pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.6.0a1741836364__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.6.0a1741836364.dist-info}/top_level.txt +0 -0
@@ -24,6 +24,7 @@ class SecretBackendSignArgs:
24
24
  csr: pulumi.Input[str],
25
25
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
26
  auto_renew: Optional[pulumi.Input[bool]] = None,
27
+ cert_metadata: Optional[pulumi.Input[str]] = None,
27
28
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
28
29
  format: Optional[pulumi.Input[str]] = None,
29
30
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -31,6 +32,7 @@ class SecretBackendSignArgs:
31
32
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
32
33
  name: Optional[pulumi.Input[str]] = None,
33
34
  namespace: Optional[pulumi.Input[str]] = None,
35
+ not_after: Optional[pulumi.Input[str]] = None,
34
36
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
37
  ttl: Optional[pulumi.Input[str]] = None,
36
38
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
@@ -41,6 +43,7 @@ class SecretBackendSignArgs:
41
43
  :param pulumi.Input[str] csr: The CSR
42
44
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
43
45
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
46
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
44
47
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
45
48
  :param pulumi.Input[str] format: The format of data
46
49
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
@@ -54,6 +57,7 @@ class SecretBackendSignArgs:
54
57
  The value should not contain leading or trailing forward slashes.
55
58
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
56
59
  *Available only for Vault Enterprise*.
60
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
57
61
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
58
62
  :param pulumi.Input[str] ttl: Time to live
59
63
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
@@ -65,6 +69,8 @@ class SecretBackendSignArgs:
65
69
  pulumi.set(__self__, "alt_names", alt_names)
66
70
  if auto_renew is not None:
67
71
  pulumi.set(__self__, "auto_renew", auto_renew)
72
+ if cert_metadata is not None:
73
+ pulumi.set(__self__, "cert_metadata", cert_metadata)
68
74
  if exclude_cn_from_sans is not None:
69
75
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
70
76
  if format is not None:
@@ -79,6 +85,8 @@ class SecretBackendSignArgs:
79
85
  pulumi.set(__self__, "name", name)
80
86
  if namespace is not None:
81
87
  pulumi.set(__self__, "namespace", namespace)
88
+ if not_after is not None:
89
+ pulumi.set(__self__, "not_after", not_after)
82
90
  if other_sans is not None:
83
91
  pulumi.set(__self__, "other_sans", other_sans)
84
92
  if ttl is not None:
@@ -146,6 +154,18 @@ class SecretBackendSignArgs:
146
154
  def auto_renew(self, value: Optional[pulumi.Input[bool]]):
147
155
  pulumi.set(self, "auto_renew", value)
148
156
 
157
+ @property
158
+ @pulumi.getter(name="certMetadata")
159
+ def cert_metadata(self) -> Optional[pulumi.Input[str]]:
160
+ """
161
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
162
+ """
163
+ return pulumi.get(self, "cert_metadata")
164
+
165
+ @cert_metadata.setter
166
+ def cert_metadata(self, value: Optional[pulumi.Input[str]]):
167
+ pulumi.set(self, "cert_metadata", value)
168
+
149
169
  @property
150
170
  @pulumi.getter(name="excludeCnFromSans")
151
171
  def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
@@ -236,6 +256,18 @@ class SecretBackendSignArgs:
236
256
  def namespace(self, value: Optional[pulumi.Input[str]]):
237
257
  pulumi.set(self, "namespace", value)
238
258
 
259
+ @property
260
+ @pulumi.getter(name="notAfter")
261
+ def not_after(self) -> Optional[pulumi.Input[str]]:
262
+ """
263
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
264
+ """
265
+ return pulumi.get(self, "not_after")
266
+
267
+ @not_after.setter
268
+ def not_after(self, value: Optional[pulumi.Input[str]]):
269
+ pulumi.set(self, "not_after", value)
270
+
239
271
  @property
240
272
  @pulumi.getter(name="otherSans")
241
273
  def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -280,6 +312,7 @@ class _SecretBackendSignState:
280
312
  auto_renew: Optional[pulumi.Input[bool]] = None,
281
313
  backend: Optional[pulumi.Input[str]] = None,
282
314
  ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
315
+ cert_metadata: Optional[pulumi.Input[str]] = None,
283
316
  certificate: Optional[pulumi.Input[str]] = None,
284
317
  common_name: Optional[pulumi.Input[str]] = None,
285
318
  csr: Optional[pulumi.Input[str]] = None,
@@ -292,6 +325,7 @@ class _SecretBackendSignState:
292
325
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
293
326
  name: Optional[pulumi.Input[str]] = None,
294
327
  namespace: Optional[pulumi.Input[str]] = None,
328
+ not_after: Optional[pulumi.Input[str]] = None,
295
329
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
