pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,1377 @@
|
|
1
|
+
# coding=utf-8
|
2
|
+
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
|
+
|
5
|
+
import builtins
|
6
|
+
import copy
|
7
|
+
import warnings
|
8
|
+
import sys
|
9
|
+
import pulumi
|
10
|
+
import pulumi.runtime
|
11
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
12
|
+
if sys.version_info >= (3, 11):
|
13
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
14
|
+
else:
|
15
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
16
|
+
from .. import _utilities
|
17
|
+
|
18
|
+
__all__ = ['BackendConfigAutoTidyArgs', 'BackendConfigAutoTidy']
|
19
|
+
|
20
|
+
@pulumi.input_type
|
21
|
+
class BackendConfigAutoTidyArgs:
|
22
|
+
def __init__(__self__, *,
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
enabled: pulumi.Input[builtins.bool],
|
25
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
34
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
38
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
39
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
40
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
42
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
43
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
44
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
45
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None):
|
46
|
+
"""
|
47
|
+
The set of arguments for constructing a BackendConfigAutoTidy resource.
|
48
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
49
|
+
read the configuration from, with no leading or trailing `/`s.
|
50
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
51
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
52
|
+
time after being marked revoked or deactivated.
|
53
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
54
|
+
between tidy invocations (after one finishes to the start of the next).
|
55
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
56
|
+
expiration before it is removed from the backend storage.
|
57
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
58
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
59
|
+
of certificates stored is maintained.
|
60
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
61
|
+
after startup.
|
62
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
63
|
+
after startup.
|
64
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
65
|
+
The value should not contain leading or trailing forward slashes.
|
66
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
67
|
+
*Available only for Vault Enterprise*.
|
68
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
69
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
70
|
+
certificate count is published to the metrics consumer.
|
71
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
72
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
73
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
74
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
75
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
76
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
77
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
78
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
79
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
80
|
+
revoked certificate store.
|
81
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
82
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
83
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
84
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
85
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
86
|
+
haven't been confirmed by any active cluster.
|
87
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
88
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
89
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
90
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
91
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
92
|
+
the CRL, and the CRL will be rotated.
|
93
|
+
"""
|
94
|
+
pulumi.set(__self__, "backend", backend)
|
95
|
+
pulumi.set(__self__, "enabled", enabled)
|
96
|
+
if acme_account_safety_buffer is not None:
|
97
|
+
pulumi.set(__self__, "acme_account_safety_buffer", acme_account_safety_buffer)
|
98
|
+
if interval_duration is not None:
|
99
|
+
pulumi.set(__self__, "interval_duration", interval_duration)
|
100
|
+
if issuer_safety_buffer is not None:
|
101
|
+
pulumi.set(__self__, "issuer_safety_buffer", issuer_safety_buffer)
|
102
|
+
if maintain_stored_certificate_counts is not None:
|
103
|
+
pulumi.set(__self__, "maintain_stored_certificate_counts", maintain_stored_certificate_counts)
|
104
|
+
if max_startup_backoff_duration is not None:
|
105
|
+
pulumi.set(__self__, "max_startup_backoff_duration", max_startup_backoff_duration)
|
106
|
+
if min_startup_backoff_duration is not None:
|
107
|
+
pulumi.set(__self__, "min_startup_backoff_duration", min_startup_backoff_duration)
|
108
|
+
if namespace is not None:
|
109
|
+
pulumi.set(__self__, "namespace", namespace)
|
110
|
+
if pause_duration is not None:
|
111
|
+
pulumi.set(__self__, "pause_duration", pause_duration)
|
112
|
+
if publish_stored_certificate_count_metrics is not None:
|
113
|
+
pulumi.set(__self__, "publish_stored_certificate_count_metrics", publish_stored_certificate_count_metrics)
|
114
|
+
if revocation_queue_safety_buffer is not None:
|
115
|
+
pulumi.set(__self__, "revocation_queue_safety_buffer", revocation_queue_safety_buffer)
|
116
|
+
if safety_buffer is not None:
|
117
|
+
pulumi.set(__self__, "safety_buffer", safety_buffer)
|
118
|
+
if tidy_acme is not None:
|
119
|
+
pulumi.set(__self__, "tidy_acme", tidy_acme)
|
120
|
+
if tidy_cert_metadata is not None:
|
121
|
+
pulumi.set(__self__, "tidy_cert_metadata", tidy_cert_metadata)
|
122
|
+
if tidy_cert_store is not None:
|
123
|
+
pulumi.set(__self__, "tidy_cert_store", tidy_cert_store)
|
124
|
+
if tidy_cmpv2_nonce_store is not None:
|
125
|
+
pulumi.set(__self__, "tidy_cmpv2_nonce_store", tidy_cmpv2_nonce_store)
|
126
|
+
if tidy_cross_cluster_revoked_certs is not None:
|
127
|
+
pulumi.set(__self__, "tidy_cross_cluster_revoked_certs", tidy_cross_cluster_revoked_certs)
|
128
|
+
if tidy_expired_issuers is not None:
|
129
|
+
pulumi.set(__self__, "tidy_expired_issuers", tidy_expired_issuers)
|
130
|
+
if tidy_move_legacy_ca_bundle is not None:
|
131
|
+
pulumi.set(__self__, "tidy_move_legacy_ca_bundle", tidy_move_legacy_ca_bundle)
|
132
|
+
if tidy_revocation_queue is not None:
|
133
|
+
pulumi.set(__self__, "tidy_revocation_queue", tidy_revocation_queue)
|
134
|
+
if tidy_revoked_cert_issuer_associations is not None:
|
135
|
+
pulumi.set(__self__, "tidy_revoked_cert_issuer_associations", tidy_revoked_cert_issuer_associations)
|
136
|
+
if tidy_revoked_certs is not None:
|
137
|
+
pulumi.set(__self__, "tidy_revoked_certs", tidy_revoked_certs)
|
138
|
+
|
139
|
+
@property
|
140
|
+
@pulumi.getter
|
141
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
142
|
+
"""
|
143
|
+
The path to the PKI secret backend to
|
144
|
+
read the configuration from, with no leading or trailing `/`s.
|
145
|
+
"""
|
146
|
+
return pulumi.get(self, "backend")
|
147
|
+
|
148
|
+
@backend.setter
|
149
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
150
|
+
pulumi.set(self, "backend", value)
|
151
|
+
|
152
|
+
@property
|
153
|
+
@pulumi.getter
|
154
|
+
def enabled(self) -> pulumi.Input[builtins.bool]:
|
155
|
+
"""
|
156
|
+
Specifies whether automatic tidy is enabled or not.
|
157
|
+
"""
|
158
|
+
return pulumi.get(self, "enabled")
|
159
|
+
|
160
|
+
@enabled.setter
|
161
|
+
def enabled(self, value: pulumi.Input[builtins.bool]):
|
162
|
+
pulumi.set(self, "enabled", value)
|
163
|
+
|
164
|
+
@property
|
165
|
+
@pulumi.getter(name="acmeAccountSafetyBuffer")
|
166
|
+
def acme_account_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
167
|
+
"""
|
168
|
+
The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
169
|
+
time after being marked revoked or deactivated.
|
170
|
+
"""
|
171
|
+
return pulumi.get(self, "acme_account_safety_buffer")
|
172
|
+
|
173
|
+
@acme_account_safety_buffer.setter
|
174
|
+
def acme_account_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
175
|
+
pulumi.set(self, "acme_account_safety_buffer", value)
|
176
|
+
|
177
|
+
@property
|
178
|
+
@pulumi.getter(name="intervalDuration")
|
179
|
+
def interval_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
180
|
+
"""
|
181
|
+
Interval at which to run an auto-tidy operation. This is the time
|
182
|
+
between tidy invocations (after one finishes to the start of the next).
