pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,1377 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import builtins
6
+ import copy
7
+ import warnings
8
+ import sys
9
+ import pulumi
10
+ import pulumi.runtime
11
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
12
+ if sys.version_info >= (3, 11):
13
+ from typing import NotRequired, TypedDict, TypeAlias
14
+ else:
15
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
16
+ from .. import _utilities
17
+
18
+ __all__ = ['BackendConfigAutoTidyArgs', 'BackendConfigAutoTidy']
19
+
20
+ @pulumi.input_type
21
+ class BackendConfigAutoTidyArgs:
22
+ def __init__(__self__, *,
23
+ backend: pulumi.Input[builtins.str],
24
+ enabled: pulumi.Input[builtins.bool],
25
+ acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
26
+ interval_duration: Optional[pulumi.Input[builtins.str]] = None,
27
+ issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
28
+ maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
29
+ max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
30
+ min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
31
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
32
+ pause_duration: Optional[pulumi.Input[builtins.str]] = None,
33
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
34
+ revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
35
+ safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
36
+ tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
37
+ tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
38
+ tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
39
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
40
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
41
+ tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
42
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
43
+ tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
44
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
45
+ tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None):
46
+ """
47
+ The set of arguments for constructing a BackendConfigAutoTidy resource.
48
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
49
+ read the configuration from, with no leading or trailing `/`s.
50
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
51
+ :param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
52
+ time after being marked revoked or deactivated.
53
+ :param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
54
+ between tidy invocations (after one finishes to the start of the next).
55
+ :param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
56
+ expiration before it is removed from the backend storage.
57
+ :param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
58
+ counted upon initialization of the backend, and whether during normal operation, a running count
59
+ of certificates stored is maintained.
60
+ :param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
61
+ after startup.
62
+ :param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
63
+ after startup.
64
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
65
+ The value should not contain leading or trailing forward slashes.
66
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
67
+ *Available only for Vault Enterprise*.
68
+ :param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
69
+ :param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
70
+ certificate count is published to the metrics consumer.
71
+ :param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
72
+ cross-cluster revocation request being initiated to when it will be slated for removal.
73
+ :param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
74
+ expiration before it is removed from the backend storage and/or revocation list.
75
+ :param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
76
+ :param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
77
+ :param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
78
+ :param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
79
+ :param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
80
+ revoked certificate store.
81
+ :param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
82
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
83
+ :param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
84
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
85
+ :param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
86
+ haven't been confirmed by any active cluster.
87
+ :param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
88
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
89
+ :param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
90
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
91
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
92
+ the CRL, and the CRL will be rotated.
93
+ """
94
+ pulumi.set(__self__, "backend", backend)
95
+ pulumi.set(__self__, "enabled", enabled)
96
+ if acme_account_safety_buffer is not None:
97
+ pulumi.set(__self__, "acme_account_safety_buffer", acme_account_safety_buffer)
98
+ if interval_duration is not None:
99
+ pulumi.set(__self__, "interval_duration", interval_duration)
100
+ if issuer_safety_buffer is not None:
101
+ pulumi.set(__self__, "issuer_safety_buffer", issuer_safety_buffer)
102
+ if maintain_stored_certificate_counts is not None:
103
+ pulumi.set(__self__, "maintain_stored_certificate_counts", maintain_stored_certificate_counts)
104
+ if max_startup_backoff_duration is not None:
105
+ pulumi.set(__self__, "max_startup_backoff_duration", max_startup_backoff_duration)
106
+ if min_startup_backoff_duration is not None:
107
+ pulumi.set(__self__, "min_startup_backoff_duration", min_startup_backoff_duration)
108
+ if namespace is not None:
109
+ pulumi.set(__self__, "namespace", namespace)
110
+ if pause_duration is not None:
111
+ pulumi.set(__self__, "pause_duration", pause_duration)
112
+ if publish_stored_certificate_count_metrics is not None:
113
+ pulumi.set(__self__, "publish_stored_certificate_count_metrics", publish_stored_certificate_count_metrics)
114
+ if revocation_queue_safety_buffer is not None:
115
+ pulumi.set(__self__, "revocation_queue_safety_buffer", revocation_queue_safety_buffer)
116
+ if safety_buffer is not None:
117
+ pulumi.set(__self__, "safety_buffer", safety_buffer)
118
+ if tidy_acme is not None:
119
+ pulumi.set(__self__, "tidy_acme", tidy_acme)
120
+ if tidy_cert_metadata is not None:
121
+ pulumi.set(__self__, "tidy_cert_metadata", tidy_cert_metadata)
122
+ if tidy_cert_store is not None:
123
+ pulumi.set(__self__, "tidy_cert_store", tidy_cert_store)
124
+ if tidy_cmpv2_nonce_store is not None:
125
+ pulumi.set(__self__, "tidy_cmpv2_nonce_store", tidy_cmpv2_nonce_store)
126
+ if tidy_cross_cluster_revoked_certs is not None:
127
+ pulumi.set(__self__, "tidy_cross_cluster_revoked_certs", tidy_cross_cluster_revoked_certs)
128
+ if tidy_expired_issuers is not None:
129
+ pulumi.set(__self__, "tidy_expired_issuers", tidy_expired_issuers)
130
+ if tidy_move_legacy_ca_bundle is not None:
131
+ pulumi.set(__self__, "tidy_move_legacy_ca_bundle", tidy_move_legacy_ca_bundle)
132
+ if tidy_revocation_queue is not None:
133
+ pulumi.set(__self__, "tidy_revocation_queue", tidy_revocation_queue)
134
+ if tidy_revoked_cert_issuer_associations is not None:
135
+ pulumi.set(__self__, "tidy_revoked_cert_issuer_associations", tidy_revoked_cert_issuer_associations)
136
+ if tidy_revoked_certs is not None:
137
+ pulumi.set(__self__, "tidy_revoked_certs", tidy_revoked_certs)
138
+
139
+ @property
140
+ @pulumi.getter
141
+ def backend(self) -> pulumi.Input[builtins.str]:
142
+ """
143
+ The path to the PKI secret backend to
144
+ read the configuration from, with no leading or trailing `/`s.
145
+ """
146
+ return pulumi.get(self, "backend")
147
+
148
+ @backend.setter
149
+ def backend(self, value: pulumi.Input[builtins.str]):
150
+ pulumi.set(self, "backend", value)
151
+
152
+ @property
153
+ @pulumi.getter
154
+ def enabled(self) -> pulumi.Input[builtins.bool]:
155
+ """
156
+ Specifies whether automatic tidy is enabled or not.
157
+ """
158
+ return pulumi.get(self, "enabled")
159
+
160
+ @enabled.setter
161
+ def enabled(self, value: pulumi.Input[builtins.bool]):
162
+ pulumi.set(self, "enabled", value)
163
+
164
+ @property
165
+ @pulumi.getter(name="acmeAccountSafetyBuffer")
166
+ def acme_account_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
167
+ """
168
+ The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
169
+ time after being marked revoked or deactivated.