296
330
  renew_pending: Optional[pulumi.Input[bool]] = None,
297
331
  serial_number: Optional[pulumi.Input[str]] = None,
@@ -303,6 +337,7 @@ class _SecretBackendSignState:
303
337
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
304
338
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
305
339
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: The CA chain
340
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
306
341
  :param pulumi.Input[str] certificate: The certificate
307
342
  :param pulumi.Input[str] common_name: CN of certificate to create
308
343
  :param pulumi.Input[str] csr: The CSR
@@ -321,6 +356,7 @@ class _SecretBackendSignState:
321
356
  The value should not contain leading or trailing forward slashes.
322
357
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
323
358
  *Available only for Vault Enterprise*.
359
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
324
360
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
325
361
  :param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
326
362
  :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
@@ -335,6 +371,8 @@ class _SecretBackendSignState:
335
371
  pulumi.set(__self__, "backend", backend)
336
372
  if ca_chains is not None:
337
373
  pulumi.set(__self__, "ca_chains", ca_chains)
374
+ if cert_metadata is not None:
375
+ pulumi.set(__self__, "cert_metadata", cert_metadata)
338
376
  if certificate is not None:
339
377
  pulumi.set(__self__, "certificate", certificate)
340
378
  if common_name is not None:
@@ -359,6 +397,8 @@ class _SecretBackendSignState:
359
397
  pulumi.set(__self__, "name", name)
360
398
  if namespace is not None:
361
399
  pulumi.set(__self__, "namespace", namespace)
400
+ if not_after is not None:
401
+ pulumi.set(__self__, "not_after", not_after)
362
402
  if other_sans is not None:
363
403
  pulumi.set(__self__, "other_sans", other_sans)
364
404
  if renew_pending is not None:
@@ -418,6 +458,18 @@ class _SecretBackendSignState:
418
458
  def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
419
459
  pulumi.set(self, "ca_chains", value)
420
460
 
461
+ @property
462
+ @pulumi.getter(name="certMetadata")
463
+ def cert_metadata(self) -> Optional[pulumi.Input[str]]:
464
+ """
465
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
466
+ """
467
+ return pulumi.get(self, "cert_metadata")
468
+
469
+ @cert_metadata.setter
470
+ def cert_metadata(self, value: Optional[pulumi.Input[str]]):
471
+ pulumi.set(self, "cert_metadata", value)
472
+
421
473
  @property
422
474
  @pulumi.getter
423
475
  def certificate(self) -> Optional[pulumi.Input[str]]:
@@ -568,6 +620,18 @@ class _SecretBackendSignState:
568
620
  def namespace(self, value: Optional[pulumi.Input[str]]):
569
621
  pulumi.set(self, "namespace", value)
570
622
 
623
+ @property
624
+ @pulumi.getter(name="notAfter")
625
+ def not_after(self) -> Optional[pulumi.Input[str]]:
626
+ """
627
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
628
+ """
629
+ return pulumi.get(self, "not_after")
630
+
631
+ @not_after.setter
632
+ def not_after(self, value: Optional[pulumi.Input[str]]):
633
+ pulumi.set(self, "not_after", value)
634
+
571
635
  @property
572
636
  @pulumi.getter(name="otherSans")
573
637
  def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -637,6 +701,7 @@ class SecretBackendSign(pulumi.CustomResource):
637
701
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
638
702
  auto_renew: Optional[pulumi.Input[bool]] = None,
639
703
  backend: Optional[pulumi.Input[str]] = None,
704
+ cert_metadata: Optional[pulumi.Input[str]] = None,
640
705
  common_name: Optional[pulumi.Input[str]] = None,
641
706
  csr: Optional[pulumi.Input[str]] = None,
642
707
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
@@ -646,6 +711,7 @@ class SecretBackendSign(pulumi.CustomResource):
646
711
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
647
712
  name: Optional[pulumi.Input[str]] = None,
648
713
  namespace: Optional[pulumi.Input[str]] = None,
714
+ not_after: Optional[pulumi.Input[str]] = None,
649
715
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
650
716
  ttl: Optional[pulumi.Input[str]] = None,
651
717
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -697,6 +763,7 @@ class SecretBackendSign(pulumi.CustomResource):
697
763
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
698
764
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
699
765
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
766
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
700
767
  :param pulumi.Input[str] common_name: CN of certificate to create
701
768
  :param pulumi.Input[str] csr: The CSR
702
769
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
@@ -712,6 +779,7 @@ class SecretBackendSign(pulumi.CustomResource):
712
779
  The value should not contain leading or trailing forward slashes.