|
183
|
+
"""
|
184
|
+
return pulumi.get(self, "interval_duration")
|
185
|
+
|
186
|
+
@interval_duration.setter
|
187
|
+
def interval_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
188
|
+
pulumi.set(self, "interval_duration", value)
|
189
|
+
|
190
|
+
@property
|
191
|
+
@pulumi.getter(name="issuerSafetyBuffer")
|
192
|
+
def issuer_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
193
|
+
"""
|
194
|
+
The amount of extra time that must have passed beyond issuer's
|
195
|
+
expiration before it is removed from the backend storage.
|
196
|
+
"""
|
197
|
+
return pulumi.get(self, "issuer_safety_buffer")
|
198
|
+
|
199
|
+
@issuer_safety_buffer.setter
|
200
|
+
def issuer_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
201
|
+
pulumi.set(self, "issuer_safety_buffer", value)
|
202
|
+
|
203
|
+
@property
|
204
|
+
@pulumi.getter(name="maintainStoredCertificateCounts")
|
205
|
+
def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[builtins.bool]]:
|
206
|
+
"""
|
207
|
+
This configures whether stored certificate are
|
208
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
209
|
+
of certificates stored is maintained.
|
210
|
+
"""
|
211
|
+
return pulumi.get(self, "maintain_stored_certificate_counts")
|
212
|
+
|
213
|
+
@maintain_stored_certificate_counts.setter
|
214
|
+
def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[builtins.bool]]):
|
215
|
+
pulumi.set(self, "maintain_stored_certificate_counts", value)
|
216
|
+
|
217
|
+
@property
|
218
|
+
@pulumi.getter(name="maxStartupBackoffDuration")
|
219
|
+
def max_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
220
|
+
"""
|
221
|
+
The maximum amount of time auto-tidy will be delayed
|
222
|
+
after startup.
|
223
|
+
"""
|
224
|
+
return pulumi.get(self, "max_startup_backoff_duration")
|
225
|
+
|
226
|
+
@max_startup_backoff_duration.setter
|
227
|
+
def max_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
228
|
+
pulumi.set(self, "max_startup_backoff_duration", value)
|
229
|
+
|
230
|
+
@property
|
231
|
+
@pulumi.getter(name="minStartupBackoffDuration")
|
232
|
+
def min_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
233
|
+
"""
|
234
|
+
The minimum amount of time auto-tidy will be delayed
|
235
|
+
after startup.
|
236
|
+
"""
|
237
|
+
return pulumi.get(self, "min_startup_backoff_duration")
|
238
|
+
|
239
|
+
@min_startup_backoff_duration.setter
|
240
|
+
def min_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
241
|
+
pulumi.set(self, "min_startup_backoff_duration", value)
|
242
|
+
|
243
|
+
@property
|
244
|
+
@pulumi.getter
|
245
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
246
|
+
"""
|
247
|
+
The namespace of the target resource.
|
248
|
+
The value should not contain leading or trailing forward slashes.
|
249
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
250
|
+
*Available only for Vault Enterprise*.
|
251
|
+
"""
|
252
|
+
return pulumi.get(self, "namespace")
|
253
|
+
|
254
|
+
@namespace.setter
|
255
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
256
|
+
pulumi.set(self, "namespace", value)
|
257
|
+
|
258
|
+
@property
|
259
|
+
@pulumi.getter(name="pauseDuration")
|
260
|
+
def pause_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
261
|
+
"""
|
262
|
+
The amount of time to wait between processing certificates.
|
263
|
+
"""
|
264
|
+
return pulumi.get(self, "pause_duration")
|
265
|
+
|
266
|
+
@pause_duration.setter
|
267
|
+
def pause_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
268
|
+
pulumi.set(self, "pause_duration", value)
|
269
|
+
|
270
|
+
@property
|
271
|
+
@pulumi.getter(name="publishStoredCertificateCountMetrics")
|
272
|
+
def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[builtins.bool]]:
|
273
|
+
"""
|
274
|
+
This configures whether the stored
|
275
|
+
certificate count is published to the metrics consumer.
|
276
|
+
"""
|
277
|
+
return pulumi.get(self, "publish_stored_certificate_count_metrics")
|
278
|
+
|
279
|
+
@publish_stored_certificate_count_metrics.setter
|
280
|
+
def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[builtins.bool]]):
|
281
|
+
pulumi.set(self, "publish_stored_certificate_count_metrics", value)
|
282
|
+
|
283
|
+
@property
|
284
|
+
@pulumi.getter(name="revocationQueueSafetyBuffer")
|
285
|
+
def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
286
|
+
"""
|
287
|
+
The amount of time that must pass from the
|
288
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
289
|
+
"""
|
290
|
+
return pulumi.get(self, "revocation_queue_safety_buffer")
|
291
|
+
|
292
|
+
@revocation_queue_safety_buffer.setter
|
293
|
+
def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
294
|
+
pulumi.set(self, "revocation_queue_safety_buffer", value)
|
295
|
+
|
296
|
+
@property
|
297
|
+
@pulumi.getter(name="safetyBuffer")
|
298
|
+
def safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
299
|
+
"""
|
300
|
+
The amount of extra time that must have passed beyond certificate
|
301
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
302
|
+
"""
|
303
|
+
return pulumi.get(self, "safety_buffer")
|
304
|
+
|
305
|
+
@safety_buffer.setter
|
306
|
+
def safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
307
|
+
pulumi.set(self, "safety_buffer", value)
|
308
|
+
|
309
|
+
@property
|
310
|
+
@pulumi.getter(name="tidyAcme")
|
311
|
+
def tidy_acme(self) -> Optional[pulumi.Input[builtins.bool]]:
|
312
|
+
"""
|
313
|
+
Set to true to enable tidying ACME accounts, orders and authorizations.
|
314
|
+
"""
|
315
|
+
return pulumi.get(self, "tidy_acme")
|
316
|
+
|
317
|
+
@tidy_acme.setter
|
318
|
+
def tidy_acme(self, value: Optional[pulumi.Input[builtins.bool]]):
|
319
|
+
pulumi.set(self, "tidy_acme", value)
|
320
|
+
|
321
|
+
@property
|
322
|
+
@pulumi.getter(name="tidyCertMetadata")
|
323
|
+
def tidy_cert_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
324
|
+
"""
|
325
|
+
Set to true to enable tidying up certificate metadata.
|
326
|
+
"""
|
327
|
+
return pulumi.get(self, "tidy_cert_metadata")
|
328
|
+
|
329
|
+
@tidy_cert_metadata.setter
|
330
|
+
def tidy_cert_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
331
|
+
pulumi.set(self, "tidy_cert_metadata", value)
|
332
|
+
|
333
|
+
@property
|
334
|
+
@pulumi.getter(name="tidyCertStore")
|
335
|
+
def tidy_cert_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
336
|
+
"""
|
337
|
+
Set to true to enable tidying up the certificate store
|
338
|
+
"""
|
339
|
+
return pulumi.get(self, "tidy_cert_store")
|
340
|
+
|
341
|
+
@tidy_cert_store.setter
|
342
|
+
def tidy_cert_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
343
|
+
pulumi.set(self, "tidy_cert_store", value)
|
344
|
+
|
345
|
+
@property
|
346
|
+
@pulumi.getter(name="tidyCmpv2NonceStore")
|
347
|
+
def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
348
|
+
"""
|
349
|
+
Set to true to enable tidying up the CMPv2 nonce store.
