pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,39 +20,42 @@ __all__ = ['SecretBackendCrlConfigArgs', 'SecretBackendCrlConfig']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendCrlConfigArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
auto_rebuild: Optional[pulumi.Input[bool]] = None,
|
24
|
-
auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
|
25
|
-
cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
|
26
|
-
delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
|
27
|
-
disable: Optional[pulumi.Input[bool]] = None,
|
28
|
-
enable_delta: Optional[pulumi.Input[bool]] = None,
|
29
|
-
expiry: Optional[pulumi.Input[str]] = None,
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
|
25
|
+
auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
disable: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
expiry: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
|
32
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
|
34
|
+
ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None):
|
35
37
|
"""
|
36
38
|
The set of arguments for constructing a SecretBackendCrlConfig resource.
|
37
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
38
|
-
:param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
39
|
-
:param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
40
|
-
:param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
41
|
-
:param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
42
|
-
:param pulumi.Input[bool] disable: Disables or enables CRL building.
|
43
|
-
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
39
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
40
|
+
:param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
41
|
+
:param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
42
|
+
:param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
43
|
+
:param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
44
|
+
:param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
|
45
|
+
:param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
44
46
|
augmenting the last complete CRL. **Vault 1.12+**
|
45
|
-
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
46
|
-
:param pulumi.Input[
|
47
|
+
:param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
|
48
|
+
:param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
49
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
50
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
47
51
|
The value should not contain leading or trailing forward slashes.
|
48
52
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
49
53
|
*Available only for Vault Enterprise*.
|
50
|
-
:param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
51
|
-
:param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
54
|
+
:param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
55
|
+
:param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
52
56
|
refresh durations. **Vault 1.12+**
|
53
|
-
:param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
54
|
-
:param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
57
|
+
:param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
58
|
+
:param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
55
59
|
cluster-local paths. **Vault 1.13+**
|
56
60
|
"""
|
57
61
|
pulumi.set(__self__, "backend", backend)
|
@@ -69,6 +73,8 @@ class SecretBackendCrlConfigArgs:
|
|
69
73
|
pulumi.set(__self__, "enable_delta", enable_delta)
|
70
74
|
if expiry is not None:
|
71
75
|
pulumi.set(__self__, "expiry", expiry)
|
76
|
+
if max_crl_entries is not None:
|
77
|
+
pulumi.set(__self__, "max_crl_entries", max_crl_entries)
|
72
78
|
if namespace is not None:
|
73
79
|
pulumi.set(__self__, "namespace", namespace)
|
74
80
|
if ocsp_disable is not None:
|
@@ -82,79 +88,79 @@ class SecretBackendCrlConfigArgs:
|
|
82
88
|
|
83
89
|
@property
|
84
90
|
@pulumi.getter
|
85
|
-
def backend(self) -> pulumi.Input[str]:
|
91
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
86
92
|
"""
|
87
93
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
88
94
|
"""
|
89
95
|
return pulumi.get(self, "backend")
|
90
96
|
|
91
97
|
@backend.setter
|
92
|
-
def backend(self, value: pulumi.Input[str]):
|
98
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
93
99
|
pulumi.set(self, "backend", value)
|
94
100
|
|
95
101
|
@property
|
96
102
|
@pulumi.getter(name="autoRebuild")
|
97
|
-
def auto_rebuild(self) -> Optional[pulumi.Input[bool]]:
|
103
|
+
def auto_rebuild(self) -> Optional[pulumi.Input[builtins.bool]]:
|
98
104
|
"""
|
99
105
|
Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
100
106
|
"""
|
101
107
|
return pulumi.get(self, "auto_rebuild")
|
102
108
|
|
103
109
|
@auto_rebuild.setter
|
104
|
-
def auto_rebuild(self, value: Optional[pulumi.Input[bool]]):
|
110
|
+
def auto_rebuild(self, value: Optional[pulumi.Input[builtins.bool]]):
|
105
111
|
pulumi.set(self, "auto_rebuild", value)
|
106
112
|
|
107
113
|
@property
|
108
114
|
@pulumi.getter(name="autoRebuildGracePeriod")
|
109
|
-
def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[str]]:
|
115
|
+
def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[builtins.str]]:
|
110
116
|
"""
|
111
117
|
Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
112
118
|
"""
|
113
119
|
return pulumi.get(self, "auto_rebuild_grace_period")
|
114
120
|
|
115
121
|
@auto_rebuild_grace_period.setter
|
116
|
-
def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[str]]):
|
122
|
+
def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[builtins.str]]):
|
117
123
|
pulumi.set(self, "auto_rebuild_grace_period", value)
|
118
124
|
|
119
125
|
@property
|
120
126
|
@pulumi.getter(name="crossClusterRevocation")
|
121
|
-
def cross_cluster_revocation(self) -> Optional[pulumi.Input[bool]]:
|
127
|
+
def cross_cluster_revocation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
122
128
|
"""
|
123
129
|
Enable cross-cluster revocation request queues. **Vault 1.13+**
|
124
130
|
"""
|
125
131
|
return pulumi.get(self, "cross_cluster_revocation")
|
126
132
|
|
127
133
|
@cross_cluster_revocation.setter
|
128
|
-
def cross_cluster_revocation(self, value: Optional[pulumi.Input[bool]]):
|
134
|
+
def cross_cluster_revocation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
129
135
|
pulumi.set(self, "cross_cluster_revocation", value)
|
130
136
|
|
131
137
|
@property
|
132
138
|
@pulumi.getter(name="deltaRebuildInterval")
|
133
|
-
def delta_rebuild_interval(self) -> Optional[pulumi.Input[str]]:
|
139
|
+
def delta_rebuild_interval(self) -> Optional[pulumi.Input[builtins.str]]:
|
134
140
|
"""
|
135
141
|
Interval to check for new revocations on, to regenerate the delta CRL.
