
|
"""
|
473
695
|
if alt_names is not None:
|
474
696
|
pulumi.set(__self__, "alt_names", alt_names)
|
@@ -488,6 +710,14 @@ class _SecretBackendRootSignIntermediateState:
|
|
488
710
|
pulumi.set(__self__, "csr", csr)
|
489
711
|
if exclude_cn_from_sans is not None:
|
490
712
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
713
|
+
if excluded_dns_domains is not None:
|
714
|
+
pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
|
715
|
+
if excluded_email_addresses is not None:
|
716
|
+
pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
|
717
|
+
if excluded_ip_ranges is not None:
|
718
|
+
pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
|
719
|
+
if excluded_uri_domains is not None:
|
720
|
+
pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
|
491
721
|
if format is not None:
|
492
722
|
pulumi.set(__self__, "format", format)
|
493
723
|
if ip_sans is not None:
|
@@ -502,6 +732,10 @@ class _SecretBackendRootSignIntermediateState:
|
|
502
732
|
pulumi.set(__self__, "max_path_length", max_path_length)
|
503
733
|
if namespace is not None:
|
504
734
|
pulumi.set(__self__, "namespace", namespace)
|
735
|
+
if not_after is not None:
|
736
|
+
pulumi.set(__self__, "not_after", not_after)
|
737
|
+
if not_before_duration is not None:
|
738
|
+
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
505
739
|
if organization is not None:
|
506
740
|
pulumi.set(__self__, "organization", organization)
|
507
741
|
if other_sans is not None:
|
@@ -510,6 +744,12 @@ class _SecretBackendRootSignIntermediateState:
|
|
510
744
|
pulumi.set(__self__, "ou", ou)
|
511
745
|
if permitted_dns_domains is not None:
|
512
746
|
pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
|
747
|
+
if permitted_email_addresses is not None:
|
748
|
+
pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
|
749
|
+
if permitted_ip_ranges is not None:
|
750
|
+
pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
|
751
|
+
if permitted_uri_domains is not None:
|
752
|
+
pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
|
513
753
|
if postal_code is not None:
|
514
754
|
pulumi.set(__self__, "postal_code", postal_code)
|
515
755
|
if province is not None:
|
@@ -518,6 +758,10 @@ class _SecretBackendRootSignIntermediateState:
|
|
518
758
|
pulumi.set(__self__, "revoke", revoke)
|
519
759
|
if serial_number is not None:
|
520
760
|
pulumi.set(__self__, "serial_number", serial_number)
|
761
|
+
if signature_bits is not None:
|
762
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
763
|
+
if skid is not None:
|
764
|
+
pulumi.set(__self__, "skid", skid)
|
521
765
|
if street_address is not None:
|
522
766
|
pulumi.set(__self__, "street_address", street_address)
|
523
767
|
if ttl is not None:
|
@@ -526,6 +770,8 @@ class _SecretBackendRootSignIntermediateState:
|
|
526
770
|
pulumi.set(__self__, "uri_sans", uri_sans)
|
527
771
|
if use_csr_values is not None:
|
528
772
|
pulumi.set(__self__, "use_csr_values", use_csr_values)
|
773
|
+
if use_pss is not None:
|
774
|
+
pulumi.set(__self__, "use_pss", use_pss)
|
529
775
|
|
530
776
|
@property
|
531
777
|
@pulumi.getter(name="altNames")
|
@@ -636,6 +882,54 @@ class _SecretBackendRootSignIntermediateState:
|
|
636
882
|
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
|
637
883
|
pulumi.set(self, "exclude_cn_from_sans", value)
|
638
884
|
|
885
|
+
@property
|
886
|
+
@pulumi.getter(name="excludedDnsDomains")
|
887
|
+
def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
888
|
+
"""
|
889
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
890
|
+
"""
|
891
|
+
return pulumi.get(self, "excluded_dns_domains")
|
892
|
+
|
893
|
+
@excluded_dns_domains.setter
|
894
|
+
def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
895
|
+
pulumi.set(self, "excluded_dns_domains", value)
|
896
|
+
|
897
|
+
@property
|
898
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
899
|
+
def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
900
|
+
"""
|
901
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
902
|
+
"""
|
903
|
+
return pulumi.get(self, "excluded_email_addresses")
|
904
|
+
|
905
|
+
@excluded_email_addresses.setter
|
906
|
+