170
+ """
171
+ return pulumi.get(self, "acme_account_safety_buffer")
172
+
173
+ @acme_account_safety_buffer.setter
174
+ def acme_account_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
175
+ pulumi.set(self, "acme_account_safety_buffer", value)
176
+
177
+ @property
178
+ @pulumi.getter(name="intervalDuration")
179
+ def interval_duration(self) -> Optional[pulumi.Input[builtins.str]]:
180
+ """
181
+ Interval at which to run an auto-tidy operation. This is the time
182
+ between tidy invocations (after one finishes to the start of the next).
183
+ """
184
+ return pulumi.get(self, "interval_duration")
185
+
186
+ @interval_duration.setter
187
+ def interval_duration(self, value: Optional[pulumi.Input[builtins.str]]):
188
+ pulumi.set(self, "interval_duration", value)
189
+
190
+ @property
191
+ @pulumi.getter(name="issuerSafetyBuffer")
192
+ def issuer_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
193
+ """
194
+ The amount of extra time that must have passed beyond issuer's
195
+ expiration before it is removed from the backend storage.
196
+ """
197
+ return pulumi.get(self, "issuer_safety_buffer")
198
+
199
+ @issuer_safety_buffer.setter
200
+ def issuer_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
201
+ pulumi.set(self, "issuer_safety_buffer", value)
202
+
203
+ @property
204
+ @pulumi.getter(name="maintainStoredCertificateCounts")
205
+ def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[builtins.bool]]:
206
+ """
207
+ This configures whether stored certificate are
208
+ counted upon initialization of the backend, and whether during normal operation, a running count
209
+ of certificates stored is maintained.
210
+ """
211
+ return pulumi.get(self, "maintain_stored_certificate_counts")
212
+
213
+ @maintain_stored_certificate_counts.setter
214
+ def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[builtins.bool]]):
215
+ pulumi.set(self, "maintain_stored_certificate_counts", value)
216
+
217
+ @property
218
+ @pulumi.getter(name="maxStartupBackoffDuration")
219
+ def max_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
220
+ """
221
+ The maximum amount of time auto-tidy will be delayed
222
+ after startup.
223
+ """
224
+ return pulumi.get(self, "max_startup_backoff_duration")
225
+
226
+ @max_startup_backoff_duration.setter
227
+ def max_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
228
+ pulumi.set(self, "max_startup_backoff_duration", value)
229
+
230
+ @property
231
+ @pulumi.getter(name="minStartupBackoffDuration")
232
+ def min_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
233
+ """
234
+ The minimum amount of time auto-tidy will be delayed
235
+ after startup.
236
+ """
237
+ return pulumi.get(self, "min_startup_backoff_duration")
238
+
239
+ @min_startup_backoff_duration.setter
240
+ def min_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
241
+ pulumi.set(self, "min_startup_backoff_duration", value)
242
+
243
+ @property
244
+ @pulumi.getter
245
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
246
+ """
247
+ The namespace of the target resource.
248
+ The value should not contain leading or trailing forward slashes.
249
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
250
+ *Available only for Vault Enterprise*.
251
+ """
252
+ return pulumi.get(self, "namespace")
253
+
254
+ @namespace.setter
255
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
256
+ pulumi.set(self, "namespace", value)
257
+
258
+ @property
259
+ @pulumi.getter(name="pauseDuration")
260
+ def pause_duration(self) -> Optional[pulumi.Input[builtins.str]]:
261
+ """
262
+ The amount of time to wait between processing certificates.
263
+ """
264
+ return pulumi.get(self, "pause_duration")
265
+
266
+ @pause_duration.setter
267
+ def pause_duration(self, value: Optional[pulumi.Input[builtins.str]]):
268
+ pulumi.set(self, "pause_duration", value)
269
+
270
+ @property
271
+ @pulumi.getter(name="publishStoredCertificateCountMetrics")
272
+ def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[builtins.bool]]:
273
+ """
274
+ This configures whether the stored
275
+ certificate count is published to the metrics consumer.
276
+ """
277
+ return pulumi.get(self, "publish_stored_certificate_count_metrics")
278
+
279
+ @publish_stored_certificate_count_metrics.setter
280
+ def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[builtins.bool]]):
281
+ pulumi.set(self, "publish_stored_certificate_count_metrics", value)
282
+
283
+ @property
284
+ @pulumi.getter(name="revocationQueueSafetyBuffer")
285
+ def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
286
+ """
287
+ The amount of time that must pass from the
288
+ cross-cluster revocation request being initiated to when it will be slated for removal.
289
+ """
290
+ return pulumi.get(self, "revocation_queue_safety_buffer")
291
+
292
+ @revocation_queue_safety_buffer.setter
293
+ def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
294
+ pulumi.set(self, "revocation_queue_safety_buffer", value)
295
+
296
+ @property
297
+ @pulumi.getter(name="safetyBuffer")
298
+ def safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
299
+ """
300
+ The amount of extra time that must have passed beyond certificate
301
+ expiration before it is removed from the backend storage and/or revocation list.
302
+ """
303
+ return pulumi.get(self, "safety_buffer")
304
+
305
+ @safety_buffer.setter
306
+ def safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
307
+ pulumi.set(self, "safety_buffer", value)
308
+
309
+ @property
310
+ @pulumi.getter(name="tidyAcme")
311
+ def tidy_acme(self) -> Optional[pulumi.Input[builtins.bool]]:
312
+ """
313
+ Set to true to enable tidying ACME accounts, orders and authorizations.
314
+ """
315
+ return pulumi.get(self, "tidy_acme")
316
+
317
+ @tidy_acme.setter
318
+ def tidy_acme(self, value: Optional[pulumi.Input[builtins.bool]]):
319
+ pulumi.set(self, "tidy_acme", value)
320
+
321
+ @property
322
+ @pulumi.getter(name="tidyCertMetadata")
323
+ def tidy_cert_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
324
+ """
325
+ Set to true to enable tidying up certificate metadata.
326
+ """
327
+ return pulumi.get(self, "tidy_cert_metadata")
328
+
329
+ @tidy_cert_metadata.setter
330
+ def tidy_cert_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
331
+ pulumi.set(self, "tidy_cert_metadata", value)
332
+
333
+ @property
334
+ @pulumi.getter(name="tidyCertStore")
335
+ def tidy_cert_store(self) -> Optional[pulumi.Input[builtins.bool]]:
336
+ """
337
+ Set to true to enable tidying up the certificate store
338
+ """
339
+ return pulumi.get(self, "tidy_cert_store")
340
+
341
+ @tidy_cert_store.setter
342
+ def tidy_cert_store(self, value: Optional[pulumi.Input[builtins.bool]]):
343
+ pulumi.set(self, "tidy_cert_store", value)
344
+
345
+ @property
346
+ @pulumi.getter(name="tidyCmpv2NonceStore")
347
+ def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[builtins.bool]]:
348
+ """
349
+ Set to true to enable tidying up the CMPv2 nonce store.
