pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -25,23 +25,35 @@ class SecretBackendRootSignIntermediateArgs:
25
25
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
26
  country: Optional[pulumi.Input[str]] = None,
27
27
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
28
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
29
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
31
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
28
32
  format: Optional[pulumi.Input[str]] = None,
29
33
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
34
  issuer_ref: Optional[pulumi.Input[str]] = None,
31
35
  locality: Optional[pulumi.Input[str]] = None,
32
36
  max_path_length: Optional[pulumi.Input[int]] = None,
33
37
  namespace: Optional[pulumi.Input[str]] = None,
38
+ not_after: Optional[pulumi.Input[str]] = None,
39
+ not_before_duration: Optional[pulumi.Input[str]] = None,
34
40
  organization: Optional[pulumi.Input[str]] = None,
35
41
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
36
42
  ou: Optional[pulumi.Input[str]] = None,
37
43
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
44
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
45
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
46
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
38
47
  postal_code: Optional[pulumi.Input[str]] = None,
39
48
  province: Optional[pulumi.Input[str]] = None,
40
49
  revoke: Optional[pulumi.Input[bool]] = None,
50
+ signature_bits: Optional[pulumi.Input[int]] = None,
51
+ skid: Optional[pulumi.Input[str]] = None,
41
52
  street_address: Optional[pulumi.Input[str]] = None,
42
53
  ttl: Optional[pulumi.Input[str]] = None,
43
54
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
44
- use_csr_values: Optional[pulumi.Input[bool]] = None):
55
+ use_csr_values: Optional[pulumi.Input[bool]] = None,
56
+ use_pss: Optional[pulumi.Input[bool]] = None):
45
57
  """
46
58
  The set of arguments for constructing a SecretBackendRootSignIntermediate resource.
47
59
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
@@ -50,6 +62,10 @@ class SecretBackendRootSignIntermediateArgs:
50
62
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
51
63
  :param pulumi.Input[str] country: The country
52
64
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
65
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
66
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
67
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
68
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
53
69
  :param pulumi.Input[str] format: The format of data
54
70
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
55
71
  :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
@@ -62,17 +78,27 @@ class SecretBackendRootSignIntermediateArgs:
62
78
  The value should not contain leading or trailing forward slashes.
63
79
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
64
80
  *Available only for Vault Enterprise*.
81
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
82
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
83
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
84
+ :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
65
85
  :param pulumi.Input[str] organization: The organization
66
86
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
67
87
  :param pulumi.Input[str] ou: The organization unit
68
88
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
89
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
90
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
91
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
69
92
  :param pulumi.Input[str] postal_code: The postal code
70
93
  :param pulumi.Input[str] province: The province
71
94
  :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
95
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
96
+ :param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
72
97
  :param pulumi.Input[str] street_address: The street address
73
98
  :param pulumi.Input[str] ttl: Time to live
74
99
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
75
100
  :param pulumi.Input[bool] use_csr_values: Preserve CSR values
101
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
76
102
  """
77
103
  pulumi.set(__self__, "backend", backend)
78
104
  pulumi.set(__self__, "common_name", common_name)
@@ -83,6 +109,14 @@ class SecretBackendRootSignIntermediateArgs:
83
109
  pulumi.set(__self__, "country", country)
84
110
  if exclude_cn_from_sans is not None:
85
111
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
112
+ if excluded_dns_domains is not None:
113
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
114
+ if excluded_email_addresses is not None:
115
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
116
+ if excluded_ip_ranges is not None:
117
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
118
+ if excluded_uri_domains is not None:
119
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
86
120
  if format is not None:
87
121
  pulumi.set(__self__, "format", format)
88
122
  if ip_sans is not None:
@@ -95,6 +129,10 @@ class SecretBackendRootSignIntermediateArgs:
95
129
  pulumi.set(__self__, "max_path_length", max_path_length)
96
130
  if namespace is not None:
97
131
  pulumi.set(__self__, "namespace", namespace)
132
+ if not_after is not None:
133
+ pulumi.set(__self__, "not_after", not_after)
134
+ if not_before_duration is not None:
135
+ pulumi.set(__self__, "not_before_duration", not_before_duration)
98
136
  if organization is not None:
99
137
  pulumi.set(__self__, "organization", organization)
100
138
  if other_sans is not None:
@@ -103,12 +141,22 @@ class SecretBackendRootSignIntermediateArgs:
103
141
  pulumi.set(__self__, "ou", ou)
104
142
  if permitted_dns_domains is not None:
105
143
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
144
+ if permitted_email_addresses is not None:
145
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
146
+ if permitted_ip_ranges is not None:
147
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
148
+ if permitted_uri_domains is not None:
149
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
106
150
  if postal_code is not None:
107
151
  pulumi.set(__self__, "postal_code", postal_code)
108
152
  if province is not None:
109
153
  pulumi.set(__self__, "province", province)
110
154
  if revoke is not None:
111
155
  pulumi.set(__self__, "revoke", revoke)
156
+ if signature_bits is not None:
157
+ pulumi.set(__self__, "signature_bits", signature_bits)
158
+ if skid is not None:
159
+ pulumi.set(__self__, "skid", skid)
112
160
  if street_address is not None:
113
161
  pulumi.set(__self__, "street_address", street_address)
114
162
  if ttl is not None:
@@ -117,6 +165,8 @@ class SecretBackendRootSignIntermediateArgs:
117
165
  pulumi.set(__self__, "uri_sans", uri_sans)
118
166
  if use_csr_values is not None:
119
167
  pulumi.set(__self__, "use_csr_values", use_csr_values)
168
+ if use_pss is not None:
169
+ pulumi.set(__self__, "use_pss", use_pss)
120
170
 