def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
907
|
+
pulumi.set(self, "excluded_email_addresses", value)
|
908
|
+
|
909
|
+
@property
|
910
|
+
@pulumi.getter(name="excludedIpRanges")
|
911
|
+
def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
912
|
+
"""
|
913
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
914
|
+
"""
|
915
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
916
|
+
|
917
|
+
@excluded_ip_ranges.setter
|
918
|
+
def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
919
|
+
pulumi.set(self, "excluded_ip_ranges", value)
|
920
|
+
|
921
|
+
@property
|
922
|
+
@pulumi.getter(name="excludedUriDomains")
|
923
|
+
def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
924
|
+
"""
|
925
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
926
|
+
"""
|
927
|
+
return pulumi.get(self, "excluded_uri_domains")
|
928
|
+
|
929
|
+
@excluded_uri_domains.setter
|
930
|
+
def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
931
|
+
pulumi.set(self, "excluded_uri_domains", value)
|
932
|
+
|
639
933
|
@property
|
640
934
|
@pulumi.getter
|
641
935
|
def format(self) -> Optional[pulumi.Input[str]]:
|
@@ -726,6 +1020,32 @@ class _SecretBackendRootSignIntermediateState:
|
|
726
1020
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
727
1021
|
pulumi.set(self, "namespace", value)
|
728
1022
|
|
1023
|
+
@property
|
1024
|
+
@pulumi.getter(name="notAfter")
|
1025
|
+
def not_after(self) -> Optional[pulumi.Input[str]]:
|
1026
|
+
"""
|
1027
|
+
Set the Not After field of the certificate with specified date value.
|
1028
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1029
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1030
|
+
"""
|
1031
|
+
return pulumi.get(self, "not_after")
|
1032
|
+
|
1033
|
+
@not_after.setter
|
1034
|
+
def not_after(self, value: Optional[pulumi.Input[str]]):
|
1035
|
+
pulumi.set(self, "not_after", value)
|
1036
|
+
|
1037
|
+
@property
|
1038
|
+
@pulumi.getter(name="notBeforeDuration")
|
1039
|
+
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
1040
|
+
"""
|
1041
|
+
Specifies the duration by which to backdate the NotBefore property.
|
1042
|
+
"""
|
1043
|
+
return pulumi.get(self, "not_before_duration")
|
1044
|
+
|
1045
|
+
@not_before_duration.setter
|
1046
|
+
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
1047
|
+
pulumi.set(self, "not_before_duration", value)
|
1048
|
+
|
729
1049
|
@property
|
730
1050
|
@pulumi.getter
|
731
1051
|
def organization(self) -> Optional[pulumi.Input[str]]:
|
@@ -774,6 +1094,42 @@ class _SecretBackendRootSignIntermediateState:
|
|
774
1094
|
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
775
1095
|
pulumi.set(self, "permitted_dns_domains", value)
|
776
1096
|
|
1097
|
+
@property
|
1098
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
1099
|
+
def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1100
|
+
"""
|
1101
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1102
|
+
"""
|
1103
|
+
return pulumi.get(self, "permitted_email_addresses")
|
1104
|
+
|
1105
|
+
@permitted_email_addresses.setter
|
1106
|
+
def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1107
|
+
pulumi.set(self, "permitted_email_addresses", value)
|
1108
|
+
|
1109
|
+
@property
|
1110
|
+
@pulumi.getter(name="permittedIpRanges")
|
1111
|
+
def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1112
|
+
"""
|
1113
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1114
|
+
"""
|
1115
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
1116
|
+
|
1117
|
+
@permitted_ip_ranges.setter
|
1118
|
+
def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1119
|
+
pulumi.set(self, "permitted_ip_ranges", value)
|
1120
|
+
|
1121
|
+
@property
|
1122
|
+
@pulumi.getter(name="permittedUriDomains")
|
1123
|
+
def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1124
|
+
"""
|
1125
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1126
|
+
"""
|
1127
|
+
return pulumi.get(self, "permitted_uri_domains")
|
1128
|
+
|
1129
|
+
@permitted_uri_domains.setter
|
1130
|
+
def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1131
|
+
pulumi.set(self, "permitted_uri_domains", value)