350
+ """
351
+ return pulumi.get(self, "tidy_cmpv2_nonce_store")
352
+
353
+ @tidy_cmpv2_nonce_store.setter
354
+ def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[builtins.bool]]):
355
+ pulumi.set(self, "tidy_cmpv2_nonce_store", value)
356
+
357
+ @property
358
+ @pulumi.getter(name="tidyCrossClusterRevokedCerts")
359
+ def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
360
+ """
361
+ Set to true to enable tidying up the cross-cluster
362
+ revoked certificate store.
363
+ """
364
+ return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
365
+
366
+ @tidy_cross_cluster_revoked_certs.setter
367
+ def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
368
+ pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
369
+
370
+ @property
371
+ @pulumi.getter(name="tidyExpiredIssuers")
372
+ def tidy_expired_issuers(self) -> Optional[pulumi.Input[builtins.bool]]:
373
+ """
374
+ Set to true to automatically remove expired issuers past the
375
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
376
+ """
377
+ return pulumi.get(self, "tidy_expired_issuers")
378
+
379
+ @tidy_expired_issuers.setter
380
+ def tidy_expired_issuers(self, value: Optional[pulumi.Input[builtins.bool]]):
381
+ pulumi.set(self, "tidy_expired_issuers", value)
382
+
383
+ @property
384
+ @pulumi.getter(name="tidyMoveLegacyCaBundle")
385
+ def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[builtins.bool]]:
386
+ """
387
+ Set to true to move the legacy `ca_bundle` from
388
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
389
+ """
390
+ return pulumi.get(self, "tidy_move_legacy_ca_bundle")
391
+
392
+ @tidy_move_legacy_ca_bundle.setter
393
+ def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[builtins.bool]]):
394
+ pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
395
+
396
+ @property
397
+ @pulumi.getter(name="tidyRevocationQueue")
398
+ def tidy_revocation_queue(self) -> Optional[pulumi.Input[builtins.bool]]:
399
+ """
400
+ Set to true to remove stale revocation queue entries that
401
+ haven't been confirmed by any active cluster.
402
+ """
403
+ return pulumi.get(self, "tidy_revocation_queue")
404
+
405
+ @tidy_revocation_queue.setter
406
+ def tidy_revocation_queue(self, value: Optional[pulumi.Input[builtins.bool]]):
407
+ pulumi.set(self, "tidy_revocation_queue", value)
408
+
409
+ @property
410
+ @pulumi.getter(name="tidyRevokedCertIssuerAssociations")
411
+ def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[builtins.bool]]:
412
+ """
413
+ Set to true to validate issuer associations
414
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
415
+ """
416
+ return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
417
+
418
+ @tidy_revoked_cert_issuer_associations.setter
419
+ def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[builtins.bool]]):
420
+ pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
421
+
422
+ @property
423
+ @pulumi.getter(name="tidyRevokedCerts")
424
+ def tidy_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
425
+ """
426
+ Set to true to remove all invalid and expired certificates from
427
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
428
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
429
+ the CRL, and the CRL will be rotated.
430
+ """
431
+ return pulumi.get(self, "tidy_revoked_certs")
432
+
433
+ @tidy_revoked_certs.setter
434
+ def tidy_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
435
+ pulumi.set(self, "tidy_revoked_certs", value)
436
+
437
+
438
+ @pulumi.input_type
439
+ class _BackendConfigAutoTidyState:
440
+ def __init__(__self__, *,
441
+ acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
442
+ backend: Optional[pulumi.Input[builtins.str]] = None,
443
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
444
+ interval_duration: Optional[pulumi.Input[builtins.str]] = None,
445
+ issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
446
+ maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
447
+ max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
448
+ min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
449
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
450
+ pause_duration: Optional[pulumi.Input[builtins.str]] = None,
451
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
452
+ revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
453
+ safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
454
+ tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
455
+ tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
456
+ tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
457
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
458
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
459
+ tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
460
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
461
+ tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
462
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
463
+ tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None):
464
+ """
465
+ Input properties used for looking up and filtering BackendConfigAutoTidy resources.
466
+ :param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
467
+ time after being marked revoked or deactivated.
468
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
469
+ read the configuration from, with no leading or trailing `/`s.
470
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
471
+ :param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
472
+ between tidy invocations (after one finishes to the start of the next).
473
+ :param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
474
+ expiration before it is removed from the backend storage.
475
+ :param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
476
+ counted upon initialization of the backend, and whether during normal operation, a running count
477
+ of certificates stored is maintained.
478
+ :param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
479
+ after startup.
480
+ :param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
481
+ after startup.
482
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
483
+ The value should not contain leading or trailing forward slashes.
484
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
485
+ *Available only for Vault Enterprise*.
486
+ :param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
487
+ :param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
488
+ certificate count is published to the metrics consumer.
489
+ :param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
490
+ cross-cluster revocation request being initiated to when it will be slated for removal.
491
+ :param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
492
+ expiration before it is removed from the backend storage and/or revocation list.
493
+ :param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
494
+ :param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
495
+ :param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
496
+ :param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
497
+ :param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
498
+ revoked certificate store.
499
+ :param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
500
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
501
+ :param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
502
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
503
+ :param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
504
+ haven't been confirmed by any active cluster.
505
+ :param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
506
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
507
+ :param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
508
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
509
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
510
+ the CRL, and the CRL will be rotated.