121
171
  @property
122
172
  @pulumi.getter
@@ -190,6 +240,54 @@ class SecretBackendRootSignIntermediateArgs:
190
240
  def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
191
241
  pulumi.set(self, "exclude_cn_from_sans", value)
192
242
 
243
+ @property
244
+ @pulumi.getter(name="excludedDnsDomains")
245
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
246
+ """
247
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
248
+ """
249
+ return pulumi.get(self, "excluded_dns_domains")
250
+
251
+ @excluded_dns_domains.setter
252
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
253
+ pulumi.set(self, "excluded_dns_domains", value)
254
+
255
+ @property
256
+ @pulumi.getter(name="excludedEmailAddresses")
257
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
258
+ """
259
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
260
+ """
261
+ return pulumi.get(self, "excluded_email_addresses")
262
+
263
+ @excluded_email_addresses.setter
264
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
265
+ pulumi.set(self, "excluded_email_addresses", value)
266
+
267
+ @property
268
+ @pulumi.getter(name="excludedIpRanges")
269
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
270
+ """
271
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
272
+ """
273
+ return pulumi.get(self, "excluded_ip_ranges")
274
+
275
+ @excluded_ip_ranges.setter
276
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
277
+ pulumi.set(self, "excluded_ip_ranges", value)
278
+
279
+ @property
280
+ @pulumi.getter(name="excludedUriDomains")
281
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
282
+ """
283
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
284
+ """
285
+ return pulumi.get(self, "excluded_uri_domains")
286
+
287
+ @excluded_uri_domains.setter
288
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
289
+ pulumi.set(self, "excluded_uri_domains", value)
290
+
193
291
  @property
194
292
  @pulumi.getter
195
293
  def format(self) -> Optional[pulumi.Input[str]]:
@@ -268,6 +366,32 @@ class SecretBackendRootSignIntermediateArgs:
268
366
  def namespace(self, value: Optional[pulumi.Input[str]]):
269
367
  pulumi.set(self, "namespace", value)
270
368
 
369
+ @property
370
+ @pulumi.getter(name="notAfter")
371
+ def not_after(self) -> Optional[pulumi.Input[str]]:
372
+ """
373
+ Set the Not After field of the certificate with specified date value.
374
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
375
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
376
+ """
377
+ return pulumi.get(self, "not_after")
378
+
379
+ @not_after.setter
380
+ def not_after(self, value: Optional[pulumi.Input[str]]):
381
+ pulumi.set(self, "not_after", value)
382
+
383
+ @property
384
+ @pulumi.getter(name="notBeforeDuration")
385
+ def not_before_duration(self) -> Optional[pulumi.Input[str]]:
386
+ """
387
+ Specifies the duration by which to backdate the NotBefore property.
388
+ """
389
+ return pulumi.get(self, "not_before_duration")
390
+
391
+ @not_before_duration.setter
392
+ def not_before_duration(self, value: Optional[pulumi.Input[str]]):
393
+ pulumi.set(self, "not_before_duration", value)
394
+
271
395
  @property
272
396
  @pulumi.getter
273
397
  def organization(self) -> Optional[pulumi.Input[str]]:
@@ -316,6 +440,42 @@ class SecretBackendRootSignIntermediateArgs:
316
440
  def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
317
441
  pulumi.set(self, "permitted_dns_domains", value)
318
442
 
443
+ @property
444
+ @pulumi.getter(name="permittedEmailAddresses")
445
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
446
+ """
447
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
448
+ """
449
+ return pulumi.get(self, "permitted_email_addresses")
450
+
451
+ @permitted_email_addresses.setter
452
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
453
+ pulumi.set(self, "permitted_email_addresses", value)
454
+
455
+ @property
456
+ @pulumi.getter(name="permittedIpRanges")
457
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
458
+ """
459
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
460
+ """
461
+ return pulumi.get(self, "permitted_ip_ranges")
462
+
463
+ @permitted_ip_ranges.setter
464
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
465
+ pulumi.set(self, "permitted_ip_ranges", value)
466
+
467
+ @property
468
+ @pulumi.getter(name="permittedUriDomains")
469
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
470
+ """
471
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
472
+ """
473
+ return pulumi.get(self, "permitted_uri_domains")
474
+
475
+ @permitted_uri_domains.setter
476
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
477
+ pulumi.set(self, "permitted_uri_domains", value)
478
+
319
479
  @property
320
480
  @pulumi.getter(name="postalCode")
321
481
  def postal_code(self) -> Optional[pulumi.Input[str]]:
@@ -352,6 +512,30 @@ class SecretBackendRootSignIntermediateArgs:
352
512
  def revoke(self, value: Optional[pulumi.Input[bool]]):
353
513
  pulumi.set(self, "revoke", value)
354
514
 