713
780
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
714
781
  *Available only for Vault Enterprise*.
782
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
715
783
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
716
784
  :param pulumi.Input[str] ttl: Time to live
717
785
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
@@ -782,6 +850,7 @@ class SecretBackendSign(pulumi.CustomResource):
782
850
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
783
851
  auto_renew: Optional[pulumi.Input[bool]] = None,
784
852
  backend: Optional[pulumi.Input[str]] = None,
853
+ cert_metadata: Optional[pulumi.Input[str]] = None,
785
854
  common_name: Optional[pulumi.Input[str]] = None,
786
855
  csr: Optional[pulumi.Input[str]] = None,
787
856
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
@@ -791,6 +860,7 @@ class SecretBackendSign(pulumi.CustomResource):
791
860
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
792
861
  name: Optional[pulumi.Input[str]] = None,
793
862
  namespace: Optional[pulumi.Input[str]] = None,
863
+ not_after: Optional[pulumi.Input[str]] = None,
794
864
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
795
865
  ttl: Optional[pulumi.Input[str]] = None,
796
866
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -808,6 +878,7 @@ class SecretBackendSign(pulumi.CustomResource):
808
878
  if backend is None and not opts.urn:
809
879
  raise TypeError("Missing required property 'backend'")
810
880
  __props__.__dict__["backend"] = backend
881
+ __props__.__dict__["cert_metadata"] = cert_metadata
811
882
  if common_name is None and not opts.urn:
812
883
  raise TypeError("Missing required property 'common_name'")
813
884
  __props__.__dict__["common_name"] = common_name
@@ -821,6 +892,7 @@ class SecretBackendSign(pulumi.CustomResource):
821
892
  __props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
822
893
  __props__.__dict__["name"] = name
823
894
  __props__.__dict__["namespace"] = namespace
895
+ __props__.__dict__["not_after"] = not_after
824
896
  __props__.__dict__["other_sans"] = other_sans
825
897
  __props__.__dict__["ttl"] = ttl
826
898
  __props__.__dict__["uri_sans"] = uri_sans
@@ -844,6 +916,7 @@ class SecretBackendSign(pulumi.CustomResource):
844
916
  auto_renew: Optional[pulumi.Input[bool]] = None,
845
917
  backend: Optional[pulumi.Input[str]] = None,
846
918
  ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
919
+ cert_metadata: Optional[pulumi.Input[str]] = None,
847
920
  certificate: Optional[pulumi.Input[str]] = None,
848
921
  common_name: Optional[pulumi.Input[str]] = None,
849
922
  csr: Optional[pulumi.Input[str]] = None,
@@ -856,6 +929,7 @@ class SecretBackendSign(pulumi.CustomResource):
856
929
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
857
930
  name: Optional[pulumi.Input[str]] = None,
858
931
  namespace: Optional[pulumi.Input[str]] = None,
932
+ not_after: Optional[pulumi.Input[str]] = None,
859
933
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
860
934
  renew_pending: Optional[pulumi.Input[bool]] = None,
861
935
  serial_number: Optional[pulumi.Input[str]] = None,
@@ -872,6 +946,7 @@ class SecretBackendSign(pulumi.CustomResource):
872
946
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
873
947
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
874
948
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: The CA chain
949
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
875
950
  :param pulumi.Input[str] certificate: The certificate
876
951
  :param pulumi.Input[str] common_name: CN of certificate to create
877
952
  :param pulumi.Input[str] csr: The CSR
@@ -890,6 +965,7 @@ class SecretBackendSign(pulumi.CustomResource):
890
965
  The value should not contain leading or trailing forward slashes.