|
1132
|
+
|
777
1133
|
@property
|
778
1134
|
@pulumi.getter(name="postalCode")
|
779
1135
|
def postal_code(self) -> Optional[pulumi.Input[str]]:
|
@@ -822,6 +1178,30 @@ class _SecretBackendRootSignIntermediateState:
|
|
822
1178
|
def serial_number(self, value: Optional[pulumi.Input[str]]):
|
823
1179
|
pulumi.set(self, "serial_number", value)
|
824
1180
|
|
1181
|
+
@property
|
1182
|
+
@pulumi.getter(name="signatureBits")
|
1183
|
+
def signature_bits(self) -> Optional[pulumi.Input[int]]:
|
1184
|
+
"""
|
1185
|
+
The number of bits to use in the signature algorithm
|
1186
|
+
"""
|
1187
|
+
return pulumi.get(self, "signature_bits")
|
1188
|
+
|
1189
|
+
@signature_bits.setter
|
1190
|
+
def signature_bits(self, value: Optional[pulumi.Input[int]]):
|
1191
|
+
pulumi.set(self, "signature_bits", value)
|
1192
|
+
|
1193
|
+
@property
|
1194
|
+
@pulumi.getter
|
1195
|
+
def skid(self) -> Optional[pulumi.Input[str]]:
|
1196
|
+
"""
|
1197
|
+
Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1198
|
+
"""
|
1199
|
+
return pulumi.get(self, "skid")
|
1200
|
+
|
1201
|
+
@skid.setter
|
1202
|
+
def skid(self, value: Optional[pulumi.Input[str]]):
|
1203
|
+
pulumi.set(self, "skid", value)
|
1204
|
+
|
825
1205
|
@property
|
826
1206
|
@pulumi.getter(name="streetAddress")
|
827
1207
|
def street_address(self) -> Optional[pulumi.Input[str]]:
|
@@ -870,6 +1250,18 @@ class _SecretBackendRootSignIntermediateState:
|
|
870
1250
|
def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
|
871
1251
|
pulumi.set(self, "use_csr_values", value)
|
872
1252
|
|
1253
|
+
@property
|
1254
|
+
@pulumi.getter(name="usePss")
|
1255
|
+
def use_pss(self) -> Optional[pulumi.Input[bool]]:
|
1256
|
+
"""
|
1257
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
1258
|
+
"""
|
1259
|
+
return pulumi.get(self, "use_pss")
|
1260
|
+
|
1261
|
+
@use_pss.setter
|
1262
|
+
def use_pss(self, value: Optional[pulumi.Input[bool]]):
|
1263
|
+
pulumi.set(self, "use_pss", value)
|
1264
|
+
|
873
1265
|
|
874
1266
|
class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
875
1267
|
@overload
|
@@ -882,23 +1274,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
882
1274
|
country: Optional[pulumi.Input[str]] = None,
|
883
1275
|
csr: Optional[pulumi.Input[str]] = None,
|
884
1276
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1277
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1278
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1279
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1280
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
885
1281
|
format: Optional[pulumi.Input[str]] = None,
|
886
1282
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
887
1283
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
888
1284
|
locality: Optional[pulumi.Input[str]] = None,
|
889
1285
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
890
1286
|
namespace: Optional[pulumi.Input[str]] = None,
|
1287
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
1288
|
+
not_before_duration: Optional[pulumi.Input[str]] = None,
|
891
1289
|
organization: Optional[pulumi.Input[str]] = None,
|
892
1290
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
893
1291
|
ou: Optional[pulumi.Input[str]] = None,
|
894
1292
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1293
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1294
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1295
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
895
1296
|
postal_code: Optional[pulumi.Input[str]] = None,
|
896
1297
|
province: Optional[pulumi.Input[str]] = None,
|
897
1298
|
revoke: Optional[pulumi.Input[bool]] = None,
|
1299
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
1300
|
+
skid: Optional[pulumi.Input[str]] = None,
|
898
1301
|
street_address: Optional[pulumi.Input[str]] = None,
|
899
1302
|
ttl: Optional[pulumi.Input[str]] = None,
|
900
1303
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
901
1304
|
use_csr_values: Optional[pulumi.Input[bool]] = None,
|
1305
|
+
use_pss: Optional[pulumi.Input[bool]] = None,
|
902
1306
|
__props__=None):
|
903
1307
|
"""
|
904
1308
|
Creates PKI certificate.