|
350
|
+
"""
|
351
|
+
return pulumi.get(self, "tidy_cmpv2_nonce_store")
|
352
|
+
|
353
|
+
@tidy_cmpv2_nonce_store.setter
|
354
|
+
def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
355
|
+
pulumi.set(self, "tidy_cmpv2_nonce_store", value)
|
356
|
+
|
357
|
+
@property
|
358
|
+
@pulumi.getter(name="tidyCrossClusterRevokedCerts")
|
359
|
+
def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
360
|
+
"""
|
361
|
+
Set to true to enable tidying up the cross-cluster
|
362
|
+
revoked certificate store.
|
363
|
+
"""
|
364
|
+
return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
|
365
|
+
|
366
|
+
@tidy_cross_cluster_revoked_certs.setter
|
367
|
+
def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
368
|
+
pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
|
369
|
+
|
370
|
+
@property
|
371
|
+
@pulumi.getter(name="tidyExpiredIssuers")
|
372
|
+
def tidy_expired_issuers(self) -> Optional[pulumi.Input[builtins.bool]]:
|
373
|
+
"""
|
374
|
+
Set to true to automatically remove expired issuers past the
|
375
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
376
|
+
"""
|
377
|
+
return pulumi.get(self, "tidy_expired_issuers")
|
378
|
+
|
379
|
+
@tidy_expired_issuers.setter
|
380
|
+
def tidy_expired_issuers(self, value: Optional[pulumi.Input[builtins.bool]]):
|
381
|
+
pulumi.set(self, "tidy_expired_issuers", value)
|
382
|
+
|
383
|
+
@property
|
384
|
+
@pulumi.getter(name="tidyMoveLegacyCaBundle")
|
385
|
+
def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[builtins.bool]]:
|
386
|
+
"""
|
387
|
+
Set to true to move the legacy `ca_bundle` from
|
388
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
389
|
+
"""
|
390
|
+
return pulumi.get(self, "tidy_move_legacy_ca_bundle")
|
391
|
+
|
392
|
+
@tidy_move_legacy_ca_bundle.setter
|
393
|
+
def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[builtins.bool]]):
|
394
|
+
pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
|
395
|
+
|
396
|
+
@property
|
397
|
+
@pulumi.getter(name="tidyRevocationQueue")
|
398
|
+
def tidy_revocation_queue(self) -> Optional[pulumi.Input[builtins.bool]]:
|
399
|
+
"""
|
400
|
+
Set to true to remove stale revocation queue entries that
|
401
|
+
haven't been confirmed by any active cluster.
|
402
|
+
"""
|
403
|
+
return pulumi.get(self, "tidy_revocation_queue")
|
404
|
+
|
405
|
+
@tidy_revocation_queue.setter
|
406
|
+
def tidy_revocation_queue(self, value: Optional[pulumi.Input[builtins.bool]]):
|
407
|
+
pulumi.set(self, "tidy_revocation_queue", value)
|
408
|
+
|
409
|
+
@property
|
410
|
+
@pulumi.getter(name="tidyRevokedCertIssuerAssociations")
|
411
|
+
def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[builtins.bool]]:
|
412
|
+
"""
|
413
|
+
Set to true to validate issuer associations
|
414
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
415
|
+
"""
|
416
|
+
return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
|
417
|
+
|
418
|
+
@tidy_revoked_cert_issuer_associations.setter
|
419
|
+
def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[builtins.bool]]):
|
420
|
+
pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
|
421
|
+
|
422
|
+
@property
|
423
|
+
@pulumi.getter(name="tidyRevokedCerts")
|
424
|
+
def tidy_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
425
|
+
"""
|
426
|
+
Set to true to remove all invalid and expired certificates from
|
427
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
428
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
429
|
+
the CRL, and the CRL will be rotated.
|
430
|
+
"""
|
431
|
+
return pulumi.get(self, "tidy_revoked_certs")
|
432
|
+
|
433
|
+
@tidy_revoked_certs.setter
|
434
|
+
def tidy_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
435
|
+
pulumi.set(self, "tidy_revoked_certs", value)
|
436
|
+
|
437
|
+
|
438
|
+
@pulumi.input_type
|
439
|
+
class _BackendConfigAutoTidyState:
|
440
|
+
def __init__(__self__, *,
|
441
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
442
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
443
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
444
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
445
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
446
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
447
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
448
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
449
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
450
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
451
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
452
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
453
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
454
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
455
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
456
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
457
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
458
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
459
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
460
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
461
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
462
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
463
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None):
|
464
|
+
"""
|
465
|
+
Input properties used for looking up and filtering BackendConfigAutoTidy resources.
|
466
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
467
|
+
time after being marked revoked or deactivated.
|
468
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
469
|
+
read the configuration from, with no leading or trailing `/`s.
|
470
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
471
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
472
|
+
between tidy invocations (after one finishes to the start of the next).
|
473
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
474
|
+
expiration before it is removed from the backend storage.
|
475
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
476
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
477
|
+
of certificates stored is maintained.
|
478
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
479
|
+
after startup.
|
480
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
481
|
+
after startup.
|
482
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
483
|
+
The value should not contain leading or trailing forward slashes.
|
484
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
485
|
+
*Available only for Vault Enterprise*.
|
486
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
487
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
488
|
+
certificate count is published to the metrics consumer.
|
489
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
490
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
491
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
492
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
493
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
494
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
495
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
496
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
497
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
498
|
+
revoked certificate store.
|
499
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
500
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
501
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
502
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
503
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
504
|
+
haven't been confirmed by any active cluster.
|
505
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
506
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
507
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
508
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
509
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
510
|
+
the CRL, and the CRL will be rotated.