891
966
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
892
967
  *Available only for Vault Enterprise*.
968
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
893
969
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
894
970
  :param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
895
971
  :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
@@ -904,6 +980,7 @@ class SecretBackendSign(pulumi.CustomResource):
904
980
  __props__.__dict__["auto_renew"] = auto_renew
905
981
  __props__.__dict__["backend"] = backend
906
982
  __props__.__dict__["ca_chains"] = ca_chains
983
+ __props__.__dict__["cert_metadata"] = cert_metadata
907
984
  __props__.__dict__["certificate"] = certificate
908
985
  __props__.__dict__["common_name"] = common_name
909
986
  __props__.__dict__["csr"] = csr
@@ -916,6 +993,7 @@ class SecretBackendSign(pulumi.CustomResource):
916
993
  __props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
917
994
  __props__.__dict__["name"] = name
918
995
  __props__.__dict__["namespace"] = namespace
996
+ __props__.__dict__["not_after"] = not_after
919
997
  __props__.__dict__["other_sans"] = other_sans
920
998
  __props__.__dict__["renew_pending"] = renew_pending
921
999
  __props__.__dict__["serial_number"] = serial_number
@@ -955,6 +1033,14 @@ class SecretBackendSign(pulumi.CustomResource):
955
1033
  """
956
1034
  return pulumi.get(self, "ca_chains")
957
1035
 
1036
+ @property
1037
+ @pulumi.getter(name="certMetadata")
1038
+ def cert_metadata(self) -> pulumi.Output[Optional[str]]:
1039
+ """
1040
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
1041
+ """
1042
+ return pulumi.get(self, "cert_metadata")
1043
+
958
1044
  @property
959
1045
  @pulumi.getter
960
1046
  def certificate(self) -> pulumi.Output[str]:
@@ -1057,6 +1143,14 @@ class SecretBackendSign(pulumi.CustomResource):
1057
1143
  """
1058
1144
  return pulumi.get(self, "namespace")
1059
1145
 
1146
+ @property
1147
+ @pulumi.getter(name="notAfter")
1148
+ def not_after(self) -> pulumi.Output[Optional[str]]:
1149
+ """
1150
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1151
+ """
1152
+ return pulumi.get(self, "not_after")
1153
+
1060
1154
  @property
1061
1155
  @pulumi.getter(name="otherSans")
1062
1156
  def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -1,5 +1,5 @@
1
1
  {
2
2
  "resource": true,
3
3
  "name": "vault",
4
- "version": "6.6.0-alpha.1741415971"
4
+ "version": "6.6.0-alpha.1741836364"
5
5
  }
@@ -5,6 +5,7 @@
5
5
  from .. import _utilities
6
6
  import typing
7
7
  # Export this package's modules as members:
8
+ from .get_secret_backend_sign import *
8
9
  from .secret_backend_ca import *
9
10
  from .secret_backend_role import *
10
11
  from ._inputs import *
@@ -0,0 +1,294 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import copy
6
+ import warnings
7
+ import sys
8
+ import pulumi
9
+ import pulumi.runtime
10
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
15
+ from .. import _utilities
16
+
17
+ __all__ = [
18
+ 'GetSecretBackendSignResult',
19
+ 'AwaitableGetSecretBackendSignResult',
20
+ 'get_secret_backend_sign',
21
+ 'get_secret_backend_sign_output',
22
+ ]
23
+
24
+ @pulumi.output_type
25
+ class GetSecretBackendSignResult:
26
+ """
27
+ A collection of values returned by getSecretBackendSign.