|
@@ -927,6 +1331,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
927
1331
|
:param pulumi.Input[str] country: The country
|
928
1332
|
:param pulumi.Input[str] csr: The CSR
|
929
1333
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1334
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1335
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1336
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1337
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
930
1338
|
:param pulumi.Input[str] format: The format of data
|
931
1339
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
932
1340
|
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
@@ -939,17 +1347,27 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
939
1347
|
The value should not contain leading or trailing forward slashes.
|
940
1348
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
941
1349
|
*Available only for Vault Enterprise*.
|
1350
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
|
1351
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1352
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1353
|
+
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
942
1354
|
:param pulumi.Input[str] organization: The organization
|
943
1355
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
944
1356
|
:param pulumi.Input[str] ou: The organization unit
|
945
1357
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
1358
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1359
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1360
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
946
1361
|
:param pulumi.Input[str] postal_code: The postal code
|
947
1362
|
:param pulumi.Input[str] province: The province
|
948
1363
|
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
1364
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
1365
|
+
:param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
949
1366
|
:param pulumi.Input[str] street_address: The street address
|
950
1367
|
:param pulumi.Input[str] ttl: Time to live
|
951
1368
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
952
1369
|
:param pulumi.Input[bool] use_csr_values: Preserve CSR values
|
1370
|
+
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
953
1371
|
"""
|
954
1372
|
...
|
955
1373
|
@overload
|
@@ -997,23 +1415,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
997
1415
|
country: Optional[pulumi.Input[str]] = None,
|
998
1416
|
csr: Optional[pulumi.Input[str]] = None,
|
999
1417
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1418
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1419
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1420
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1421
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1000
1422
|
format: Optional[pulumi.Input[str]] = None,
|
1001
1423
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1002
1424
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
1003
1425
|
locality: Optional[pulumi.Input[str]] = None,
|
1004
1426
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
1005
1427
|
namespace: Optional[pulumi.Input[str]] = None,
|
1428
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
1429
|
+
not_before_duration: Optional[pulumi.Input[str]] = None,
|
1006
1430
|
organization: Optional[pulumi.Input[str]] = None,
|
1007
1431
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1008
1432
|
ou: Optional[pulumi.Input[str]] = None,
|
1009
1433
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1434
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1435
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1436
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1010
1437
|
postal_code: Optional[pulumi.Input[str]] = None,
|
1011
1438
|
province: Optional[pulumi.Input[str]] = None,
|
1012
1439
|
revoke: Optional[pulumi.Input[bool]] = None,
|
1440
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
1441
|
+
skid: Optional[pulumi.Input[str]] = None,
|
1013
1442
|
street_address: Optional[pulumi.Input[str]] = None,
|
1014
1443
|
ttl: Optional[pulumi.Input[str]] = None,
|
1015
1444
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1016
1445
|
use_csr_values: Optional[pulumi.Input[bool]] = None,
|
1446
|
+
use_pss: Optional[pulumi.Input[bool]] = None,
|
1017
1447
|
__props__=None):
|
1018
1448
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1019
1449
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1035,23 +1465,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1035
1465
|
raise TypeError("Missing required property 'csr'")
|
1036
1466
|
__props__.__dict__["csr"] = csr
|
1037
1467
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
1468
|
+
__props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
|
1469
|
+
__props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
|
1470
|
+
__props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
|
1471
|
+
__props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
|
1038
1472
|