515
+ @property
516
+ @pulumi.getter(name="signatureBits")
517
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
518
+ """
519
+ The number of bits to use in the signature algorithm
520
+ """
521
+ return pulumi.get(self, "signature_bits")
522
+
523
+ @signature_bits.setter
524
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
525
+ pulumi.set(self, "signature_bits", value)
526
+
527
+ @property
528
+ @pulumi.getter
529
+ def skid(self) -> Optional[pulumi.Input[str]]:
530
+ """
531
+ Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
532
+ """
533
+ return pulumi.get(self, "skid")
534
+
535
+ @skid.setter
536
+ def skid(self, value: Optional[pulumi.Input[str]]):
537
+ pulumi.set(self, "skid", value)
538
+
355
539
  @property
356
540
  @pulumi.getter(name="streetAddress")
357
541
  def street_address(self) -> Optional[pulumi.Input[str]]:
@@ -400,6 +584,18 @@ class SecretBackendRootSignIntermediateArgs:
400
584
  def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
401
585
  pulumi.set(self, "use_csr_values", value)
402
586
 
587
+ @property
588
+ @pulumi.getter(name="usePss")
589
+ def use_pss(self) -> Optional[pulumi.Input[bool]]:
590
+ """
591
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
592
+ """
593
+ return pulumi.get(self, "use_pss")
594
+
595
+ @use_pss.setter
596
+ def use_pss(self, value: Optional[pulumi.Input[bool]]):
597
+ pulumi.set(self, "use_pss", value)
598
+
403
599
 
404
600
  @pulumi.input_type
405
601
  class _SecretBackendRootSignIntermediateState:
@@ -413,6 +609,10 @@ class _SecretBackendRootSignIntermediateState:
413
609
  country: Optional[pulumi.Input[str]] = None,
414
610
  csr: Optional[pulumi.Input[str]] = None,
415
611
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
612
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
613
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
614
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
615
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
416
616
  format: Optional[pulumi.Input[str]] = None,
417
617
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
418
618
  issuer_ref: Optional[pulumi.Input[str]] = None,
@@ -420,18 +620,26 @@ class _SecretBackendRootSignIntermediateState:
420
620
  locality: Optional[pulumi.Input[str]] = None,
421
621
  max_path_length: Optional[pulumi.Input[int]] = None,
422
622
  namespace: Optional[pulumi.Input[str]] = None,
623
+ not_after: Optional[pulumi.Input[str]] = None,
624
+ not_before_duration: Optional[pulumi.Input[str]] = None,
423
625
  organization: Optional[pulumi.Input[str]] = None,
424
626
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
425
627
  ou: Optional[pulumi.Input[str]] = None,
426
628
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
629
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
630
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
631
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
427
632
  postal_code: Optional[pulumi.Input[str]] = None,
428
633
  province: Optional[pulumi.Input[str]] = None,
429
634
  revoke: Optional[pulumi.Input[bool]] = None,
430
635
  serial_number: Optional[pulumi.Input[str]] = None,
636
+ signature_bits: Optional[pulumi.Input[int]] = None,
637
+ skid: Optional[pulumi.Input[str]] = None,
431
638
  street_address: Optional[pulumi.Input[str]] = None,
432
639
  ttl: Optional[pulumi.Input[str]] = None,
433
640
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
434
- use_csr_values: Optional[pulumi.Input[bool]] = None):
641
+ use_csr_values: Optional[pulumi.Input[bool]] = None,
642
+ use_pss: Optional[pulumi.Input[bool]] = None):
435
643
  """
436
644
  Input properties used for looking up and filtering SecretBackendRootSignIntermediate resources.
437
645
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
@@ -444,6 +652,10 @@ class _SecretBackendRootSignIntermediateState:
444
652
  :param pulumi.Input[str] country: The country
445
653
  :param pulumi.Input[str] csr: The CSR
446
654
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
655
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
656
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
657
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
658
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
447
659
  :param pulumi.Input[str] format: The format of data
448
660
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
449
661
  :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
@@ -457,18 +669,28 @@ class _SecretBackendRootSignIntermediateState:
457
669
  The value should not contain leading or trailing forward slashes.
458
670
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
459
671
  *Available only for Vault Enterprise*.
672
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
673
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
674
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
675
+ :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
460
676
  :param pulumi.Input[str] organization: The organization
461
677
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
462
678
  :param pulumi.Input[str] ou: The organization unit
463
679
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
680
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
681
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
682
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
464
683
  :param pulumi.Input[str] postal_code: The postal code
465
684
  :param pulumi.Input[str] province: The province
466
685
  :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
467
686
  :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
687
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
688
+ :param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
468
689
  :param pulumi.Input[str] street_address: The street address
469
690
  :param pulumi.Input[str] ttl: Time to live
470
691
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
471
692
  :param pulumi.Input[bool] use_csr_values: Preserve CSR values
693
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
472
694
  """
473
695
  if alt_names is not None:
474
696
  pulumi.set(__self__, "alt_names", alt_names)
@@ -488,6 +710,14 @@ class _SecretBackendRootSignIntermediateState:
488
710
  pulumi.set(__self__, "csr", csr)
489
711
  if exclude_cn_from_sans is not None:
490
712
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
713
+ if excluded_dns_domains is not None:
714
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
715
+ if excluded_email_addresses is not None:
716
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
717
+ if excluded_ip_ranges is not None:
718
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
719
+ if excluded_uri_domains is not None:
720
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
491
721
  if format is not None:
492
722
  pulumi.set(__self__, "format", format)
493
723
  if ip_sans is not None:
@@ -502,6 +732,10 @@ class _SecretBackendRootSignIntermediateState:
502
732
  pulumi.set(__self__, "max_path_length", max_path_length)
503
733
  if namespace is not None:
504
734
  pulumi.set(__self__, "namespace", namespace)
735
+ if not_after is not None:
736
+ pulumi.set(__self__, "not_after", not_after)
737
+ if not_before_duration is not None:
738
+ pulumi.set(__self__, "not_before_duration", not_before_duration)
505
739
  if organization is not None:
506
740
  pulumi.set(__self__, "organization", organization)
507
741
  if other_sans is not None:
@@ -510,6 +744,12 @@ class _SecretBackendRootSignIntermediateState:
510
744
  pulumi.set(__self__, "ou", ou)
511
745
  if permitted_dns_domains is not None:
512
746
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
747
+ if permitted_email_addresses is not None:
748
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
749
+ if permitted_ip_ranges is not None:
750
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
751
+ if permitted_uri_domains is not None:
752
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
513
753
  if postal_code is not None:
514
754
  pulumi.set(__self__, "postal_code", postal_code)
515
755
  if province is not None:
@@ -518,6 +758,10 @@ class _SecretBackendRootSignIntermediateState:
518
758
  pulumi.set(__self__, "revoke", revoke)
519
759
  if serial_number is not None:
520
760
  pulumi.set(__self__, "serial_number", serial_number)
761
+ if signature_bits is not None:
762
+ pulumi.set(__self__, "signature_bits", signature_bits)
763
+ if skid is not None:
764
+ pulumi.set(__self__, "skid", skid)
521
765
  if street_address is not None:
522
766
  pulumi.set(__self__, "street_address", street_address)
523
767
  if ttl is not None:
@@ -526,6 +770,8 @@ class _SecretBackendRootSignIntermediateState:
526
770
  pulumi.set(__self__, "uri_sans", uri_sans)
527
771
  if use_csr_values is not None:
528
772
  pulumi.set(__self__, "use_csr_values", use_csr_values)
773
+ if use_pss is not None:
774
+ pulumi.set(__self__, "use_pss", use_pss)
529
775
 