28
+ """
29
+ def __init__(__self__, cert_type=None, critical_options=None, extensions=None, id=None, key_id=None, name=None, namespace=None, path=None, public_key=None, serial_number=None, signed_key=None, ttl=None, valid_principals=None):
30
+ if cert_type and not isinstance(cert_type, str):
31
+ raise TypeError("Expected argument 'cert_type' to be a str")
32
+ pulumi.set(__self__, "cert_type", cert_type)
33
+ if critical_options and not isinstance(critical_options, dict):
34
+ raise TypeError("Expected argument 'critical_options' to be a dict")
35
+ pulumi.set(__self__, "critical_options", critical_options)
36
+ if extensions and not isinstance(extensions, dict):
37
+ raise TypeError("Expected argument 'extensions' to be a dict")
38
+ pulumi.set(__self__, "extensions", extensions)
39
+ if id and not isinstance(id, str):
40
+ raise TypeError("Expected argument 'id' to be a str")
41
+ pulumi.set(__self__, "id", id)
42
+ if key_id and not isinstance(key_id, str):
43
+ raise TypeError("Expected argument 'key_id' to be a str")
44
+ pulumi.set(__self__, "key_id", key_id)
45
+ if name and not isinstance(name, str):
46
+ raise TypeError("Expected argument 'name' to be a str")
47
+ pulumi.set(__self__, "name", name)
48
+ if namespace and not isinstance(namespace, str):
49
+ raise TypeError("Expected argument 'namespace' to be a str")
50
+ pulumi.set(__self__, "namespace", namespace)
51
+ if path and not isinstance(path, str):
52
+ raise TypeError("Expected argument 'path' to be a str")
53
+ pulumi.set(__self__, "path", path)
54
+ if public_key and not isinstance(public_key, str):
55
+ raise TypeError("Expected argument 'public_key' to be a str")
56
+ pulumi.set(__self__, "public_key", public_key)
57
+ if serial_number and not isinstance(serial_number, str):
58
+ raise TypeError("Expected argument 'serial_number' to be a str")
59
+ pulumi.set(__self__, "serial_number", serial_number)
60
+ if signed_key and not isinstance(signed_key, str):
61
+ raise TypeError("Expected argument 'signed_key' to be a str")
62
+ pulumi.set(__self__, "signed_key", signed_key)
63
+ if ttl and not isinstance(ttl, str):
64
+ raise TypeError("Expected argument 'ttl' to be a str")
65
+ pulumi.set(__self__, "ttl", ttl)
66
+ if valid_principals and not isinstance(valid_principals, str):
67
+ raise TypeError("Expected argument 'valid_principals' to be a str")
68
+ pulumi.set(__self__, "valid_principals", valid_principals)
69
+
70
+ @property
71
+ @pulumi.getter(name="certType")
72
+ def cert_type(self) -> Optional[str]:
73
+ return pulumi.get(self, "cert_type")
74
+
75
+ @property
76
+ @pulumi.getter(name="criticalOptions")
77
+ def critical_options(self) -> Optional[Mapping[str, str]]:
78
+ return pulumi.get(self, "critical_options")
79
+
80
+ @property
81
+ @pulumi.getter
82
+ def extensions(self) -> Optional[Mapping[str, str]]:
83
+ return pulumi.get(self, "extensions")
84
+
85
+ @property
86
+ @pulumi.getter
87
+ def id(self) -> str:
88
+ """
89
+ The provider-assigned unique ID for this managed resource.