__props__.__dict__["format"] = format
|
1039
1473
|
__props__.__dict__["ip_sans"] = ip_sans
|
1040
1474
|
__props__.__dict__["issuer_ref"] = issuer_ref
|
1041
1475
|
__props__.__dict__["locality"] = locality
|
1042
1476
|
__props__.__dict__["max_path_length"] = max_path_length
|
1043
1477
|
__props__.__dict__["namespace"] = namespace
|
1478
|
+
__props__.__dict__["not_after"] = not_after
|
1479
|
+
__props__.__dict__["not_before_duration"] = not_before_duration
|
1044
1480
|
__props__.__dict__["organization"] = organization
|
1045
1481
|
__props__.__dict__["other_sans"] = other_sans
|
1046
1482
|
__props__.__dict__["ou"] = ou
|
1047
1483
|
__props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
|
1484
|
+
__props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
|
1485
|
+
__props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
|
1486
|
+
__props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
|
1048
1487
|
__props__.__dict__["postal_code"] = postal_code
|
1049
1488
|
__props__.__dict__["province"] = province
|
1050
1489
|
__props__.__dict__["revoke"] = revoke
|
1490
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1491
|
+
__props__.__dict__["skid"] = skid
|
1051
1492
|
__props__.__dict__["street_address"] = street_address
|
1052
1493
|
__props__.__dict__["ttl"] = ttl
|
1053
1494
|
__props__.__dict__["uri_sans"] = uri_sans
|
1054
1495
|
__props__.__dict__["use_csr_values"] = use_csr_values
|
1496
|
+
__props__.__dict__["use_pss"] = use_pss
|
1055
1497
|
__props__.__dict__["ca_chains"] = None
|
1056
1498
|
__props__.__dict__["certificate"] = None
|
1057
1499
|
__props__.__dict__["certificate_bundle"] = None
|
@@ -1076,6 +1518,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1076
1518
|
country: Optional[pulumi.Input[str]] = None,
|
1077
1519
|
csr: Optional[pulumi.Input[str]] = None,
|
1078
1520
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1521
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1522
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1523
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1524
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1079
1525
|
format: Optional[pulumi.Input[str]] = None,
|
1080
1526
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1081
1527
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
@@ -1083,18 +1529,26 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1083
1529
|
locality: Optional[pulumi.Input[str]] = None,
|
1084
1530
|
max_path_length: Optional[pulumi.Input[int]] = None,
|
1085
1531
|
namespace: Optional[pulumi.Input[str]] = None,
|
1532
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
1533
|
+
not_before_duration: Optional[pulumi.Input[str]] = None,
|
1086
1534
|
organization: Optional[pulumi.Input[str]] = None,
|
1087
1535
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1088
1536
|
ou: Optional[pulumi.Input[str]] = None,
|
1089
1537
|
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1538
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1539
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1540
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1090
1541
|
postal_code: Optional[pulumi.Input[str]] = None,
|
1091
1542
|
province: Optional[pulumi.Input[str]] = None,
|
1092
1543
|
revoke: Optional[pulumi.Input[bool]] = None,
|
1093
1544
|
serial_number: Optional[pulumi.Input[str]] = None,
|
1545
|
+
signature_bits: Optional[pulumi.Input[int]] = None,
|
1546
|
+
skid: Optional[pulumi.Input[str]] = None,
|
1094
1547
|
street_address: Optional[pulumi.Input[str]] = None,
|
1095
1548
|
ttl: Optional[pulumi.Input[str]] = None,
|
1096
1549
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1097
|
-
use_csr_values: Optional[pulumi.Input[bool]] = None
|
1550
|
+
use_csr_values: Optional[pulumi.Input[bool]] = None,
|
1551
|
+
use_pss: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRootSignIntermediate':
|
1098
1552
|
"""
|
1099
1553
|
Get an existing SecretBackendRootSignIntermediate resource's state with the given name, id, and optional extra
|
1100
1554
|
properties used to qualify the lookup.
|
@@ -1112,6 +1566,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1112
1566
|
:param pulumi.Input[str] country: The country
|
1113
1567
|
:param pulumi.Input[str] csr: The CSR
|
1114
1568
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1569
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1570
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1571
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1572
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1115
1573
|
:param pulumi.Input[str] format: The format of data
|
1116
1574
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
1117
1575
|
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
@@ -1125,18 +1583,28 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1125
1583
|
The value should not contain leading or trailing forward slashes.
|
1126
1584
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1127
1585
|
*Available only for Vault Enterprise*.