530
776
  @property
531
777
  @pulumi.getter(name="altNames")
@@ -636,6 +882,54 @@ class _SecretBackendRootSignIntermediateState:
636
882
  def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
637
883
  pulumi.set(self, "exclude_cn_from_sans", value)
638
884
 
885
+ @property
886
+ @pulumi.getter(name="excludedDnsDomains")
887
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
888
+ """
889
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
890
+ """
891
+ return pulumi.get(self, "excluded_dns_domains")
892
+
893
+ @excluded_dns_domains.setter
894
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
895
+ pulumi.set(self, "excluded_dns_domains", value)
896
+
897
+ @property
898
+ @pulumi.getter(name="excludedEmailAddresses")
899
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
900
+ """
901
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
902
+ """
903
+ return pulumi.get(self, "excluded_email_addresses")
904
+
905
+ @excluded_email_addresses.setter
906
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
907
+ pulumi.set(self, "excluded_email_addresses", value)
908
+
909
+ @property
910
+ @pulumi.getter(name="excludedIpRanges")
911
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
912
+ """
913
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
914
+ """
915
+ return pulumi.get(self, "excluded_ip_ranges")
916
+
917
+ @excluded_ip_ranges.setter
918
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
919
+ pulumi.set(self, "excluded_ip_ranges", value)
920
+
921
+ @property
922
+ @pulumi.getter(name="excludedUriDomains")
923
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
924
+ """
925
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
926
+ """
927
+ return pulumi.get(self, "excluded_uri_domains")
928
+
929
+ @excluded_uri_domains.setter
930
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
931
+ pulumi.set(self, "excluded_uri_domains", value)
932
+
639
933
  @property
640
934
  @pulumi.getter
641
935
  def format(self) -> Optional[pulumi.Input[str]]:
@@ -726,6 +1020,32 @@ class _SecretBackendRootSignIntermediateState:
726
1020
  def namespace(self, value: Optional[pulumi.Input[str]]):
727
1021
  pulumi.set(self, "namespace", value)
728
1022
 