90
+ """
91
+ return pulumi.get(self, "id")
92
+
93
+ @property
94
+ @pulumi.getter(name="keyId")
95
+ def key_id(self) -> Optional[str]:
96
+ return pulumi.get(self, "key_id")
97
+
98
+ @property
99
+ @pulumi.getter
100
+ def name(self) -> str:
101
+ return pulumi.get(self, "name")
102
+
103
+ @property
104
+ @pulumi.getter
105
+ def namespace(self) -> Optional[str]:
106
+ return pulumi.get(self, "namespace")
107
+
108
+ @property
109
+ @pulumi.getter
110
+ def path(self) -> str:
111
+ return pulumi.get(self, "path")
112
+
113
+ @property
114
+ @pulumi.getter(name="publicKey")
115
+ def public_key(self) -> str:
116
+ return pulumi.get(self, "public_key")
117
+
118
+ @property
119
+ @pulumi.getter(name="serialNumber")
120
+ def serial_number(self) -> str:
121
+ """
122
+ The serial number of the certificate returned from Vault
123
+ """
124
+ return pulumi.get(self, "serial_number")
125
+
126
+ @property
127
+ @pulumi.getter(name="signedKey")
128
+ def signed_key(self) -> str:
129
+ """
130
+ The signed certificate returned from Vault
131
+ """
132
+ return pulumi.get(self, "signed_key")
133
+
134
+ @property
135
+ @pulumi.getter
136
+ def ttl(self) -> Optional[str]:
137
+ return pulumi.get(self, "ttl")
138
+
139
+ @property
140
+ @pulumi.getter(name="validPrincipals")
141
+ def valid_principals(self) -> Optional[str]:
142
+ return pulumi.get(self, "valid_principals")
143
+
144
+
145
+ class AwaitableGetSecretBackendSignResult(GetSecretBackendSignResult):
146
+ # pylint: disable=using-constant-test
147
+ def __await__(self):
148
+ if False:
149
+ yield self
150
+ return GetSecretBackendSignResult(
151
+ cert_type=self.cert_type,
152
+ critical_options=self.critical_options,
153
+ extensions=self.extensions,
154
+ id=self.id,
155
+ key_id=self.key_id,
156
+ name=self.name,
157
+ namespace=self.namespace,
158
+ path=self.path,
159
+ public_key=self.public_key,
160
+ serial_number=self.serial_number,
161
+ signed_key=self.signed_key,
162
+ ttl=self.ttl,
163
+ valid_principals=self.valid_principals)
164
+
165
+
166
+ def get_secret_backend_sign(cert_type: Optional[str] = None,
167
+ critical_options: Optional[Mapping[str, str]] = None,
168
+ extensions: Optional[Mapping[str, str]] = None,
169
+ key_id: Optional[str] = None,
170
+ name: Optional[str] = None,
171
+ namespace: Optional[str] = None,
172
+ path: Optional[str] = None,
173
+ public_key: Optional[str] = None,
174
+ ttl: Optional[str] = None,
175
+ valid_principals: Optional[str] = None,
176
+ opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetSecretBackendSignResult:
177
+ """
178
+ This is a data source which can be used to sign an SSH public key
179
+
180
+ ## Example Usage
181
+
182
+ ```python
183
+ import pulumi
184
+ import pulumi_vault as vault
185
+
186
+ test = vault.ssh.get_secret_backend_sign(path="ssh",
187
+ public_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDR6q4PTcuIkpdGEqaCaxnR8/REqlbSiEIKaRZkVSjiTXOaiSfUsy9cY2+7+oO9fLMUrhylImerjzEoagX1IjYvc9IeUBaRnfacN7QwUDfstgp2jknbg7rNX9j9nFxwltV/jYQPcRq8Ud0wn1nb4qixq+diM7+Up+xJOeaKxbpjEUJH5dcvaBB+Aa24tJpjOQxtFyQ6dUxlgJu0tcygZR92kKYCVjZDohlSED3i/Ak2KFwqCKx2IZWq9z1vMEgmRzv++4Qt1OsbpW8itiCyWn6lmV33eDCdjMrr9TEThQNnMinPrHdmVUnPZ/OomP+rLDRE9lQR16uaSvKhg5TWOFIXRPyEhX9arEATrE4KSWeQN2qgHOb6P24YqgEm1ZdHJq25q/nBBAa1x0tFMiWqZwOsGeJ9nTeOeyiqFKH5YRBo6DIy3ag3taFsfQSve6oqjnrudUd1hJ8/bNSz8amECfP0ULvAEAgpiurj3eCPc3OcXl4tAld9F6KwabEJV5eelcs= user@example.com",
188
+ name="test",
189
+ valid_principals="my-user")
190
+ ```
191
+
192
+
193
+ :param str cert_type: Specifies the type of certificate to be created; either "user" or "host".