|
1586
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
|
1587
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1588
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1589
|
+
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
1128
1590
|
:param pulumi.Input[str] organization: The organization
|
1129
1591
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
1130
1592
|
:param pulumi.Input[str] ou: The organization unit
|
1131
1593
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
1594
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1595
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1596
|
+
:param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1132
1597
|
:param pulumi.Input[str] postal_code: The postal code
|
1133
1598
|
:param pulumi.Input[str] province: The province
|
1134
1599
|
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
1135
1600
|
:param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
|
1601
|
+
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
1602
|
+
:param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1136
1603
|
:param pulumi.Input[str] street_address: The street address
|
1137
1604
|
:param pulumi.Input[str] ttl: Time to live
|
1138
1605
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
1139
1606
|
:param pulumi.Input[bool] use_csr_values: Preserve CSR values
|
1607
|
+
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
1140
1608
|
"""
|
1141
1609
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1142
1610
|
|
@@ -1151,6 +1619,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1151
1619
|
__props__.__dict__["country"] = country
|
1152
1620
|
__props__.__dict__["csr"] = csr
|
1153
1621
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
1622
|
+
__props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
|
1623
|
+
__props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
|
1624
|
+
__props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
|
1625
|
+
__props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
|
1154
1626
|
__props__.__dict__["format"] = format
|
1155
1627
|
__props__.__dict__["ip_sans"] = ip_sans
|
1156
1628
|
__props__.__dict__["issuer_ref"] = issuer_ref
|
@@ -1158,18 +1630,26 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1158
1630
|
__props__.__dict__["locality"] = locality
|
1159
1631
|
__props__.__dict__["max_path_length"] = max_path_length
|
1160
1632
|
__props__.__dict__["namespace"] = namespace
|
1633
|
+
__props__.__dict__["not_after"] = not_after
|
1634
|
+
__props__.__dict__["not_before_duration"] = not_before_duration
|
1161
1635
|
__props__.__dict__["organization"] = organization
|
1162
1636
|
__props__.__dict__["other_sans"] = other_sans
|
1163
1637
|
__props__.__dict__["ou"] = ou
|
1164
1638
|
__props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
|
1639
|
+
__props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
|
1640
|
+
__props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
|
1641
|
+
__props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
|
1165
1642
|
__props__.__dict__["postal_code"] = postal_code
|
1166
1643
|
__props__.__dict__["province"] = province
|
1167
1644
|
__props__.__dict__["revoke"] = revoke
|
1168
1645
|
__props__.__dict__["serial_number"] = serial_number
|
1646
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1647
|
+
__props__.__dict__["skid"] = skid
|
1169
1648
|
__props__.__dict__["street_address"] = street_address
|
1170
1649
|
__props__.__dict__["ttl"] = ttl
|
1171
1650
|
__props__.__dict__["uri_sans"] = uri_sans
|
1172
1651
|
__props__.__dict__["use_csr_values"] = use_csr_values
|
1652
|
+
__props__.__dict__["use_pss"] = use_pss
|
1173
1653
|
return SecretBackendRootSignIntermediate(resource_name, opts=opts, __props__=__props__)
|
1174
1654
|
|
1175
1655
|
@property
|
@@ -1245,6 +1725,38 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1245
1725
|
"""
|
1246
1726
|
return pulumi.get(self, "exclude_cn_from_sans")
|
1247
1727
|
|
1728
|
+
@property
|
1729
|
+
@pulumi.getter(name="excludedDnsDomains")
|
1730
|
+
def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1731
|
+
"""
|
1732
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1733
|
+
"""
|
1734
|
+
return pulumi.get(self, "excluded_dns_domains")
|
1735
|
+
|
1736
|
+
@property
|
1737
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
1738
|
+
def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1739
|
+
"""
|
1740
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1741
|
+
"""
|
1742
|
+
return pulumi.get(self, "excluded_email_addresses")
|
1743
|
+
|
1744
|
+
@property
|
1745
|
+
@pulumi.getter(name="excludedIpRanges")
|
1746
|
+
def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1747
|
+
"""
|
1748
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1749
|
+
"""
|
1750
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
1751
|
+
|
1752
|
+
@property
|
1753
|
+
@pulumi.getter(name="excludedUriDomains")
|
1754
|
+
def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1755
|
+
"""
|
1756
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1757
|
+
"""
|
1758
|
+
return pulumi.get(self, "excluded_uri_domains")
|
1759
|
+
|
1248
1760
|
@property
|
1249
1761
|
@pulumi.getter
|
1250
1762
|
def format(self) -> pulumi.Output[Optional[str]]:
|
@@ -1307,6 +1819,24 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1307
1819
|
"""
|
1308
1820
|
return pulumi.get(self, "namespace")
|
1309
1821
|
|
1822
|
+
@property
|
1823
|
+
@pulumi.getter(name="notAfter")
|
1824
|
+
def not_after(self) -> pulumi.Output[Optional[str]]:
|
1825
|
+
"""
|
1826
|
+
Set the Not After field of the certificate with specified date value.