1023
+ @property
1024
+ @pulumi.getter(name="notAfter")
1025
+ def not_after(self) -> Optional[pulumi.Input[str]]:
1026
+ """
1027
+ Set the Not After field of the certificate with specified date value.
1028
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1029
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1030
+ """
1031
+ return pulumi.get(self, "not_after")
1032
+
1033
+ @not_after.setter
1034
+ def not_after(self, value: Optional[pulumi.Input[str]]):
1035
+ pulumi.set(self, "not_after", value)
1036
+
1037
+ @property
1038
+ @pulumi.getter(name="notBeforeDuration")
1039
+ def not_before_duration(self) -> Optional[pulumi.Input[str]]:
1040
+ """
1041
+ Specifies the duration by which to backdate the NotBefore property.
1042
+ """
1043
+ return pulumi.get(self, "not_before_duration")
1044
+
1045
+ @not_before_duration.setter
1046
+ def not_before_duration(self, value: Optional[pulumi.Input[str]]):
1047
+ pulumi.set(self, "not_before_duration", value)
1048
+
729
1049
  @property
730
1050
  @pulumi.getter
731
1051
  def organization(self) -> Optional[pulumi.Input[str]]:
@@ -774,6 +1094,42 @@ class _SecretBackendRootSignIntermediateState:
774
1094
  def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
775
1095
  pulumi.set(self, "permitted_dns_domains", value)
776
1096
 
1097
+ @property
1098
+ @pulumi.getter(name="permittedEmailAddresses")
1099
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1100
+ """
1101
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1102
+ """
1103
+ return pulumi.get(self, "permitted_email_addresses")
1104
+
1105
+ @permitted_email_addresses.setter
1106
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1107
+ pulumi.set(self, "permitted_email_addresses", value)
1108
+
1109
+ @property
1110
+ @pulumi.getter(name="permittedIpRanges")
1111
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1112
+ """
1113
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1114
+ """
1115
+ return pulumi.get(self, "permitted_ip_ranges")
1116
+
1117
+ @permitted_ip_ranges.setter
1118
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1119
+ pulumi.set(self, "permitted_ip_ranges", value)
1120
+
1121
+ @property
1122
+ @pulumi.getter(name="permittedUriDomains")
1123
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1124
+ """
1125
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1126
+ """
1127
+ return pulumi.get(self, "permitted_uri_domains")
1128
+
1129
+ @permitted_uri_domains.setter
1130
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1131
+ pulumi.set(self, "permitted_uri_domains", value)
1132
+
777
1133
  @property
778
1134
  @pulumi.getter(name="postalCode")
779
1135
  def postal_code(self) -> Optional[pulumi.Input[str]]:
@@ -822,6 +1178,30 @@ class _SecretBackendRootSignIntermediateState:
822
1178
  def serial_number(self, value: Optional[pulumi.Input[str]]):
823
1179
  pulumi.set(self, "serial_number", value)
824
1180
 
1181
+ @property
1182
+ @pulumi.getter(name="signatureBits")
1183
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
1184
+ """
1185
+ The number of bits to use in the signature algorithm
1186
+ """
1187
+ return pulumi.get(self, "signature_bits")
1188
+
1189
+ @signature_bits.setter
1190
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
1191
+ pulumi.set(self, "signature_bits", value)
1192
+
1193
+ @property
1194
+ @pulumi.getter
1195
+ def skid(self) -> Optional[pulumi.Input[str]]:
1196
+ """
1197
+ Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1198
+ """
1199
+ return pulumi.get(self, "skid")
1200
+
1201
+ @skid.setter
1202
+ def skid(self, value: Optional[pulumi.Input[str]]):
1203
+ pulumi.set(self, "skid", value)
1204
+
825
1205
  @property
826
1206
  @pulumi.getter(name="streetAddress")
827
1207
  def street_address(self) -> Optional[pulumi.Input[str]]:
@@ -870,6 +1250,18 @@ class _SecretBackendRootSignIntermediateState:
870
1250
  def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
871
1251
  pulumi.set(self, "use_csr_values", value)
872
1252
 
1253
+ @property
1254
+ @pulumi.getter(name="usePss")
1255
+ def use_pss(self) -> Optional[pulumi.Input[bool]]:
1256
+ """
1257
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
1258
+ """
1259
+ return pulumi.get(self, "use_pss")
1260
+
1261
+ @use_pss.setter
1262
+ def use_pss(self, value: Optional[pulumi.Input[bool]]):
1263
+ pulumi.set(self, "use_pss", value)
1264
+
873
1265
 