194
+ :param Mapping[str, str] critical_options: Specifies a map of the critical options that the certificate should be signed for. Defaults to none.
195
+ :param Mapping[str, str] extensions: Specifies a map of the extensions that the certificate should be signed for. Defaults to none.
196
+ :param str key_id: Specifies the key id that the created certificate should have. If not specified, the display name of the token will be used.
197
+ :param str name: Specifies the name of the role to sign.
198
+ :param str path: Full path where SSH backend is mounted.
199
+ :param str public_key: Specifies the SSH public key that should be signed.
200
+ :param str ttl: Specifies the Requested Time To Live. Cannot be greater than the role's max_ttl value. If not provided, the role's ttl value will be used. Note that the role values default to system values if not explicitly set.
201
+ :param str valid_principals: Specifies valid principals, either usernames or hostnames, that the certificate should be signed for. Required unless the role has specified allow_empty_principals or a value has been set for either the default_user or default_user_template role parameters.
202
+ """
203
+ __args__ = dict()
204
+ __args__['certType'] = cert_type
205
+ __args__['criticalOptions'] = critical_options
206
+ __args__['extensions'] = extensions
207
+ __args__['keyId'] = key_id
208
+ __args__['name'] = name
209
+ __args__['namespace'] = namespace
210
+ __args__['path'] = path
211
+ __args__['publicKey'] = public_key
212
+ __args__['ttl'] = ttl
213
+ __args__['validPrincipals'] = valid_principals
214
+ opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
215
+ __ret__ = pulumi.runtime.invoke('vault:ssh/getSecretBackendSign:getSecretBackendSign', __args__, opts=opts, typ=GetSecretBackendSignResult).value
216
+
217
+ return AwaitableGetSecretBackendSignResult(
218
+ cert_type=pulumi.get(__ret__, 'cert_type'),
219
+ critical_options=pulumi.get(__ret__, 'critical_options'),
220
+ extensions=pulumi.get(__ret__, 'extensions'),
221
+ id=pulumi.get(__ret__, 'id'),
222
+ key_id=pulumi.get(__ret__, 'key_id'),
223
+ name=pulumi.get(__ret__, 'name'),
224
+ namespace=pulumi.get(__ret__, 'namespace'),
225
+ path=pulumi.get(__ret__, 'path'),
226
+ public_key=pulumi.get(__ret__, 'public_key'),
227
+ serial_number=pulumi.get(__ret__, 'serial_number'),
228
+ signed_key=pulumi.get(__ret__, 'signed_key'),
229
+ ttl=pulumi.get(__ret__, 'ttl'),
230
+ valid_principals=pulumi.get(__ret__, 'valid_principals'))
231
+ def get_secret_backend_sign_output(cert_type: Optional[pulumi.Input[Optional[str]]] = None,
232
+ critical_options: Optional[pulumi.Input[Optional[Mapping[str, str]]]] = None,
233
+ extensions: Optional[pulumi.Input[Optional[Mapping[str, str]]]] = None,
234
+ key_id: Optional[pulumi.Input[Optional[str]]] = None,
235
+ name: Optional[pulumi.Input[str]] = None,
236
+ namespace: Optional[pulumi.Input[Optional[str]]] = None,
237
+ path: Optional[pulumi.Input[str]] = None,
238
+ public_key: Optional[pulumi.Input[str]] = None,
239
+ ttl: Optional[pulumi.Input[Optional[str]]] = None,
240
+ valid_principals: Optional[pulumi.Input[Optional[str]]] = None,
241
+ opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecretBackendSignResult]:
242
+ """
243
+ This is a data source which can be used to sign an SSH public key
244
+
245
+ ## Example Usage
246
+
247
+ ```python
248
+ import pulumi
249
+ import pulumi_vault as vault