511
+ """
512
+ if acme_account_safety_buffer is not None:
513
+ pulumi.set(__self__, "acme_account_safety_buffer", acme_account_safety_buffer)
514
+ if backend is not None:
515
+ pulumi.set(__self__, "backend", backend)
516
+ if enabled is not None:
517
+ pulumi.set(__self__, "enabled", enabled)
518
+ if interval_duration is not None:
519
+ pulumi.set(__self__, "interval_duration", interval_duration)
520
+ if issuer_safety_buffer is not None:
521
+ pulumi.set(__self__, "issuer_safety_buffer", issuer_safety_buffer)
522
+ if maintain_stored_certificate_counts is not None:
523
+ pulumi.set(__self__, "maintain_stored_certificate_counts", maintain_stored_certificate_counts)
524
+ if max_startup_backoff_duration is not None:
525
+ pulumi.set(__self__, "max_startup_backoff_duration", max_startup_backoff_duration)
526
+ if min_startup_backoff_duration is not None:
527
+ pulumi.set(__self__, "min_startup_backoff_duration", min_startup_backoff_duration)
528
+ if namespace is not None:
529
+ pulumi.set(__self__, "namespace", namespace)
530
+ if pause_duration is not None:
531
+ pulumi.set(__self__, "pause_duration", pause_duration)
532
+ if publish_stored_certificate_count_metrics is not None:
533
+ pulumi.set(__self__, "publish_stored_certificate_count_metrics", publish_stored_certificate_count_metrics)
534
+ if revocation_queue_safety_buffer is not None:
535
+ pulumi.set(__self__, "revocation_queue_safety_buffer", revocation_queue_safety_buffer)
536
+ if safety_buffer is not None:
537
+ pulumi.set(__self__, "safety_buffer", safety_buffer)
538
+ if tidy_acme is not None:
539
+ pulumi.set(__self__, "tidy_acme", tidy_acme)
540
+ if tidy_cert_metadata is not None:
541
+ pulumi.set(__self__, "tidy_cert_metadata", tidy_cert_metadata)
542
+ if tidy_cert_store is not None:
543
+ pulumi.set(__self__, "tidy_cert_store", tidy_cert_store)
544
+ if tidy_cmpv2_nonce_store is not None:
545
+ pulumi.set(__self__, "tidy_cmpv2_nonce_store", tidy_cmpv2_nonce_store)
546
+ if tidy_cross_cluster_revoked_certs is not None:
547
+ pulumi.set(__self__, "tidy_cross_cluster_revoked_certs", tidy_cross_cluster_revoked_certs)
548
+ if tidy_expired_issuers is not None:
549
+ pulumi.set(__self__, "tidy_expired_issuers", tidy_expired_issuers)
550
+ if tidy_move_legacy_ca_bundle is not None:
551
+ pulumi.set(__self__, "tidy_move_legacy_ca_bundle", tidy_move_legacy_ca_bundle)
552
+ if tidy_revocation_queue is not None:
553
+ pulumi.set(__self__, "tidy_revocation_queue", tidy_revocation_queue)
554
+ if tidy_revoked_cert_issuer_associations is not None:
555
+ pulumi.set(__self__, "tidy_revoked_cert_issuer_associations", tidy_revoked_cert_issuer_associations)
556
+ if tidy_revoked_certs is not None:
557
+ pulumi.set(__self__, "tidy_revoked_certs", tidy_revoked_certs)
558
+
559
+ @property
560
+ @pulumi.getter(name="acmeAccountSafetyBuffer")
561
+ def acme_account_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
562
+ """
563
+ The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
564
+ time after being marked revoked or deactivated.
565
+ """
566
+ return pulumi.get(self, "acme_account_safety_buffer")
567
+
568
+ @acme_account_safety_buffer.setter
569
+ def acme_account_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
570
+ pulumi.set(self, "acme_account_safety_buffer", value)
571
+
572
+ @property
573
+ @pulumi.getter
574
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
575
+ """
576
+ The path to the PKI secret backend to
577
+ read the configuration from, with no leading or trailing `/`s.
578
+ """
579
+ return pulumi.get(self, "backend")
580
+
581
+ @backend.setter
582
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
583
+ pulumi.set(self, "backend", value)
584
+
585
+ @property
586
+ @pulumi.getter
587
+ def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
588
+ """
589
+ Specifies whether automatic tidy is enabled or not.
590
+ """
591
+ return pulumi.get(self, "enabled")
592
+
593
+ @enabled.setter
594
+ def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
595
+ pulumi.set(self, "enabled", value)
596
+
597
+ @property
598
+ @pulumi.getter(name="intervalDuration")
599
+ def interval_duration(self) -> Optional[pulumi.Input[builtins.str]]:
600
+ """
601
+ Interval at which to run an auto-tidy operation. This is the time
602
+ between tidy invocations (after one finishes to the start of the next).
603
+ """
604
+ return pulumi.get(self, "interval_duration")
605
+
606
+ @interval_duration.setter
607
+ def interval_duration(self, value: Optional[pulumi.Input[builtins.str]]):
608
+ pulumi.set(self, "interval_duration", value)
609
+
610
+ @property
611
+ @pulumi.getter(name="issuerSafetyBuffer")
612
+ def issuer_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
613
+ """
614
+ The amount of extra time that must have passed beyond issuer's
615
+ expiration before it is removed from the backend storage.
616
+ """
617
+ return pulumi.get(self, "issuer_safety_buffer")
618
+
619
+ @issuer_safety_buffer.setter
620
+ def issuer_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
621
+ pulumi.set(self, "issuer_safety_buffer", value)
622
+
623
+ @property
624
+ @pulumi.getter(name="maintainStoredCertificateCounts")
625
+ def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[builtins.bool]]:
626
+ """
627
+ This configures whether stored certificate are
628
+ counted upon initialization of the backend, and whether during normal operation, a running count
629
+ of certificates stored is maintained.
630
+ """
631
+ return pulumi.get(self, "maintain_stored_certificate_counts")
632
+
633
+ @maintain_stored_certificate_counts.setter
634
+ def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[builtins.bool]]):
635
+ pulumi.set(self, "maintain_stored_certificate_counts", value)
636
+
637
+ @property
638
+ @pulumi.getter(name="maxStartupBackoffDuration")
639
+ def max_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
640
+ """
641
+ The maximum amount of time auto-tidy will be delayed
642
+ after startup.
643
+ """
644
+ return pulumi.get(self, "max_startup_backoff_duration")
645
+
646
+ @max_startup_backoff_duration.setter
647
+ def max_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
648
+ pulumi.set(self, "max_startup_backoff_duration", value)
649
+
650
+ @property
651
+ @pulumi.getter(name="minStartupBackoffDuration")
652
+ def min_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
653
+ """
654
+ The minimum amount of time auto-tidy will be delayed
655
+ after startup.
656
+ """
657
+ return pulumi.get(self, "min_startup_backoff_duration")
658
+
659
+ @min_startup_backoff_duration.setter
660
+ def min_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
661
+ pulumi.set(self, "min_startup_backoff_duration", value)
662
+
663
+ @property
664
+ @pulumi.getter
665
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
666
+ """
667
+ The namespace of the target resource.
668
+ The value should not contain leading or trailing forward slashes.
669
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
670
+ *Available only for Vault Enterprise*.
671
+ """
672
+ return pulumi.get(self, "namespace")
673
+
674
+ @namespace.setter
675
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
676
+ pulumi.set(self, "namespace", value)
677
+
678
+ @property
679
+ @pulumi.getter(name="pauseDuration")
680
+ def pause_duration(self) -> Optional[pulumi.Input[builtins.str]]:
681
+ """
682
+ The amount of time to wait between processing certificates.
683
+ """
684
+ return pulumi.get(self, "pause_duration")
685
+
686
+ @pause_duration.setter
687
+ def pause_duration(self, value: Optional[pulumi.Input[builtins.str]]):
688
+ pulumi.set(self, "pause_duration", value)
689
+
690
+ @property
691
+ @pulumi.getter(name="publishStoredCertificateCountMetrics")
692
+ def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[builtins.bool]]:
693
+ """
694
+ This configures whether the stored
695
+ certificate count is published to the metrics consumer.
696
+ """
697
+ return pulumi.get(self, "publish_stored_certificate_count_metrics")
698
+
699
+ @publish_stored_certificate_count_metrics.setter
700
+ def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[builtins.bool]]):
701
+ pulumi.set(self, "publish_stored_certificate_count_metrics", value)
702
+
703
+ @property
704
+ @pulumi.getter(name="revocationQueueSafetyBuffer")
705
+ def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
706
+ """
707
+ The amount of time that must pass from the
708
+ cross-cluster revocation request being initiated to when it will be slated for removal.