874
1266
  class SecretBackendRootSignIntermediate(pulumi.CustomResource):
875
1267
  @overload
@@ -882,23 +1274,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
882
1274
  country: Optional[pulumi.Input[str]] = None,
883
1275
  csr: Optional[pulumi.Input[str]] = None,
884
1276
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1277
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1278
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1279
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1280
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
885
1281
  format: Optional[pulumi.Input[str]] = None,
886
1282
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
887
1283
  issuer_ref: Optional[pulumi.Input[str]] = None,
888
1284
  locality: Optional[pulumi.Input[str]] = None,
889
1285
  max_path_length: Optional[pulumi.Input[int]] = None,
890
1286
  namespace: Optional[pulumi.Input[str]] = None,
1287
+ not_after: Optional[pulumi.Input[str]] = None,
1288
+ not_before_duration: Optional[pulumi.Input[str]] = None,
891
1289
  organization: Optional[pulumi.Input[str]] = None,
892
1290
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
893
1291
  ou: Optional[pulumi.Input[str]] = None,
894
1292
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1293
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1294
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1295
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
895
1296
  postal_code: Optional[pulumi.Input[str]] = None,
896
1297
  province: Optional[pulumi.Input[str]] = None,
897
1298
  revoke: Optional[pulumi.Input[bool]] = None,
1299
+ signature_bits: Optional[pulumi.Input[int]] = None,
1300
+ skid: Optional[pulumi.Input[str]] = None,
898
1301
  street_address: Optional[pulumi.Input[str]] = None,
899
1302
  ttl: Optional[pulumi.Input[str]] = None,
900
1303
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
901
1304
  use_csr_values: Optional[pulumi.Input[bool]] = None,
1305
+ use_pss: Optional[pulumi.Input[bool]] = None,
902
1306
  __props__=None):
903
1307
  """
904
1308
  Creates PKI certificate.
@@ -927,6 +1331,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
927
1331
  :param pulumi.Input[str] country: The country
928
1332
  :param pulumi.Input[str] csr: The CSR
929
1333
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1334
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1335
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1336
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1337
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
930
1338
  :param pulumi.Input[str] format: The format of data
931
1339
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
932
1340
  :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
@@ -939,17 +1347,27 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
939
1347
  The value should not contain leading or trailing forward slashes.
940
1348
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
941
1349
  *Available only for Vault Enterprise*.
1350
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
1351
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1352
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1353
+ :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
942
1354
  :param pulumi.Input[str] organization: The organization
943
1355
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
944
1356
  :param pulumi.Input[str] ou: The organization unit
945
1357
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1358
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1359
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1360
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
946
1361
  :param pulumi.Input[str] postal_code: The postal code
947
1362
  :param pulumi.Input[str] province: The province
948
1363
  :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
1364
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1365
+ :param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
949
1366
  :param pulumi.Input[str] street_address: The street address
950
1367
  :param pulumi.Input[str] ttl: Time to live
951
1368
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
952
1369
  :param pulumi.Input[bool] use_csr_values: Preserve CSR values
1370
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
953
1371
  """
954
1372
  ...
955
1373
  @overload
@@ -997,23 +1415,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
997
1415
  country: Optional[pulumi.Input[str]] = None,
998
1416
  csr: Optional[pulumi.Input[str]] = None,
999
1417
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1418
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1419
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1420
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1421
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1000
1422
  format: Optional[pulumi.Input[str]] = None,
1001
1423
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1002
1424
  issuer_ref: Optional[pulumi.Input[str]] = None,
1003
1425
  locality: Optional[pulumi.Input[str]] = None,
1004
1426
  max_path_length: Optional[pulumi.Input[int]] = None,
1005
1427
  namespace: Optional[pulumi.Input[str]] = None,
1428
+ not_after: Optional[pulumi.Input[str]] = None,
1429
+ not_before_duration: Optional[pulumi.Input[str]] = None,
1006
1430
  organization: Optional[pulumi.Input[str]] = None,
1007
1431
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1008
1432
  ou: Optional[pulumi.Input[str]] = None,
1009
1433
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1434
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1435
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1436
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1010
1437
  postal_code: Optional[pulumi.Input[str]] = None,
1011
1438
  province: Optional[pulumi.Input[str]] = None,
1012
1439
  revoke: Optional[pulumi.Input[bool]] = None,
1440
+ signature_bits: Optional[pulumi.Input[int]] = None,
1441
+ skid: Optional[pulumi.Input[str]] = None,
1013
1442
  street_address: Optional[pulumi.Input[str]] = None,
1014
1443
  ttl: Optional[pulumi.Input[str]] = None,
1015
1444
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1016
1445
  use_csr_values: Optional[pulumi.Input[bool]] = None,
1446
+ use_pss: Optional[pulumi.Input[bool]] = None,
1017
1447
  __props__=None):
1018
1448
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1019
1449
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1035,23 +1465,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1035
1465
  raise TypeError("Missing required property 'csr'")
1036
1466
  __props__.__dict__["csr"] = csr
1037
1467
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1468
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1469
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1470
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1471
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1038
1472
  __props__.__dict__["format"] = format
1039
1473
  __props__.__dict__["ip_sans"] = ip_sans
1040
1474
  __props__.__dict__["issuer_ref"] = issuer_ref
1041
1475
  __props__.__dict__["locality"] = locality
1042
1476
  __props__.__dict__["max_path_length"] = max_path_length
1043
1477
  __props__.__dict__["namespace"] = namespace
1478
+ __props__.__dict__["not_after"] = not_after
1479
+ __props__.__dict__["not_before_duration"] = not_before_duration
1044
1480
  __props__.__dict__["organization"] = organization
1045
1481
  __props__.__dict__["other_sans"] = other_sans
1046
1482
  __props__.__dict__["ou"] = ou
1047
1483
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1484
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1485
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1486
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1048
1487
  __props__.__dict__["postal_code"] = postal_code
1049
1488
  __props__.__dict__["province"] = province
1050
1489
  __props__.__dict__["revoke"] = revoke
1490
+ __props__.__dict__["signature_bits"] = signature_bits
1491
+ __props__.__dict__["skid"] = skid
1051
1492
  __props__.__dict__["street_address"] = street_address
1052
1493
  __props__.__dict__["ttl"] = ttl
1053
1494
  __props__.__dict__["uri_sans"] = uri_sans
1054
1495
  __props__.__dict__["use_csr_values"] = use_csr_values
1496
+ __props__.__dict__["use_pss"] = use_pss
1055
1497
  __props__.__dict__["ca_chains"] = None
1056
1498
  __props__.__dict__["certificate"] = None
1057
1499
  __props__.__dict__["certificate_bundle"] = None
@@ -1076,6 +1518,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1076
1518
  country: Optional[pulumi.Input[str]] = None,
1077
1519
  csr: Optional[pulumi.Input[str]] = None,
1078
1520
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1521
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1522
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1523
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1524
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1079
1525
  format: Optional[pulumi.Input[str]] = None,
1080
1526
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1081
1527
  issuer_ref: Optional[pulumi.Input[str]] = None,
@@ -1083,18 +1529,26 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1083
1529
  locality: Optional[pulumi.Input[str]] = None,
1084
1530
  max_path_length: Optional[pulumi.Input[int]] = None,
1085
1531
  namespace: Optional[pulumi.Input[str]] = None,
1532
+ not_after: Optional[pulumi.Input[str]] = None,
1533
+ not_before_duration: Optional[pulumi.Input[str]] = None,
1086
1534
  organization: Optional[pulumi.Input[str]] = None,
1087
1535
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1088
1536
  ou: Optional[pulumi.Input[str]] = None,
1089
1537
  permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1538
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1539
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1540
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1090
1541
  postal_code: Optional[pulumi.Input[str]] = None,
1091
1542
  province: Optional[pulumi.Input[str]] = None,
1092
1543
  revoke: Optional[pulumi.Input[bool]] = None,
1093
1544
  serial_number: Optional[pulumi.Input[str]] = None,
1545
+ signature_bits: Optional[pulumi.Input[int]] = None,
1546
+ skid: Optional[pulumi.Input[str]] = None,
1094
1547
  street_address: Optional[pulumi.Input[str]] = None,
1095
1548
  ttl: Optional[pulumi.Input[str]] = None,
1096
1549
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1097
- use_csr_values: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRootSignIntermediate':
1550
+ use_csr_values: Optional[pulumi.Input[bool]] = None,
1551
+ use_pss: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRootSignIntermediate':
1098
1552
  """
1099
1553
  Get an existing SecretBackendRootSignIntermediate resource's state with the given name, id, and optional extra
1100
1554
  properties used to qualify the lookup.
@@ -1112,6 +1566,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1112
1566
  :param pulumi.Input[str] country: The country
1113
1567
  :param pulumi.Input[str] csr: The CSR
1114
1568
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1569
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1570
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1571
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1572
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1115
1573
  :param pulumi.Input[str] format: The format of data
1116
1574
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
1117
1575
  :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
@@ -1125,18 +1583,28 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1125
1583
  The value should not contain leading or trailing forward slashes.
1126
1584
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1127
1585
  *Available only for Vault Enterprise*.
1586
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value.
1587
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1588
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1589
+ :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1128
1590
  :param pulumi.Input[str] organization: The organization
1129
1591
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
1130
1592
  :param pulumi.Input[str] ou: The organization unit
1131
1593
  :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1594
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1595
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1596
+ :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1132
1597
  :param pulumi.Input[str] postal_code: The postal code
1133
1598
  :param pulumi.Input[str] province: The province
1134
1599
  :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
1135
1600
  :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
1601
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1602
+ :param pulumi.Input[str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1136
1603
  :param pulumi.Input[str] street_address: The street address
1137
1604
  :param pulumi.Input[str] ttl: Time to live
1138
1605
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
1139
1606
  :param pulumi.Input[bool] use_csr_values: Preserve CSR values
1607
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
1140
1608
  """
1141
1609
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1142
1610
 