250
+
251
+ test = vault.ssh.get_secret_backend_sign(path="ssh",
252
+ public_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDR6q4PTcuIkpdGEqaCaxnR8/REqlbSiEIKaRZkVSjiTXOaiSfUsy9cY2+7+oO9fLMUrhylImerjzEoagX1IjYvc9IeUBaRnfacN7QwUDfstgp2jknbg7rNX9j9nFxwltV/jYQPcRq8Ud0wn1nb4qixq+diM7+Up+xJOeaKxbpjEUJH5dcvaBB+Aa24tJpjOQxtFyQ6dUxlgJu0tcygZR92kKYCVjZDohlSED3i/Ak2KFwqCKx2IZWq9z1vMEgmRzv++4Qt1OsbpW8itiCyWn6lmV33eDCdjMrr9TEThQNnMinPrHdmVUnPZ/OomP+rLDRE9lQR16uaSvKhg5TWOFIXRPyEhX9arEATrE4KSWeQN2qgHOb6P24YqgEm1ZdHJq25q/nBBAa1x0tFMiWqZwOsGeJ9nTeOeyiqFKH5YRBo6DIy3ag3taFsfQSve6oqjnrudUd1hJ8/bNSz8amECfP0ULvAEAgpiurj3eCPc3OcXl4tAld9F6KwabEJV5eelcs= user@example.com",
253
+ name="test",
254
+ valid_principals="my-user")
255
+ ```
256
+
257
+
258
+ :param str cert_type: Specifies the type of certificate to be created; either "user" or "host".
259
+ :param Mapping[str, str] critical_options: Specifies a map of the critical options that the certificate should be signed for. Defaults to none.
260
+ :param Mapping[str, str] extensions: Specifies a map of the extensions that the certificate should be signed for. Defaults to none.
261
+ :param str key_id: Specifies the key id that the created certificate should have. If not specified, the display name of the token will be used.
262
+ :param str name: Specifies the name of the role to sign.
263
+ :param str path: Full path where SSH backend is mounted.
264
+ :param str public_key: Specifies the SSH public key that should be signed.
265
+ :param str ttl: Specifies the Requested Time To Live. Cannot be greater than the role's max_ttl value. If not provided, the role's ttl value will be used. Note that the role values default to system values if not explicitly set.
266
+ :param str valid_principals: Specifies valid principals, either usernames or hostnames, that the certificate should be signed for. Required unless the role has specified allow_empty_principals or a value has been set for either the default_user or default_user_template role parameters.
267
+ """
268
+ __args__ = dict()
269
+ __args__['certType'] = cert_type
270
+ __args__['criticalOptions'] = critical_options
271
+ __args__['extensions'] = extensions
272
+ __args__['keyId'] = key_id
273
+ __args__['name'] = name
274
+ __args__['namespace'] = namespace
275
+ __args__['path'] = path
276
+ __args__['publicKey'] = public_key
277
+ __args__['ttl'] = ttl
278
+ __args__['validPrincipals'] = valid_principals
279
+ opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
280
+ __ret__ = pulumi.runtime.invoke_output('vault:ssh/getSecretBackendSign:getSecretBackendSign', __args__, opts=opts, typ=GetSecretBackendSignResult)
281
+ return __ret__.apply(lambda __response__: GetSecretBackendSignResult(
282
+ cert_type=pulumi.get(__response__, 'cert_type'),
283
+ critical_options=pulumi.get(__response__, 'critical_options'),
284
+ extensions=pulumi.get(__response__, 'extensions'),
285
+ id=pulumi.get(__response__, 'id'),
286
+ key_id=pulumi.get(__response__, 'key_id'),
287
+ name=pulumi.get(__response__, 'name'),
288
+ namespace=pulumi.get(__response__, 'namespace'),
289
+ path=pulumi.get(__response__, 'path'),
290
+ public_key=pulumi.get(__response__, 'public_key'),
291
+ serial_number=pulumi.get(__response__, 'serial_number'),
292
+ signed_key=pulumi.get(__response__, 'signed_key'),
293
+ ttl=pulumi.get(__response__, 'ttl'),
294
+ valid_principals=pulumi.get(__response__, 'valid_principals')))