|
511
|
+
"""
|
512
|
+
if acme_account_safety_buffer is not None:
|
513
|
+
pulumi.set(__self__, "acme_account_safety_buffer", acme_account_safety_buffer)
|
514
|
+
if backend is not None:
|
515
|
+
pulumi.set(__self__, "backend", backend)
|
516
|
+
if enabled is not None:
|
517
|
+
pulumi.set(__self__, "enabled", enabled)
|
518
|
+
if interval_duration is not None:
|
519
|
+
pulumi.set(__self__, "interval_duration", interval_duration)
|
520
|
+
if issuer_safety_buffer is not None:
|
521
|
+
pulumi.set(__self__, "issuer_safety_buffer", issuer_safety_buffer)
|
522
|
+
if maintain_stored_certificate_counts is not None:
|
523
|
+
pulumi.set(__self__, "maintain_stored_certificate_counts", maintain_stored_certificate_counts)
|
524
|
+
if max_startup_backoff_duration is not None:
|
525
|
+
pulumi.set(__self__, "max_startup_backoff_duration", max_startup_backoff_duration)
|
526
|
+
if min_startup_backoff_duration is not None:
|
527
|
+
pulumi.set(__self__, "min_startup_backoff_duration", min_startup_backoff_duration)
|
528
|
+
if namespace is not None:
|
529
|
+
pulumi.set(__self__, "namespace", namespace)
|
530
|
+
if pause_duration is not None:
|
531
|
+
pulumi.set(__self__, "pause_duration", pause_duration)
|
532
|
+
if publish_stored_certificate_count_metrics is not None:
|
533
|
+
pulumi.set(__self__, "publish_stored_certificate_count_metrics", publish_stored_certificate_count_metrics)
|
534
|
+
if revocation_queue_safety_buffer is not None:
|
535
|
+
pulumi.set(__self__, "revocation_queue_safety_buffer", revocation_queue_safety_buffer)
|
536
|
+
if safety_buffer is not None:
|
537
|
+
pulumi.set(__self__, "safety_buffer", safety_buffer)
|
538
|
+
if tidy_acme is not None:
|
539
|
+
pulumi.set(__self__, "tidy_acme", tidy_acme)
|
540
|
+
if tidy_cert_metadata is not None:
|
541
|
+
pulumi.set(__self__, "tidy_cert_metadata", tidy_cert_metadata)
|
542
|
+
if tidy_cert_store is not None:
|
543
|
+
pulumi.set(__self__, "tidy_cert_store", tidy_cert_store)
|
544
|
+
if tidy_cmpv2_nonce_store is not None:
|
545
|
+
pulumi.set(__self__, "tidy_cmpv2_nonce_store", tidy_cmpv2_nonce_store)
|
546
|
+
if tidy_cross_cluster_revoked_certs is not None:
|
547
|
+
pulumi.set(__self__, "tidy_cross_cluster_revoked_certs", tidy_cross_cluster_revoked_certs)
|
548
|
+
if tidy_expired_issuers is not None:
|
549
|
+
pulumi.set(__self__, "tidy_expired_issuers", tidy_expired_issuers)
|
550
|
+
if tidy_move_legacy_ca_bundle is not None:
|
551
|
+
pulumi.set(__self__, "tidy_move_legacy_ca_bundle", tidy_move_legacy_ca_bundle)
|
552
|
+
if tidy_revocation_queue is not None:
|
553
|
+
pulumi.set(__self__, "tidy_revocation_queue", tidy_revocation_queue)
|
554
|
+
if tidy_revoked_cert_issuer_associations is not None:
|
555
|
+
pulumi.set(__self__, "tidy_revoked_cert_issuer_associations", tidy_revoked_cert_issuer_associations)
|
556
|
+
if tidy_revoked_certs is not None:
|
557
|
+
pulumi.set(__self__, "tidy_revoked_certs", tidy_revoked_certs)
|
558
|
+
|
559
|
+
@property
|
560
|
+
@pulumi.getter(name="acmeAccountSafetyBuffer")
|
561
|
+
def acme_account_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
562
|
+
"""
|
563
|
+
The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
564
|
+
time after being marked revoked or deactivated.
|
565
|
+
"""
|
566
|
+
return pulumi.get(self, "acme_account_safety_buffer")
|
567
|
+
|
568
|
+
@acme_account_safety_buffer.setter
|
569
|
+
def acme_account_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
570
|
+
pulumi.set(self, "acme_account_safety_buffer", value)
|
571
|
+
|
572
|
+
@property
|
573
|
+
@pulumi.getter
|
574
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
575
|
+
"""
|
576
|
+
The path to the PKI secret backend to
|
577
|
+
read the configuration from, with no leading or trailing `/`s.
|
578
|
+
"""
|
579
|
+
return pulumi.get(self, "backend")
|
580
|
+
|
581
|
+
@backend.setter
|
582
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
583
|
+
pulumi.set(self, "backend", value)
|
584
|
+
|
585
|
+
@property
|
586
|
+
@pulumi.getter
|
587
|
+
def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
|
588
|
+
"""
|
589
|
+
Specifies whether automatic tidy is enabled or not.
|
590
|
+
"""
|
591
|
+
return pulumi.get(self, "enabled")
|
592
|
+
|
593
|
+
@enabled.setter
|
594
|
+
def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
|
595
|
+
pulumi.set(self, "enabled", value)
|
596
|
+
|
597
|
+
@property
|
598
|
+
@pulumi.getter(name="intervalDuration")
|
599
|
+
def interval_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
600
|
+
"""
|
601
|
+
Interval at which to run an auto-tidy operation. This is the time
|
602
|
+
between tidy invocations (after one finishes to the start of the next).
|
603
|
+
"""
|
604
|
+
return pulumi.get(self, "interval_duration")
|
605
|
+
|
606
|
+
@interval_duration.setter
|
607
|
+
def interval_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
608
|
+
pulumi.set(self, "interval_duration", value)
|
609
|
+
|
610
|
+
@property
|
611
|
+
@pulumi.getter(name="issuerSafetyBuffer")
|
612
|
+
def issuer_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
613
|
+
"""
|
614
|
+
The amount of extra time that must have passed beyond issuer's
|
615
|
+
expiration before it is removed from the backend storage.
|
616
|
+
"""
|
617
|
+
return pulumi.get(self, "issuer_safety_buffer")
|
618
|
+
|
619
|
+
@issuer_safety_buffer.setter
|
620
|
+
def issuer_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
621
|
+
pulumi.set(self, "issuer_safety_buffer", value)
|
622
|
+
|
623
|
+
@property
|
624
|
+
@pulumi.getter(name="maintainStoredCertificateCounts")
|
625
|
+
def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[builtins.bool]]:
|
626
|
+
"""
|
627
|
+
This configures whether stored certificate are
|
628
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
629
|
+
of certificates stored is maintained.
|
630
|
+
"""
|
631
|
+
return pulumi.get(self, "maintain_stored_certificate_counts")
|
632
|
+
|
633
|
+
@maintain_stored_certificate_counts.setter
|
634
|
+
def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[builtins.bool]]):
|
635
|
+
pulumi.set(self, "maintain_stored_certificate_counts", value)
|
636
|
+
|
637
|
+
@property
|
638
|
+
@pulumi.getter(name="maxStartupBackoffDuration")
|
639
|
+
def max_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
640
|
+
"""
|
641
|
+
The maximum amount of time auto-tidy will be delayed
|
642
|
+
after startup.
|
643
|
+
"""
|
644
|
+
return pulumi.get(self, "max_startup_backoff_duration")
|
645
|
+
|
646
|
+
@max_startup_backoff_duration.setter
|
647
|
+
def max_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
648
|
+
pulumi.set(self, "max_startup_backoff_duration", value)
|
649
|
+
|
650
|
+
@property
|
651
|
+
@pulumi.getter(name="minStartupBackoffDuration")
|
652
|
+
def min_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
653
|
+
"""
|
654
|
+
The minimum amount of time auto-tidy will be delayed
|
655
|
+
after startup.
|
656
|
+
"""
|
657
|
+
return pulumi.get(self, "min_startup_backoff_duration")
|
658
|
+
|
659
|
+
@min_startup_backoff_duration.setter
|
660
|
+
def min_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
661
|
+
pulumi.set(self, "min_startup_backoff_duration", value)
|
662
|
+
|
663
|
+
@property
|
664
|
+
@pulumi.getter
|
665
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
666
|
+
"""
|
667
|
+
The namespace of the target resource.
|
668
|
+
The value should not contain leading or trailing forward slashes.
|
669
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
670
|
+
*Available only for Vault Enterprise*.
|
671
|
+
"""
|
672
|
+
return pulumi.get(self, "namespace")
|
673
|
+
|
674
|
+
@namespace.setter
|
675
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
676
|
+
pulumi.set(self, "namespace", value)
|
677
|
+
|
678
|
+
@property
|
679
|
+
@pulumi.getter(name="pauseDuration")
|
680
|
+
def pause_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
681
|
+
"""
|
682
|
+
The amount of time to wait between processing certificates.