@@ -1151,6 +1619,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1151
1619
  __props__.__dict__["country"] = country
1152
1620
  __props__.__dict__["csr"] = csr
1153
1621
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1622
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1623
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1624
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1625
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1154
1626
  __props__.__dict__["format"] = format
1155
1627
  __props__.__dict__["ip_sans"] = ip_sans
1156
1628
  __props__.__dict__["issuer_ref"] = issuer_ref
@@ -1158,18 +1630,26 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1158
1630
  __props__.__dict__["locality"] = locality
1159
1631
  __props__.__dict__["max_path_length"] = max_path_length
1160
1632
  __props__.__dict__["namespace"] = namespace
1633
+ __props__.__dict__["not_after"] = not_after
1634
+ __props__.__dict__["not_before_duration"] = not_before_duration
1161
1635
  __props__.__dict__["organization"] = organization
1162
1636
  __props__.__dict__["other_sans"] = other_sans
1163
1637
  __props__.__dict__["ou"] = ou
1164
1638
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1639
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1640
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1641
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1165
1642
  __props__.__dict__["postal_code"] = postal_code
1166
1643
  __props__.__dict__["province"] = province
1167
1644
  __props__.__dict__["revoke"] = revoke
1168
1645
  __props__.__dict__["serial_number"] = serial_number
1646
+ __props__.__dict__["signature_bits"] = signature_bits
1647
+ __props__.__dict__["skid"] = skid
1169
1648
  __props__.__dict__["street_address"] = street_address
1170
1649
  __props__.__dict__["ttl"] = ttl
1171
1650
  __props__.__dict__["uri_sans"] = uri_sans
1172
1651
  __props__.__dict__["use_csr_values"] = use_csr_values
1652
+ __props__.__dict__["use_pss"] = use_pss
1173
1653
  return SecretBackendRootSignIntermediate(resource_name, opts=opts, __props__=__props__)
1174
1654
 