709
+ """
710
+ return pulumi.get(self, "revocation_queue_safety_buffer")
711
+
712
+ @revocation_queue_safety_buffer.setter
713
+ def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
714
+ pulumi.set(self, "revocation_queue_safety_buffer", value)
715
+
716
+ @property
717
+ @pulumi.getter(name="safetyBuffer")
718
+ def safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
719
+ """
720
+ The amount of extra time that must have passed beyond certificate
721
+ expiration before it is removed from the backend storage and/or revocation list.
722
+ """
723
+ return pulumi.get(self, "safety_buffer")
724
+
725
+ @safety_buffer.setter
726
+ def safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
727
+ pulumi.set(self, "safety_buffer", value)
728
+
729
+ @property
730
+ @pulumi.getter(name="tidyAcme")
731
+ def tidy_acme(self) -> Optional[pulumi.Input[builtins.bool]]:
732
+ """
733
+ Set to true to enable tidying ACME accounts, orders and authorizations.
734
+ """
735
+ return pulumi.get(self, "tidy_acme")
736
+
737
+ @tidy_acme.setter
738
+ def tidy_acme(self, value: Optional[pulumi.Input[builtins.bool]]):
739
+ pulumi.set(self, "tidy_acme", value)
740
+
741
+ @property
742
+ @pulumi.getter(name="tidyCertMetadata")
743
+ def tidy_cert_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
744
+ """
745
+ Set to true to enable tidying up certificate metadata.
746
+ """
747
+ return pulumi.get(self, "tidy_cert_metadata")
748
+
749
+ @tidy_cert_metadata.setter
750
+ def tidy_cert_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
751
+ pulumi.set(self, "tidy_cert_metadata", value)
752
+
753
+ @property
754
+ @pulumi.getter(name="tidyCertStore")
755
+ def tidy_cert_store(self) -> Optional[pulumi.Input[builtins.bool]]:
756
+ """
757
+ Set to true to enable tidying up the certificate store
758
+ """
759
+ return pulumi.get(self, "tidy_cert_store")
760
+
761
+ @tidy_cert_store.setter
762
+ def tidy_cert_store(self, value: Optional[pulumi.Input[builtins.bool]]):
763
+ pulumi.set(self, "tidy_cert_store", value)
764
+
765
+ @property
766
+ @pulumi.getter(name="tidyCmpv2NonceStore")
767
+ def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[builtins.bool]]:
768
+ """
769
+ Set to true to enable tidying up the CMPv2 nonce store.
770
+ """
771
+ return pulumi.get(self, "tidy_cmpv2_nonce_store")
772
+
773
+ @tidy_cmpv2_nonce_store.setter
774
+ def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[builtins.bool]]):
775
+ pulumi.set(self, "tidy_cmpv2_nonce_store", value)
776
+
777
+ @property
778
+ @pulumi.getter(name="tidyCrossClusterRevokedCerts")
779
+ def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
780
+ """
781
+ Set to true to enable tidying up the cross-cluster
782
+ revoked certificate store.
783
+ """
784
+ return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
785
+
786
+ @tidy_cross_cluster_revoked_certs.setter
787
+ def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
788
+ pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
789
+
790
+ @property
791
+ @pulumi.getter(name="tidyExpiredIssuers")
792
+ def tidy_expired_issuers(self) -> Optional[pulumi.Input[builtins.bool]]:
793
+ """
794
+ Set to true to automatically remove expired issuers past the
795
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
796
+ """
797
+ return pulumi.get(self, "tidy_expired_issuers")
798
+
799
+ @tidy_expired_issuers.setter
800
+ def tidy_expired_issuers(self, value: Optional[pulumi.Input[builtins.bool]]):
801
+ pulumi.set(self, "tidy_expired_issuers", value)
802
+
803
+ @property
804
+ @pulumi.getter(name="tidyMoveLegacyCaBundle")
805
+ def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[builtins.bool]]:
806
+ """
807
+ Set to true to move the legacy `ca_bundle` from
808
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
809
+ """
810
+ return pulumi.get(self, "tidy_move_legacy_ca_bundle")
811
+
812
+ @tidy_move_legacy_ca_bundle.setter
813
+ def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[builtins.bool]]):
814
+ pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
815
+
816
+ @property
817
+ @pulumi.getter(name="tidyRevocationQueue")
818
+ def tidy_revocation_queue(self) -> Optional[pulumi.Input[builtins.bool]]:
819
+ """
820
+ Set to true to remove stale revocation queue entries that
821
+ haven't been confirmed by any active cluster.
822
+ """
823
+ return pulumi.get(self, "tidy_revocation_queue")
824
+
825
+ @tidy_revocation_queue.setter
826
+ def tidy_revocation_queue(self, value: Optional[pulumi.Input[builtins.bool]]):
827
+ pulumi.set(self, "tidy_revocation_queue", value)
828
+
829
+ @property
830
+ @pulumi.getter(name="tidyRevokedCertIssuerAssociations")
831
+ def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[builtins.bool]]:
832
+ """
833
+ Set to true to validate issuer associations
834
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
835
+ """
836
+ return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
837
+
838
+ @tidy_revoked_cert_issuer_associations.setter
839
+ def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[builtins.bool]]):
840
+ pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
841
+
842
+ @property
843
+ @pulumi.getter(name="tidyRevokedCerts")
844
+ def tidy_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
845
+ """
846
+ Set to true to remove all invalid and expired certificates from
847
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
848
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
849
+ the CRL, and the CRL will be rotated.
850
+ """
851
+ return pulumi.get(self, "tidy_revoked_certs")
852
+
853
+ @tidy_revoked_certs.setter
854
+ def tidy_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
855
+ pulumi.set(self, "tidy_revoked_certs", value)
856
+
857
+
858
+ class BackendConfigAutoTidy(pulumi.CustomResource):
859
+ @overload
860
+ def __init__(__self__,
861
+ resource_name: str,
862
+ opts: Optional[pulumi.ResourceOptions] = None,
863
+ acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
864
+ backend: Optional[pulumi.Input[builtins.str]] = None,
865
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
866
+ interval_duration: Optional[pulumi.Input[builtins.str]] = None,
867
+ issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
868
+ maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
869
+ max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
870
+ min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
871
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
872
+ pause_duration: Optional[pulumi.Input[builtins.str]] = None,
873
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
874
+ revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
875
+ safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
876
+ tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
877
+ tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
878
+ tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
879
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
880
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
881
+ tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
882
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
883
+ tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
884
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
885
+ tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
886
+ __props__=None):
887
+ """
888
+ Allows setting the Auto Tidy configuration on a PKI Secret Backend
889
+
890
+ ## Example Usage
891
+
892
+ ```python
893
+ import pulumi
894
+ import pulumi_vault as vault
895
+
896
+ pki = vault.Mount("pki",
897
+ path="pki",
898
+ type="pki",
899
+ default_lease_ttl_seconds=3600,
900
+ max_lease_ttl_seconds=86400)
901
+ test = vault.pki_secret.BackendConfigAutoTidy("test",
902
+ backend=pki.path,
903
+ enabled=True,
904
+ tidy_cert_store=True,
905
+ interval_duration="1h")
906
+ ```
907
+
908
+ :param str resource_name: The name of the resource.