|
683
|
+
"""
|
684
|
+
return pulumi.get(self, "pause_duration")
|
685
|
+
|
686
|
+
@pause_duration.setter
|
687
|
+
def pause_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
688
|
+
pulumi.set(self, "pause_duration", value)
|
689
|
+
|
690
|
+
@property
|
691
|
+
@pulumi.getter(name="publishStoredCertificateCountMetrics")
|
692
|
+
def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[builtins.bool]]:
|
693
|
+
"""
|
694
|
+
This configures whether the stored
|
695
|
+
certificate count is published to the metrics consumer.
|
696
|
+
"""
|
697
|
+
return pulumi.get(self, "publish_stored_certificate_count_metrics")
|
698
|
+
|
699
|
+
@publish_stored_certificate_count_metrics.setter
|
700
|
+
def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[builtins.bool]]):
|
701
|
+
pulumi.set(self, "publish_stored_certificate_count_metrics", value)
|
702
|
+
|
703
|
+
@property
|
704
|
+
@pulumi.getter(name="revocationQueueSafetyBuffer")
|
705
|
+
def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
706
|
+
"""
|
707
|
+
The amount of time that must pass from the
|
708
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
709
|
+
"""
|
710
|
+
return pulumi.get(self, "revocation_queue_safety_buffer")
|
711
|
+
|
712
|
+
@revocation_queue_safety_buffer.setter
|
713
|
+
def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
714
|
+
pulumi.set(self, "revocation_queue_safety_buffer", value)
|
715
|
+
|
716
|
+
@property
|
717
|
+
@pulumi.getter(name="safetyBuffer")
|
718
|
+
def safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
719
|
+
"""
|
720
|
+
The amount of extra time that must have passed beyond certificate
|
721
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
722
|
+
"""
|
723
|
+
return pulumi.get(self, "safety_buffer")
|
724
|
+
|
725
|
+
@safety_buffer.setter
|
726
|
+
def safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
727
|
+
pulumi.set(self, "safety_buffer", value)
|
728
|
+
|
729
|
+
@property
|
730
|
+
@pulumi.getter(name="tidyAcme")
|
731
|
+
def tidy_acme(self) -> Optional[pulumi.Input[builtins.bool]]:
|
732
|
+
"""
|
733
|
+
Set to true to enable tidying ACME accounts, orders and authorizations.
|
734
|
+
"""
|
735
|
+
return pulumi.get(self, "tidy_acme")
|
736
|
+
|
737
|
+
@tidy_acme.setter
|
738
|
+
def tidy_acme(self, value: Optional[pulumi.Input[builtins.bool]]):
|
739
|
+
pulumi.set(self, "tidy_acme", value)
|
740
|
+
|
741
|
+
@property
|
742
|
+
@pulumi.getter(name="tidyCertMetadata")
|
743
|
+
def tidy_cert_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
744
|
+
"""
|
745
|
+
Set to true to enable tidying up certificate metadata.
|
746
|
+
"""
|
747
|
+
return pulumi.get(self, "tidy_cert_metadata")
|
748
|
+
|
749
|
+
@tidy_cert_metadata.setter
|
750
|
+
def tidy_cert_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
751
|
+
pulumi.set(self, "tidy_cert_metadata", value)
|
752
|
+
|
753
|
+
@property
|
754
|
+
@pulumi.getter(name="tidyCertStore")
|
755
|
+
def tidy_cert_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
756
|
+
"""
|
757
|
+
Set to true to enable tidying up the certificate store
|
758
|
+
"""
|
759
|
+
return pulumi.get(self, "tidy_cert_store")
|
760
|
+
|
761
|
+
@tidy_cert_store.setter
|
762
|
+
def tidy_cert_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
763
|
+
pulumi.set(self, "tidy_cert_store", value)
|
764
|
+
|
765
|
+
@property
|
766
|
+
@pulumi.getter(name="tidyCmpv2NonceStore")
|
767
|
+
def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
768
|
+
"""
|
769
|
+
Set to true to enable tidying up the CMPv2 nonce store.
|
770
|
+
"""
|
771
|
+
return pulumi.get(self, "tidy_cmpv2_nonce_store")
|
772
|
+
|
773
|
+
@tidy_cmpv2_nonce_store.setter
|
774
|
+
def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
775
|
+
pulumi.set(self, "tidy_cmpv2_nonce_store", value)
|
776
|
+
|
777
|
+
@property
|
778
|
+
@pulumi.getter(name="tidyCrossClusterRevokedCerts")
|
779
|
+
def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
780
|
+
"""
|
781
|
+
Set to true to enable tidying up the cross-cluster
|
782
|
+
revoked certificate store.
|
783
|
+
"""
|
784
|
+
return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
|
785
|
+
|
786
|
+
@tidy_cross_cluster_revoked_certs.setter
|
787
|
+
def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
788
|
+
pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
|
789
|
+
|
790
|
+
@property
|
791
|
+
@pulumi.getter(name="tidyExpiredIssuers")
|
792
|
+
def tidy_expired_issuers(self) -> Optional[pulumi.Input[builtins.bool]]:
|
793
|
+
"""
|
794
|
+
Set to true to automatically remove expired issuers past the
|
795
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
796
|
+
"""
|
797
|
+
return pulumi.get(self, "tidy_expired_issuers")
|
798
|
+
|
799
|
+
@tidy_expired_issuers.setter
|
800
|
+
def tidy_expired_issuers(self, value: Optional[pulumi.Input[builtins.bool]]):
|
801
|
+
pulumi.set(self, "tidy_expired_issuers", value)
|
802
|
+
|
803
|
+
@property
|
804
|
+
@pulumi.getter(name="tidyMoveLegacyCaBundle")
|
805
|
+
def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[builtins.bool]]:
|
806
|
+
"""
|
807
|
+
Set to true to move the legacy `ca_bundle` from
|
808
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
809
|
+
"""
|
810
|
+
return pulumi.get(self, "tidy_move_legacy_ca_bundle")
|
811
|
+
|
812
|
+
@tidy_move_legacy_ca_bundle.setter
|
813
|
+
def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[builtins.bool]]):
|
814
|
+
pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
|
815
|
+
|
816
|
+
@property
|
817
|
+
@pulumi.getter(name="tidyRevocationQueue")
|
818
|
+
def tidy_revocation_queue(self) -> Optional[pulumi.Input[builtins.bool]]:
|
819
|
+
"""
|
820
|
+
Set to true to remove stale revocation queue entries that
|
821
|
+
haven't been confirmed by any active cluster.
|
822
|
+
"""
|
823
|
+
return pulumi.get(self, "tidy_revocation_queue")
|
824
|
+
|
825
|
+
@tidy_revocation_queue.setter
|
826
|
+
def tidy_revocation_queue(self, value: Optional[pulumi.Input[builtins.bool]]):
|
827
|
+
pulumi.set(self, "tidy_revocation_queue", value)
|
828
|
+
|
829
|
+
@property
|
830
|
+
@pulumi.getter(name="tidyRevokedCertIssuerAssociations")
|
831
|
+
def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[builtins.bool]]:
|
832
|
+
"""
|
833
|
+
Set to true to validate issuer associations
|
834
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
835
|
+
"""
|
836
|
+
return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
|
837
|
+
|
838
|
+
@tidy_revoked_cert_issuer_associations.setter
|
839
|
+
def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[builtins.bool]]):
|
840
|
+
pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
|
841
|
+
|
842
|
+
@property
|
843
|
+
@pulumi.getter(name="tidyRevokedCerts")
|
844
|
+
def tidy_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
845
|
+
"""
|
846
|
+
Set to true to remove all invalid and expired certificates from
|
847
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
848
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
849
|
+
the CRL, and the CRL will be rotated.