1175
1655
  @property
@@ -1245,6 +1725,38 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1245
1725
  """
1246
1726
  return pulumi.get(self, "exclude_cn_from_sans")
1247
1727
 
1728
+ @property
1729
+ @pulumi.getter(name="excludedDnsDomains")
1730
+ def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1731
+ """
1732
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1733
+ """
1734
+ return pulumi.get(self, "excluded_dns_domains")
1735
+
1736
+ @property
1737
+ @pulumi.getter(name="excludedEmailAddresses")
1738
+ def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
1739
+ """
1740
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1741
+ """
1742
+ return pulumi.get(self, "excluded_email_addresses")
1743
+
1744
+ @property
1745
+ @pulumi.getter(name="excludedIpRanges")
1746
+ def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
1747
+ """
1748
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1749
+ """
1750
+ return pulumi.get(self, "excluded_ip_ranges")
1751
+
1752
+ @property
1753
+ @pulumi.getter(name="excludedUriDomains")
1754
+ def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1755
+ """
1756
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1757
+ """
1758
+ return pulumi.get(self, "excluded_uri_domains")
1759
+
1248
1760
  @property
1249
1761
  @pulumi.getter
1250
1762
  def format(self) -> pulumi.Output[Optional[str]]:
@@ -1307,6 +1819,24 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1307
1819
  """
1308
1820
  return pulumi.get(self, "namespace")
1309
1821
 
1822
+ @property
1823
+ @pulumi.getter(name="notAfter")
1824
+ def not_after(self) -> pulumi.Output[Optional[str]]:
1825
+ """
1826
+ Set the Not After field of the certificate with specified date value.
1827
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1828
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1829
+ """
1830
+ return pulumi.get(self, "not_after")
1831
+
1832
+ @property
1833
+ @pulumi.getter(name="notBeforeDuration")
1834
+ def not_before_duration(self) -> pulumi.Output[Optional[str]]:
1835
+ """
1836
+ Specifies the duration by which to backdate the NotBefore property.
1837
+ """
1838
+ return pulumi.get(self, "not_before_duration")
1839
+
1310
1840
  @property
1311
1841
  @pulumi.getter
1312
1842
  def organization(self) -> pulumi.Output[Optional[str]]:
@@ -1339,6 +1869,30 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1339
1869
  """
1340
1870
  return pulumi.get(self, "permitted_dns_domains")
1341
1871
 
1872
+ @property
1873
+ @pulumi.getter(name="permittedEmailAddresses")
1874
+ def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
1875
+ """
1876
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1877
+ """
1878
+ return pulumi.get(self, "permitted_email_addresses")
1879
+
1880
+ @property
1881
+ @pulumi.getter(name="permittedIpRanges")
1882
+ def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[str]]]:
1883
+ """
1884
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1885
+ """
1886
+ return pulumi.get(self, "permitted_ip_ranges")
1887
+
1888
+ @property
1889
+ @pulumi.getter(name="permittedUriDomains")
1890
+ def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1891
+ """
1892
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1893
+ """
1894
+ return pulumi.get(self, "permitted_uri_domains")
1895
+
1342
1896
  @property
1343
1897
  @pulumi.getter(name="postalCode")
1344
1898
  def postal_code(self) -> pulumi.Output[Optional[str]]:
@@ -1371,6 +1925,22 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1371
1925
  """
1372
1926
  return pulumi.get(self, "serial_number")
1373
1927
 
1928
+ @property
1929
+ @pulumi.getter(name="signatureBits")
1930
+ def signature_bits(self) -> pulumi.Output[Optional[int]]:
1931
+ """
1932
+ The number of bits to use in the signature algorithm
1933
+ """
1934
+ return pulumi.get(self, "signature_bits")
1935
+
1936
+ @property
1937
+ @pulumi.getter
1938
+ def skid(self) -> pulumi.Output[Optional[str]]:
1939
+ """
1940
+ Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1941
+ """
1942
+ return pulumi.get(self, "skid")
1943
+
1374
1944
  @property
1375
1945
  @pulumi.getter(name="streetAddress")
1376
1946
  def street_address(self) -> pulumi.Output[Optional[str]]:
@@ -1403,3 +1973,11 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1403
1973
  """
1404
1974
  return pulumi.get(self, "use_csr_values")
1405
1975
 
1976
+ @property
1977
+ @pulumi.getter(name="usePss")
1978
+ def use_pss(self) -> pulumi.Output[Optional[bool]]:
1979
+ """
1980
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
1981
+ """
1982
+ return pulumi.get(self, "use_pss")
1983
+