909
+ :param pulumi.ResourceOptions opts: Options for the resource.
910
+ :param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
911
+ time after being marked revoked or deactivated.
912
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
913
+ read the configuration from, with no leading or trailing `/`s.
914
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
915
+ :param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
916
+ between tidy invocations (after one finishes to the start of the next).
917
+ :param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
918
+ expiration before it is removed from the backend storage.
919
+ :param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
920
+ counted upon initialization of the backend, and whether during normal operation, a running count
921
+ of certificates stored is maintained.
922
+ :param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
923
+ after startup.
924
+ :param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
925
+ after startup.
926
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
927
+ The value should not contain leading or trailing forward slashes.
928
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
929
+ *Available only for Vault Enterprise*.
930
+ :param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
931
+ :param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
932
+ certificate count is published to the metrics consumer.
933
+ :param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
934
+ cross-cluster revocation request being initiated to when it will be slated for removal.
935
+ :param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
936
+ expiration before it is removed from the backend storage and/or revocation list.
937
+ :param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
938
+ :param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
939
+ :param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
940
+ :param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
941
+ :param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
942
+ revoked certificate store.
943
+ :param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
944
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
945
+ :param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
946
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
947
+ :param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
948
+ haven't been confirmed by any active cluster.
949
+ :param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
950
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
951
+ :param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
952
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
953
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
954
+ the CRL, and the CRL will be rotated.
955
+ """
956
+ ...
957
+ @overload
958
+ def __init__(__self__,
959
+ resource_name: str,
960
+ args: BackendConfigAutoTidyArgs,
961
+ opts: Optional[pulumi.ResourceOptions] = None):
962
+ """
963
+ Allows setting the Auto Tidy configuration on a PKI Secret Backend
964
+
965
+ ## Example Usage
966
+
967
+ ```python
968
+ import pulumi
969
+ import pulumi_vault as vault
970
+
971
+ pki = vault.Mount("pki",
972
+ path="pki",
973
+ type="pki",
974
+ default_lease_ttl_seconds=3600,
975
+ max_lease_ttl_seconds=86400)
976
+ test = vault.pki_secret.BackendConfigAutoTidy("test",
977
+ backend=pki.path,
978
+ enabled=True,
979
+ tidy_cert_store=True,
980
+ interval_duration="1h")
981
+ ```
982
+
983
+ :param str resource_name: The name of the resource.
984
+ :param BackendConfigAutoTidyArgs args: The arguments to use to populate this resource's properties.
985
+ :param pulumi.ResourceOptions opts: Options for the resource.
986
+ """
987
+ ...
988
+ def __init__(__self__, resource_name: str, *args, **kwargs):
989
+ resource_args, opts = _utilities.get_resource_args_opts(BackendConfigAutoTidyArgs, pulumi.ResourceOptions, *args, **kwargs)
990
+ if resource_args is not None:
991
+ __self__._internal_init(resource_name, opts, **resource_args.__dict__)
992
+ else:
993
+ __self__._internal_init(resource_name, *args, **kwargs)
994
+
995
+ def _internal_init(__self__,
996
+ resource_name: str,
997
+ opts: Optional[pulumi.ResourceOptions] = None,
998
+ acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
999
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1000
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
1001
+ interval_duration: Optional[pulumi.Input[builtins.str]] = None,
1002
+ issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1003
+ maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
1004
+ max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
1005
+ min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
1006
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1007
+ pause_duration: Optional[pulumi.Input[builtins.str]] = None,
1008
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
1009
+ revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1010
+ safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1011
+ tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
1012
+ tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
1013
+ tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
1014
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
1015
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
1016
+ tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
1017
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
1018
+ tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
1019
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
1020
+ tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
1021
+ __props__=None):
1022
+ opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1023
+ if not isinstance(opts, pulumi.ResourceOptions):
1024
+ raise TypeError('Expected resource options to be a ResourceOptions instance')
1025
+ if opts.id is None:
1026
+ if __props__ is not None:
1027
+ raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
1028
+ __props__ = BackendConfigAutoTidyArgs.__new__(BackendConfigAutoTidyArgs)
1029
+
1030
+ __props__.__dict__["acme_account_safety_buffer"] = acme_account_safety_buffer
1031
+ if backend is None and not opts.urn:
1032
+ raise TypeError("Missing required property 'backend'")
1033
+ __props__.__dict__["backend"] = backend
1034
+ if enabled is None and not opts.urn:
1035
+ raise TypeError("Missing required property 'enabled'")
1036
+ __props__.__dict__["enabled"] = enabled
1037
+ __props__.__dict__["interval_duration"] = interval_duration
1038
+ __props__.__dict__["issuer_safety_buffer"] = issuer_safety_buffer
1039
+ __props__.__dict__["maintain_stored_certificate_counts"] = maintain_stored_certificate_counts
1040
+ __props__.__dict__["max_startup_backoff_duration"] = max_startup_backoff_duration
1041
+ __props__.__dict__["min_startup_backoff_duration"] = min_startup_backoff_duration
1042
+ __props__.__dict__["namespace"] = namespace
1043
+ __props__.__dict__["pause_duration"] = pause_duration
1044
+ __props__.__dict__["publish_stored_certificate_count_metrics"] = publish_stored_certificate_count_metrics
1045
+ __props__.__dict__["revocation_queue_safety_buffer"] = revocation_queue_safety_buffer
1046
+ __props__.__dict__["safety_buffer"] = safety_buffer
1047
+ __props__.__dict__["tidy_acme"] = tidy_acme
1048
+ __props__.__dict__["tidy_cert_metadata"] = tidy_cert_metadata
1049
+ __props__.__dict__["tidy_cert_store"] = tidy_cert_store
1050
+ __props__.__dict__["tidy_cmpv2_nonce_store"] = tidy_cmpv2_nonce_store
1051
+ __props__.__dict__["tidy_cross_cluster_revoked_certs"] = tidy_cross_cluster_revoked_certs
1052
+ __props__.__dict__["tidy_expired_issuers"] = tidy_expired_issuers
1053
+ __props__.__dict__["tidy_move_legacy_ca_bundle"] = tidy_move_legacy_ca_bundle
1054
+ __props__.__dict__["tidy_revocation_queue"] = tidy_revocation_queue
1055
+ __props__.__dict__["tidy_revoked_cert_issuer_associations"] = tidy_revoked_cert_issuer_associations
1056
+ __props__.__dict__["tidy_revoked_certs"] = tidy_revoked_certs
1057
+ super(BackendConfigAutoTidy, __self__).__init__(
1058
+ 'vault:pkiSecret/backendConfigAutoTidy:BackendConfigAutoTidy',
1059
+ resource_name,
1060
+ __props__,
1061
+ opts)
1062
+
1063
+ @staticmethod
1064
+ def get(resource_name: str,
1065
+ id: pulumi.Input[str],
1066
+ opts: Optional[pulumi.ResourceOptions] = None,
1067
+ acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1068
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1069
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
1070
+ interval_duration: Optional[pulumi.Input[builtins.str]] = None,
1071
+ issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1072
+ maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
1073
+ max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
1074
+ min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
1075
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1076
+ pause_duration: Optional[pulumi.Input[builtins.str]] = None,
1077
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
1078
+ revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1079
+ safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
1080
+ tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
1081
+ tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
1082
+ tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
1083
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
1084
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
1085
+ tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
1086
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
1087
+ tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
1088
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
1089
+ tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None) -> 'BackendConfigAutoTidy':
1090
+ """
1091
+ Get an existing BackendConfigAutoTidy resource's state with the given name, id, and optional extra
1092
+ properties used to qualify the lookup.