|
1827
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1828
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1829
|
+
"""
|
1830
|
+
return pulumi.get(self, "not_after")
|
1831
|
+
|
1832
|
+
@property
|
1833
|
+
@pulumi.getter(name="notBeforeDuration")
|
1834
|
+
def not_before_duration(self) -> pulumi.Output[Optional[str]]:
|
1835
|
+
"""
|
1836
|
+
Specifies the duration by which to backdate the NotBefore property.
|
1837
|
+
"""
|
1838
|
+
return pulumi.get(self, "not_before_duration")
|
1839
|
+
|
1310
1840
|
@property
|
1311
1841
|
@pulumi.getter
|
1312
1842
|
def organization(self) -> pulumi.Output[Optional[str]]:
|
@@ -1339,6 +1869,30 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1339
1869
|
"""
|
1340
1870
|
return pulumi.get(self, "permitted_dns_domains")
|
1341
1871
|
|
1872
|
+
@property
|
1873
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
1874
|
+
def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1875
|
+
"""
|
1876
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1877
|
+
"""
|
1878
|
+
return pulumi.get(self, "permitted_email_addresses")
|
1879
|
+
|
1880
|
+
@property
|
1881
|
+
@pulumi.getter(name="permittedIpRanges")
|
1882
|
+
def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1883
|
+
"""
|
1884
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1885
|
+
"""
|
1886
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
1887
|
+
|
1888
|
+
@property
|
1889
|
+
@pulumi.getter(name="permittedUriDomains")
|
1890
|
+
def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1891
|
+
"""
|
1892
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1893
|
+
"""
|
1894
|
+
return pulumi.get(self, "permitted_uri_domains")
|
1895
|
+
|
1342
1896
|
@property
|
1343
1897
|
@pulumi.getter(name="postalCode")
|
1344
1898
|
def postal_code(self) -> pulumi.Output[Optional[str]]:
|
@@ -1371,6 +1925,22 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1371
1925
|
"""
|
1372
1926
|
return pulumi.get(self, "serial_number")
|
1373
1927
|
|
1928
|
+
@property
|
1929
|
+
@pulumi.getter(name="signatureBits")
|
1930
|
+
def signature_bits(self) -> pulumi.Output[Optional[int]]:
|
1931
|
+
"""
|
1932
|
+
The number of bits to use in the signature algorithm
|
1933
|
+
"""
|
1934
|
+
return pulumi.get(self, "signature_bits")
|
1935
|
+
|
1936
|
+
@property
|
1937
|
+
@pulumi.getter
|
1938
|
+
def skid(self) -> pulumi.Output[Optional[str]]:
|
1939
|
+
"""
|
1940
|
+
Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1941
|
+
"""
|
1942
|
+
return pulumi.get(self, "skid")
|
1943
|
+
|
1374
1944
|
@property
|
1375
1945
|
@pulumi.getter(name="streetAddress")
|
1376
1946
|
def street_address(self) -> pulumi.Output[Optional[str]]:
|
@@ -1403,3 +1973,11 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1403
1973
|
"""
|
1404
1974
|
return pulumi.get(self, "use_csr_values")
|
1405
1975
|
|
1976
|
+
@property
|
1977
|
+
@pulumi.getter(name="usePss")
|
1978
|
+
def use_pss(self) -> pulumi.Output[Optional[bool]]:
|
1979
|
+
"""
|
1980
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
1981
|
+
"""
|
1982
|
+
return pulumi.get(self, "use_pss")
|
1983
|
+
|