|
850
|
+
"""
|
851
|
+
return pulumi.get(self, "tidy_revoked_certs")
|
852
|
+
|
853
|
+
@tidy_revoked_certs.setter
|
854
|
+
def tidy_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
855
|
+
pulumi.set(self, "tidy_revoked_certs", value)
|
856
|
+
|
857
|
+
|
858
|
+
class BackendConfigAutoTidy(pulumi.CustomResource):
|
859
|
+
@overload
|
860
|
+
def __init__(__self__,
|
861
|
+
resource_name: str,
|
862
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
863
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
864
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
865
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
866
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
867
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
868
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
869
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
870
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
871
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
872
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
873
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
874
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
875
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
876
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
877
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
878
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
879
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
880
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
881
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
882
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
883
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
884
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
885
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
886
|
+
__props__=None):
|
887
|
+
"""
|
888
|
+
Allows setting the Auto Tidy configuration on a PKI Secret Backend
|
889
|
+
|
890
|
+
## Example Usage
|
891
|
+
|
892
|
+
```python
|
893
|
+
import pulumi
|
894
|
+
import pulumi_vault as vault
|
895
|
+
|
896
|
+
pki = vault.Mount("pki",
|
897
|
+
path="pki",
|
898
|
+
type="pki",
|
899
|
+
default_lease_ttl_seconds=3600,
|
900
|
+
max_lease_ttl_seconds=86400)
|
901
|
+
test = vault.pki_secret.BackendConfigAutoTidy("test",
|
902
|
+
backend=pki.path,
|
903
|
+
enabled=True,
|
904
|
+
tidy_cert_store=True,
|
905
|
+
interval_duration="1h")
|
906
|
+
```
|
907
|
+
|
908
|
+
:param str resource_name: The name of the resource.
|
909
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
910
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
911
|
+
time after being marked revoked or deactivated.
|
912
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
913
|
+
read the configuration from, with no leading or trailing `/`s.
|
914
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
915
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
916
|
+
between tidy invocations (after one finishes to the start of the next).
|
917
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
918
|
+
expiration before it is removed from the backend storage.
|
919
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
920
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
921
|
+
of certificates stored is maintained.
|
922
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
923
|
+
after startup.
|
924
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
925
|
+
after startup.
|
926
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
927
|
+
The value should not contain leading or trailing forward slashes.
|
928
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
929
|
+
*Available only for Vault Enterprise*.
|
930
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
931
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
932
|
+
certificate count is published to the metrics consumer.
|
933
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
934
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
935
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
936
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
937
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
938
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
939
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
940
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
941
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
942
|
+
revoked certificate store.
|
943
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
944
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
945
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
946
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
947
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
948
|
+
haven't been confirmed by any active cluster.
|
949
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
950
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
951
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
952
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
953
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
954
|
+
the CRL, and the CRL will be rotated.
|
955
|
+
"""
|
956
|
+
...
|
957
|
+
@overload
|
958
|
+
def __init__(__self__,
|
959
|
+
resource_name: str,
|
960
|
+
args: BackendConfigAutoTidyArgs,
|
961
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
962
|
+
"""
|
963
|
+
Allows setting the Auto Tidy configuration on a PKI Secret Backend
|
964
|
+
|
965
|
+
## Example Usage
|
966
|
+
|
967
|
+
```python
|
968
|
+
import pulumi
|
969
|
+
import pulumi_vault as vault
|
970
|
+
|
971
|
+
pki = vault.Mount("pki",
|
972
|
+
path="pki",
|
973
|
+
type="pki",
|
974
|
+
default_lease_ttl_seconds=3600,
|
975
|
+
max_lease_ttl_seconds=86400)
|
976
|
+
test = vault.pki_secret.BackendConfigAutoTidy("test",
|
977
|
+
backend=pki.path,
|
978
|
+
enabled=True,
|
979
|
+
tidy_cert_store=True,
|
980
|
+
interval_duration="1h")
|
981
|
+
```
|
982
|
+
|
983
|
+
:param str resource_name: The name of the resource.
|
984
|
+
:param BackendConfigAutoTidyArgs args: The arguments to use to populate this resource's properties.
|
985
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
986
|
+
"""
|
987
|
+
...
|
988
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
989
|
+
resource_args, opts = _utilities.get_resource_args_opts(BackendConfigAutoTidyArgs, pulumi.ResourceOptions, *args, **kwargs)
|
990
|
+
if resource_args is not None:
|
991
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
992
|
+
else:
|
993
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
994
|
+
|
995
|
+
def _internal_init(__self__,
|
996
|
+
resource_name: str,
|
997
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
998
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
999
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1000
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
1001
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1002
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1003
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
1004
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1005
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1006
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1007
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1008
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
1009
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1010
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1011
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
1012
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1013
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1014
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1015
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
1016
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
1017
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
1018
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
1019
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
1020
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
1021
|
+
__props__=None):
|
1022
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1023
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
1024
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
1025
|
+
if opts.id is None:
|
1026
|
+
if __props__ is not None:
|
1027
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
1028
|
+
__props__ = BackendConfigAutoTidyArgs.__new__(BackendConfigAutoTidyArgs)
|
1029
|
+
|
1030
|
+
__props__.__dict__["acme_account_safety_buffer"] = acme_account_safety_buffer
|
1031
|
+
if backend is None and not opts.urn:
|
1032
|
+
raise TypeError("Missing required property 'backend'")
|
1033
|
+
__props__.__dict__["backend"] = backend
|
1034
|
+
if enabled is None and not opts.urn:
|
1035
|
+
raise TypeError("Missing required property 'enabled'")
|
1036
|
+
__props__.__dict__["enabled"] = enabled
|
1037
|
+
__props__.__dict__["interval_duration"] = interval_duration
|
1038
|
+
__props__.__dict__["issuer_safety_buffer"] = issuer_safety_buffer
|
1039
|
+
__props__.__dict__["maintain_stored_certificate_counts"] = maintain_stored_certificate_counts
|
1040
|
+
__props__.__dict__["max_startup_backoff_duration"] = max_startup_backoff_duration
|
1041
|
+
__props__.__dict__["min_startup_backoff_duration"] = min_startup_backoff_duration
|
1042
|
+
__props__.__dict__["namespace"] = namespace
|
1043
|
+
__props__.__dict__["pause_duration"] = pause_duration
|
1044
|
+
__props__.__dict__["publish_stored_certificate_count_metrics"] = publish_stored_certificate_count_metrics
|
1045
|
+
__props__.__dict__["revocation_queue_safety_buffer"] = revocation_queue_safety_buffer
|
1046
|
+
__props__.__dict__["safety_buffer"] = safety_buffer
|
1047
|
+
__props__.__dict__["tidy_acme"] = tidy_acme
|
1048
|
+
__props__.__dict__["tidy_cert_metadata"] = tidy_cert_metadata
|
1049
|
+
__props__.__dict__["tidy_cert_store"] = tidy_cert_store
|
1050
|
+
__props__.__dict__["tidy_cmpv2_nonce_store"] = tidy_cmpv2_nonce_store
|
1051
|
+
__props__.__dict__["tidy_cross_cluster_revoked_certs"] = tidy_cross_cluster_revoked_certs
|
1052
|
+
__props__.__dict__["tidy_expired_issuers"] = tidy_expired_issuers
|
1053
|
+
__props__.__dict__["tidy_move_legacy_ca_bundle"] = tidy_move_legacy_ca_bundle
|
1054
|
+
__props__.__dict__["tidy_revocation_queue"] = tidy_revocation_queue
|
1055
|
+
__props__.__dict__["tidy_revoked_cert_issuer_associations"] = tidy_revoked_cert_issuer_associations
|
1056
|
+
__props__.__dict__["tidy_revoked_certs"] = tidy_revoked_certs
|
1057
|
+
super(BackendConfigAutoTidy, __self__).__init__(
|
1058
|
+
'vault:pkiSecret/backendConfigAutoTidy:BackendConfigAutoTidy',
|
1059
|
+
resource_name,
|
1060
|
+
__props__,
|
1061
|
+
opts)
|
1062
|
+
|
1063
|
+
@staticmethod
|
1064
|
+
def get(resource_name: str,
|
1065
|
+
id: pulumi.Input[str],
|
1066
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
1067
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1068
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1069
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
1070
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1071
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1072
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
1073
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1074
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1075
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1076
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1077
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
1078
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1079
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1080
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
1081
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1082
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1083
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1084
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
1085
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
1086
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
1087
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
1088
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
1089
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None) -> 'BackendConfigAutoTidy':
|
1090
|
+
"""
|
1091
|
+
Get an existing BackendConfigAutoTidy resource's state with the given name, id, and optional extra
|
1092
|
+
properties used to qualify the lookup.