1093
+
1094
+ :param str resource_name: The unique name of the resulting resource.
1095
+ :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1096
+ :param pulumi.ResourceOptions opts: Options for the resource.
1097
+ :param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
1098
+ time after being marked revoked or deactivated.
1099
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
1100
+ read the configuration from, with no leading or trailing `/`s.
1101
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
1102
+ :param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
1103
+ between tidy invocations (after one finishes to the start of the next).
1104
+ :param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
1105
+ expiration before it is removed from the backend storage.
1106
+ :param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
1107
+ counted upon initialization of the backend, and whether during normal operation, a running count
1108
+ of certificates stored is maintained.
1109
+ :param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
1110
+ after startup.
1111
+ :param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
1112
+ after startup.
1113
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
1114
+ The value should not contain leading or trailing forward slashes.
1115
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1116
+ *Available only for Vault Enterprise*.
1117
+ :param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
1118
+ :param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
1119
+ certificate count is published to the metrics consumer.
1120
+ :param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
1121
+ cross-cluster revocation request being initiated to when it will be slated for removal.
1122
+ :param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
1123
+ expiration before it is removed from the backend storage and/or revocation list.
1124
+ :param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
1125
+ :param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
1126
+ :param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
1127
+ :param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
1128
+ :param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
1129
+ revoked certificate store.
1130
+ :param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
1131
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
1132
+ :param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
1133
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
1134
+ :param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
1135
+ haven't been confirmed by any active cluster.
1136
+ :param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
1137
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
1138
+ :param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
1139
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
1140
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
1141
+ the CRL, and the CRL will be rotated.
1142
+ """
1143
+ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1144
+
1145
+ __props__ = _BackendConfigAutoTidyState.__new__(_BackendConfigAutoTidyState)
1146
+
1147
+ __props__.__dict__["acme_account_safety_buffer"] = acme_account_safety_buffer
1148
+ __props__.__dict__["backend"] = backend
1149
+ __props__.__dict__["enabled"] = enabled
1150
+ __props__.__dict__["interval_duration"] = interval_duration
1151
+ __props__.__dict__["issuer_safety_buffer"] = issuer_safety_buffer
1152
+ __props__.__dict__["maintain_stored_certificate_counts"] = maintain_stored_certificate_counts
1153
+ __props__.__dict__["max_startup_backoff_duration"] = max_startup_backoff_duration
1154
+ __props__.__dict__["min_startup_backoff_duration"] = min_startup_backoff_duration
1155
+ __props__.__dict__["namespace"] = namespace
1156
+ __props__.__dict__["pause_duration"] = pause_duration
1157
+ __props__.__dict__["publish_stored_certificate_count_metrics"] = publish_stored_certificate_count_metrics
1158
+ __props__.__dict__["revocation_queue_safety_buffer"] = revocation_queue_safety_buffer
1159
+ __props__.__dict__["safety_buffer"] = safety_buffer
1160
+ __props__.__dict__["tidy_acme"] = tidy_acme
1161
+ __props__.__dict__["tidy_cert_metadata"] = tidy_cert_metadata
1162
+ __props__.__dict__["tidy_cert_store"] = tidy_cert_store
1163
+ __props__.__dict__["tidy_cmpv2_nonce_store"] = tidy_cmpv2_nonce_store
1164
+ __props__.__dict__["tidy_cross_cluster_revoked_certs"] = tidy_cross_cluster_revoked_certs
1165
+ __props__.__dict__["tidy_expired_issuers"] = tidy_expired_issuers
1166
+ __props__.__dict__["tidy_move_legacy_ca_bundle"] = tidy_move_legacy_ca_bundle
1167
+ __props__.__dict__["tidy_revocation_queue"] = tidy_revocation_queue
1168
+ __props__.__dict__["tidy_revoked_cert_issuer_associations"] = tidy_revoked_cert_issuer_associations
1169
+ __props__.__dict__["tidy_revoked_certs"] = tidy_revoked_certs
1170
+ return BackendConfigAutoTidy(resource_name, opts=opts, __props__=__props__)
1171
+
1172
+ @property
1173
+ @pulumi.getter(name="acmeAccountSafetyBuffer")
1174
+ def acme_account_safety_buffer(self) -> pulumi.Output[builtins.str]:
1175
+ """
1176
+ The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
1177
+ time after being marked revoked or deactivated.
1178
+ """
1179
+ return pulumi.get(self, "acme_account_safety_buffer")
1180
+
1181
+ @property
1182
+ @pulumi.getter
1183
+ def backend(self) -> pulumi.Output[builtins.str]:
1184
+ """
1185
+ The path to the PKI secret backend to
1186
+ read the configuration from, with no leading or trailing `/`s.
1187
+ """
1188
+ return pulumi.get(self, "backend")
1189
+
1190
+ @property
1191
+ @pulumi.getter
1192
+ def enabled(self) -> pulumi.Output[builtins.bool]:
1193
+ """
1194
+ Specifies whether automatic tidy is enabled or not.
1195
+ """
1196
+ return pulumi.get(self, "enabled")
1197
+
1198
+ @property
1199
+ @pulumi.getter(name="intervalDuration")
1200
+ def interval_duration(self) -> pulumi.Output[builtins.str]:
1201
+ """
1202
+ Interval at which to run an auto-tidy operation. This is the time
1203
+ between tidy invocations (after one finishes to the start of the next).
1204
+ """
1205
+ return pulumi.get(self, "interval_duration")
1206
+
1207
+ @property
1208
+ @pulumi.getter(name="issuerSafetyBuffer")
1209
+ def issuer_safety_buffer(self) -> pulumi.Output[builtins.str]:
1210
+ """
1211
+ The amount of extra time that must have passed beyond issuer's
1212
+ expiration before it is removed from the backend storage.