|
1093
|
+
|
1094
|
+
:param str resource_name: The unique name of the resulting resource.
|
1095
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1096
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
1097
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
1098
|
+
time after being marked revoked or deactivated.
|
1099
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
1100
|
+
read the configuration from, with no leading or trailing `/`s.
|
1101
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
1102
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
1103
|
+
between tidy invocations (after one finishes to the start of the next).
|
1104
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
1105
|
+
expiration before it is removed from the backend storage.
|
1106
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
1107
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
1108
|
+
of certificates stored is maintained.
|
1109
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
1110
|
+
after startup.
|
1111
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
1112
|
+
after startup.
|
1113
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
1114
|
+
The value should not contain leading or trailing forward slashes.
|
1115
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1116
|
+
*Available only for Vault Enterprise*.
|
1117
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
1118
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
1119
|
+
certificate count is published to the metrics consumer.
|
1120
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
1121
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
1122
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
1123
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
1124
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
1125
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
1126
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
1127
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
1128
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
1129
|
+
revoked certificate store.
|
1130
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
1131
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
1132
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
1133
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
1134
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
1135
|
+
haven't been confirmed by any active cluster.
|
1136
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
1137
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
1138
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
1139
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
1140
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
1141
|
+
the CRL, and the CRL will be rotated.
|
1142
|
+
"""
|
1143
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1144
|
+
|
1145
|
+
__props__ = _BackendConfigAutoTidyState.__new__(_BackendConfigAutoTidyState)
|
1146
|
+
|
1147
|
+
__props__.__dict__["acme_account_safety_buffer"] = acme_account_safety_buffer
|
1148
|
+
__props__.__dict__["backend"] = backend
|
1149
|
+
__props__.__dict__["enabled"] = enabled
|
1150
|
+
__props__.__dict__["interval_duration"] = interval_duration
|
1151
|
+
__props__.__dict__["issuer_safety_buffer"] = issuer_safety_buffer
|
1152
|
+
__props__.__dict__["maintain_stored_certificate_counts"] = maintain_stored_certificate_counts
|
1153
|
+
__props__.__dict__["max_startup_backoff_duration"] = max_startup_backoff_duration
|
1154
|
+
__props__.__dict__["min_startup_backoff_duration"] = min_startup_backoff_duration
|
1155
|
+
__props__.__dict__["namespace"] = namespace
|
1156
|
+
__props__.__dict__["pause_duration"] = pause_duration
|
1157
|
+
__props__.__dict__["publish_stored_certificate_count_metrics"] = publish_stored_certificate_count_metrics
|
1158
|
+
__props__.__dict__["revocation_queue_safety_buffer"] = revocation_queue_safety_buffer
|
1159
|
+
__props__.__dict__["safety_buffer"] = safety_buffer
|
1160
|
+
__props__.__dict__["tidy_acme"] = tidy_acme
|
1161
|
+
__props__.__dict__["tidy_cert_metadata"] = tidy_cert_metadata
|
1162
|
+
__props__.__dict__["tidy_cert_store"] = tidy_cert_store
|
1163
|
+
__props__.__dict__["tidy_cmpv2_nonce_store"] = tidy_cmpv2_nonce_store
|
1164
|
+
__props__.__dict__["tidy_cross_cluster_revoked_certs"] = tidy_cross_cluster_revoked_certs
|
1165
|
+
__props__.__dict__["tidy_expired_issuers"] = tidy_expired_issuers
|
1166
|
+
__props__.__dict__["tidy_move_legacy_ca_bundle"] = tidy_move_legacy_ca_bundle
|
1167
|
+
__props__.__dict__["tidy_revocation_queue"] = tidy_revocation_queue
|
1168
|
+
__props__.__dict__["tidy_revoked_cert_issuer_associations"] = tidy_revoked_cert_issuer_associations
|
1169
|
+
__props__.__dict__["tidy_revoked_certs"] = tidy_revoked_certs
|
1170
|
+
return BackendConfigAutoTidy(resource_name, opts=opts, __props__=__props__)
|
1171
|
+
|
1172
|
+
@property
|
1173
|
+
@pulumi.getter(name="acmeAccountSafetyBuffer")
|
1174
|
+
def acme_account_safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1175
|
+
"""
|
1176
|
+
The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
1177
|
+
time after being marked revoked or deactivated.
|
1178
|
+
"""
|
1179
|
+
return pulumi.get(self, "acme_account_safety_buffer")
|
1180
|
+
|
1181
|
+
@property
|
1182
|
+
@pulumi.getter
|
1183
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
1184
|
+
"""
|
1185
|
+
The path to the PKI secret backend to
|
1186
|
+
read the configuration from, with no leading or trailing `/`s.
|
1187
|
+
"""
|
1188
|
+
return pulumi.get(self, "backend")
|
1189
|
+
|
1190
|
+
@property
|
1191
|
+
@pulumi.getter
|
1192
|
+
def enabled(self) -> pulumi.Output[builtins.bool]:
|
1193
|
+
"""
|
1194
|
+
Specifies whether automatic tidy is enabled or not.
|
1195
|
+
"""
|
1196
|
+
return pulumi.get(self, "enabled")
|
1197
|
+
|
1198
|
+
@property
|
1199
|
+
@pulumi.getter(name="intervalDuration")
|
1200
|
+
def interval_duration(self) -> pulumi.Output[builtins.str]:
|
1201
|
+
"""
|
1202
|
+
Interval at which to run an auto-tidy operation. This is the time
|
1203
|
+
between tidy invocations (after one finishes to the start of the next).
|
1204
|
+
"""
|
1205
|
+
return pulumi.get(self, "interval_duration")
|
1206
|
+
|
1207
|
+
@property
|
1208
|
+
@pulumi.getter(name="issuerSafetyBuffer")
|
1209
|
+
def issuer_safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1210
|
+
"""
|
1211
|
+
The amount of extra time that must have passed beyond issuer's
|
1212
|
+
expiration before it is removed from the backend storage.
|
1213
|
+
"""
|
1214
|
+
return pulumi.get(self, "issuer_safety_buffer")
|
1215
|
+
|
1216
|
+
@property
|
1217
|
+
@pulumi.getter(name="maintainStoredCertificateCounts")
|
1218
|
+
def maintain_stored_certificate_counts(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1219
|
+
"""
|
1220
|
+
This configures whether stored certificate are
|
1221
|
+
counted upon initialization of the backend, and whether during normal operation, a running count
|
1222
|
+
of certificates stored is maintained.