1213
+ """
1214
+ return pulumi.get(self, "issuer_safety_buffer")
1215
+
1216
+ @property
1217
+ @pulumi.getter(name="maintainStoredCertificateCounts")
1218
+ def maintain_stored_certificate_counts(self) -> pulumi.Output[Optional[builtins.bool]]:
1219
+ """
1220
+ This configures whether stored certificate are
1221
+ counted upon initialization of the backend, and whether during normal operation, a running count
1222
+ of certificates stored is maintained.
1223
+ """
1224
+ return pulumi.get(self, "maintain_stored_certificate_counts")
1225
+
1226
+ @property
1227
+ @pulumi.getter(name="maxStartupBackoffDuration")
1228
+ def max_startup_backoff_duration(self) -> pulumi.Output[builtins.str]:
1229
+ """
1230
+ The maximum amount of time auto-tidy will be delayed
1231
+ after startup.
1232
+ """
1233
+ return pulumi.get(self, "max_startup_backoff_duration")
1234
+
1235
+ @property
1236
+ @pulumi.getter(name="minStartupBackoffDuration")
1237
+ def min_startup_backoff_duration(self) -> pulumi.Output[builtins.str]:
1238
+ """
1239
+ The minimum amount of time auto-tidy will be delayed
1240
+ after startup.
1241
+ """
1242
+ return pulumi.get(self, "min_startup_backoff_duration")
1243
+
1244
+ @property
1245
+ @pulumi.getter
1246
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1247
+ """
1248
+ The namespace of the target resource.
1249
+ The value should not contain leading or trailing forward slashes.
1250
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1251
+ *Available only for Vault Enterprise*.
1252
+ """
1253
+ return pulumi.get(self, "namespace")
1254
+
1255
+ @property
1256
+ @pulumi.getter(name="pauseDuration")
1257
+ def pause_duration(self) -> pulumi.Output[builtins.str]:
1258
+ """
1259
+ The amount of time to wait between processing certificates.
1260
+ """
1261
+ return pulumi.get(self, "pause_duration")
1262
+
1263
+ @property
1264
+ @pulumi.getter(name="publishStoredCertificateCountMetrics")
1265
+ def publish_stored_certificate_count_metrics(self) -> pulumi.Output[Optional[builtins.bool]]:
1266
+ """
1267
+ This configures whether the stored
1268
+ certificate count is published to the metrics consumer.
1269
+ """
1270
+ return pulumi.get(self, "publish_stored_certificate_count_metrics")
1271
+
1272
+ @property
1273
+ @pulumi.getter(name="revocationQueueSafetyBuffer")
1274
+ def revocation_queue_safety_buffer(self) -> pulumi.Output[builtins.str]:
1275
+ """
1276
+ The amount of time that must pass from the
1277
+ cross-cluster revocation request being initiated to when it will be slated for removal.
1278
+ """
1279
+ return pulumi.get(self, "revocation_queue_safety_buffer")
1280
+
1281
+ @property
1282
+ @pulumi.getter(name="safetyBuffer")
1283
+ def safety_buffer(self) -> pulumi.Output[builtins.str]:
1284
+ """
1285
+ The amount of extra time that must have passed beyond certificate
1286
+ expiration before it is removed from the backend storage and/or revocation list.
1287
+ """
1288
+ return pulumi.get(self, "safety_buffer")
1289
+
1290
+ @property
1291
+ @pulumi.getter(name="tidyAcme")
1292
+ def tidy_acme(self) -> pulumi.Output[Optional[builtins.bool]]:
1293
+ """
1294
+ Set to true to enable tidying ACME accounts, orders and authorizations.
1295
+ """
1296
+ return pulumi.get(self, "tidy_acme")
1297
+
1298
+ @property
1299
+ @pulumi.getter(name="tidyCertMetadata")
1300
+ def tidy_cert_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
1301
+ """
1302
+ Set to true to enable tidying up certificate metadata.
1303
+ """
1304
+ return pulumi.get(self, "tidy_cert_metadata")
1305
+
1306
+ @property
1307
+ @pulumi.getter(name="tidyCertStore")
1308
+ def tidy_cert_store(self) -> pulumi.Output[Optional[builtins.bool]]:
1309
+ """
1310
+ Set to true to enable tidying up the certificate store
1311
+ """
1312
+ return pulumi.get(self, "tidy_cert_store")
1313
+
1314
+ @property
1315
+ @pulumi.getter(name="tidyCmpv2NonceStore")
1316
+ def tidy_cmpv2_nonce_store(self) -> pulumi.Output[Optional[builtins.bool]]:
1317
+ """
1318
+ Set to true to enable tidying up the CMPv2 nonce store.
1319
+ """
1320
+ return pulumi.get(self, "tidy_cmpv2_nonce_store")
1321
+
1322
+ @property
1323
+ @pulumi.getter(name="tidyCrossClusterRevokedCerts")
1324
+ def tidy_cross_cluster_revoked_certs(self) -> pulumi.Output[Optional[builtins.bool]]:
1325
+ """
1326
+ Set to true to enable tidying up the cross-cluster
1327
+ revoked certificate store.
1328
+ """
1329
+ return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
1330
+
1331
+ @property
1332
+ @pulumi.getter(name="tidyExpiredIssuers")
1333
+ def tidy_expired_issuers(self) -> pulumi.Output[Optional[builtins.bool]]:
1334
+ """
1335
+ Set to true to automatically remove expired issuers past the
1336
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
1337
+ """
1338
+ return pulumi.get(self, "tidy_expired_issuers")
1339
+
1340
+ @property
1341
+ @pulumi.getter(name="tidyMoveLegacyCaBundle")
1342
+ def tidy_move_legacy_ca_bundle(self) -> pulumi.Output[Optional[builtins.bool]]:
1343
+ """
1344
+ Set to true to move the legacy `ca_bundle` from
1345
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
1346
+ """
1347
+ return pulumi.get(self, "tidy_move_legacy_ca_bundle")
1348
+
1349
+ @property
1350
+ @pulumi.getter(name="tidyRevocationQueue")
1351
+ def tidy_revocation_queue(self) -> pulumi.Output[Optional[builtins.bool]]:
1352
+ """
1353
+ Set to true to remove stale revocation queue entries that
1354
+ haven't been confirmed by any active cluster.
1355
+ """
1356
+ return pulumi.get(self, "tidy_revocation_queue")
1357
+
1358
+ @property
1359
+ @pulumi.getter(name="tidyRevokedCertIssuerAssociations")
1360
+ def tidy_revoked_cert_issuer_associations(self) -> pulumi.Output[Optional[builtins.bool]]:
1361
+ """
1362
+ Set to true to validate issuer associations
1363
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
1364
+ """
1365
+ return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
1366
+
1367
+ @property
1368
+ @pulumi.getter(name="tidyRevokedCerts")
1369
+ def tidy_revoked_certs(self) -> pulumi.Output[Optional[builtins.bool]]:
1370
+ """
1371
+ Set to true to remove all invalid and expired certificates from
1372
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
1373
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
1374
+ the CRL, and the CRL will be rotated.
1375
+ """
1376
+ return pulumi.get(self, "tidy_revoked_certs")
1377
+