|
1223
|
+
"""
|
1224
|
+
return pulumi.get(self, "maintain_stored_certificate_counts")
|
1225
|
+
|
1226
|
+
@property
|
1227
|
+
@pulumi.getter(name="maxStartupBackoffDuration")
|
1228
|
+
def max_startup_backoff_duration(self) -> pulumi.Output[builtins.str]:
|
1229
|
+
"""
|
1230
|
+
The maximum amount of time auto-tidy will be delayed
|
1231
|
+
after startup.
|
1232
|
+
"""
|
1233
|
+
return pulumi.get(self, "max_startup_backoff_duration")
|
1234
|
+
|
1235
|
+
@property
|
1236
|
+
@pulumi.getter(name="minStartupBackoffDuration")
|
1237
|
+
def min_startup_backoff_duration(self) -> pulumi.Output[builtins.str]:
|
1238
|
+
"""
|
1239
|
+
The minimum amount of time auto-tidy will be delayed
|
1240
|
+
after startup.
|
1241
|
+
"""
|
1242
|
+
return pulumi.get(self, "min_startup_backoff_duration")
|
1243
|
+
|
1244
|
+
@property
|
1245
|
+
@pulumi.getter
|
1246
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1247
|
+
"""
|
1248
|
+
The namespace of the target resource.
|
1249
|
+
The value should not contain leading or trailing forward slashes.
|
1250
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1251
|
+
*Available only for Vault Enterprise*.
|
1252
|
+
"""
|
1253
|
+
return pulumi.get(self, "namespace")
|
1254
|
+
|
1255
|
+
@property
|
1256
|
+
@pulumi.getter(name="pauseDuration")
|
1257
|
+
def pause_duration(self) -> pulumi.Output[builtins.str]:
|
1258
|
+
"""
|
1259
|
+
The amount of time to wait between processing certificates.
|
1260
|
+
"""
|
1261
|
+
return pulumi.get(self, "pause_duration")
|
1262
|
+
|
1263
|
+
@property
|
1264
|
+
@pulumi.getter(name="publishStoredCertificateCountMetrics")
|
1265
|
+
def publish_stored_certificate_count_metrics(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1266
|
+
"""
|
1267
|
+
This configures whether the stored
|
1268
|
+
certificate count is published to the metrics consumer.
|
1269
|
+
"""
|
1270
|
+
return pulumi.get(self, "publish_stored_certificate_count_metrics")
|
1271
|
+
|
1272
|
+
@property
|
1273
|
+
@pulumi.getter(name="revocationQueueSafetyBuffer")
|
1274
|
+
def revocation_queue_safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1275
|
+
"""
|
1276
|
+
The amount of time that must pass from the
|
1277
|
+
cross-cluster revocation request being initiated to when it will be slated for removal.
|
1278
|
+
"""
|
1279
|
+
return pulumi.get(self, "revocation_queue_safety_buffer")
|
1280
|
+
|
1281
|
+
@property
|
1282
|
+
@pulumi.getter(name="safetyBuffer")
|
1283
|
+
def safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1284
|
+
"""
|
1285
|
+
The amount of extra time that must have passed beyond certificate
|
1286
|
+
expiration before it is removed from the backend storage and/or revocation list.
|
1287
|
+
"""
|
1288
|
+
return pulumi.get(self, "safety_buffer")
|
1289
|
+
|
1290
|
+
@property
|
1291
|
+
@pulumi.getter(name="tidyAcme")
|
1292
|
+
def tidy_acme(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1293
|
+
"""
|
1294
|
+
Set to true to enable tidying ACME accounts, orders and authorizations.
|
1295
|
+
"""
|
1296
|
+
return pulumi.get(self, "tidy_acme")
|
1297
|
+
|
1298
|
+
@property
|
1299
|
+
@pulumi.getter(name="tidyCertMetadata")
|
1300
|
+
def tidy_cert_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1301
|
+
"""
|
1302
|
+
Set to true to enable tidying up certificate metadata.
|
1303
|
+
"""
|
1304
|
+
return pulumi.get(self, "tidy_cert_metadata")
|
1305
|
+
|
1306
|
+
@property
|
1307
|
+
@pulumi.getter(name="tidyCertStore")
|
1308
|
+
def tidy_cert_store(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1309
|
+
"""
|
1310
|
+
Set to true to enable tidying up the certificate store
|
1311
|
+
"""
|
1312
|
+
return pulumi.get(self, "tidy_cert_store")
|
1313
|
+
|
1314
|
+
@property
|
1315
|
+
@pulumi.getter(name="tidyCmpv2NonceStore")
|
1316
|
+
def tidy_cmpv2_nonce_store(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1317
|
+
"""
|
1318
|
+
Set to true to enable tidying up the CMPv2 nonce store.
|
1319
|
+
"""
|
1320
|
+
return pulumi.get(self, "tidy_cmpv2_nonce_store")
|
1321
|
+
|
1322
|
+
@property
|
1323
|
+
@pulumi.getter(name="tidyCrossClusterRevokedCerts")
|
1324
|
+
def tidy_cross_cluster_revoked_certs(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1325
|
+
"""
|
1326
|
+
Set to true to enable tidying up the cross-cluster
|
1327
|
+
revoked certificate store.
|
1328
|
+
"""
|
1329
|
+
return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
|
1330
|
+
|
1331
|
+
@property
|
1332
|
+
@pulumi.getter(name="tidyExpiredIssuers")
|
1333
|
+
def tidy_expired_issuers(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1334
|
+
"""
|
1335
|
+
Set to true to automatically remove expired issuers past the
|
1336
|
+
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
1337
|
+
"""
|
1338
|
+
return pulumi.get(self, "tidy_expired_issuers")
|
1339
|
+
|
1340
|
+
@property
|
1341
|
+
@pulumi.getter(name="tidyMoveLegacyCaBundle")
|
1342
|
+
def tidy_move_legacy_ca_bundle(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1343
|
+
"""
|
1344
|
+
Set to true to move the legacy `ca_bundle` from
|
1345
|
+
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
1346
|
+
"""
|
1347
|
+
return pulumi.get(self, "tidy_move_legacy_ca_bundle")
|
1348
|
+
|
1349
|
+
@property
|
1350
|
+
@pulumi.getter(name="tidyRevocationQueue")
|
1351
|
+
def tidy_revocation_queue(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1352
|
+
"""
|
1353
|
+
Set to true to remove stale revocation queue entries that
|
1354
|
+
haven't been confirmed by any active cluster.
|
1355
|
+
"""
|
1356
|
+
return pulumi.get(self, "tidy_revocation_queue")
|
1357
|
+
|
1358
|
+
@property
|
1359
|
+
@pulumi.getter(name="tidyRevokedCertIssuerAssociations")
|
1360
|
+
def tidy_revoked_cert_issuer_associations(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1361
|
+
"""
|
1362
|
+
Set to true to validate issuer associations
|
1363
|
+
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
1364
|
+
"""
|
1365
|
+
return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
|
1366
|
+
|
1367
|
+
@property
|
1368
|
+
@pulumi.getter(name="tidyRevokedCerts")
|
1369
|
+
def tidy_revoked_certs(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1370
|
+
"""
|
1371
|
+
Set to true to remove all invalid and expired certificates from
|
1372
|
+
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
1373
|
+
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
1374
|
+
the CRL, and the CRL will be rotated.
|
1375
|
+
"""
|
1376
|
+
return pulumi.get(self, "tidy_revoked_certs")
|
1377
|
+
|