|
136
142
|
"""
|
137
143
|
return pulumi.get(self, "delta_rebuild_interval")
|
138
144
|
|
139
145
|
@delta_rebuild_interval.setter
|
140
|
-
def delta_rebuild_interval(self, value: Optional[pulumi.Input[str]]):
|
146
|
+
def delta_rebuild_interval(self, value: Optional[pulumi.Input[builtins.str]]):
|
141
147
|
pulumi.set(self, "delta_rebuild_interval", value)
|
142
148
|
|
143
149
|
@property
|
144
150
|
@pulumi.getter
|
145
|
-
def disable(self) -> Optional[pulumi.Input[bool]]:
|
151
|
+
def disable(self) -> Optional[pulumi.Input[builtins.bool]]:
|
146
152
|
"""
|
147
153
|
Disables or enables CRL building.
|
148
154
|
"""
|
149
155
|
return pulumi.get(self, "disable")
|
150
156
|
|
151
157
|
@disable.setter
|
152
|
-
def disable(self, value: Optional[pulumi.Input[bool]]):
|
158
|
+
def disable(self, value: Optional[pulumi.Input[builtins.bool]]):
|
153
159
|
pulumi.set(self, "disable", value)
|
154
160
|
|
155
161
|
@property
|
156
162
|
@pulumi.getter(name="enableDelta")
|
157
|
-
def enable_delta(self) -> Optional[pulumi.Input[bool]]:
|
163
|
+
def enable_delta(self) -> Optional[pulumi.Input[builtins.bool]]:
|
158
164
|
"""
|
159
165
|
Enables building of delta CRLs with up-to-date revocation information,
|
160
166
|
augmenting the last complete CRL. **Vault 1.12+**
|
@@ -162,24 +168,37 @@ class SecretBackendCrlConfigArgs:
|
|
162
168
|
return pulumi.get(self, "enable_delta")
|
163
169
|
|
164
170
|
@enable_delta.setter
|
165
|
-
def enable_delta(self, value: Optional[pulumi.Input[bool]]):
|
171
|
+
def enable_delta(self, value: Optional[pulumi.Input[builtins.bool]]):
|
166
172
|
pulumi.set(self, "enable_delta", value)
|
167
173
|
|
168
174
|
@property
|
169
175
|
@pulumi.getter
|
170
|
-
def expiry(self) -> Optional[pulumi.Input[str]]:
|
176
|
+
def expiry(self) -> Optional[pulumi.Input[builtins.str]]:
|
171
177
|
"""
|
172
178
|
Specifies the time until expiration.
|
173
179
|
"""
|
174
180
|
return pulumi.get(self, "expiry")
|
175
181
|
|
176
182
|
@expiry.setter
|
177
|
-
def expiry(self, value: Optional[pulumi.Input[str]]):
|
183
|
+
def expiry(self, value: Optional[pulumi.Input[builtins.str]]):
|
178
184
|
pulumi.set(self, "expiry", value)
|
179
185
|
|
186
|
+
@property
|
187
|
+
@pulumi.getter(name="maxCrlEntries")
|
188
|
+
def max_crl_entries(self) -> Optional[pulumi.Input[builtins.int]]:
|
189
|
+
"""
|
190
|
+
The maximum number of entries a CRL can contain. This option exists to prevent
|
191
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
192
|
+
"""
|
193
|
+
return pulumi.get(self, "max_crl_entries")
|
194
|
+
|
195
|
+
@max_crl_entries.setter
|
196
|
+
def max_crl_entries(self, value: Optional[pulumi.Input[builtins.int]]):
|
197
|
+
pulumi.set(self, "max_crl_entries", value)
|
198
|
+
|
180
199
|
@property
|
181
200
|
@pulumi.getter
|
182
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
201
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
183
202
|
"""
|
184
203
|
The namespace to provision the resource in.
|
185
204
|
The value should not contain leading or trailing forward slashes.
|
@@ -189,24 +208,24 @@ class SecretBackendCrlConfigArgs:
|
|
189
208
|
return pulumi.get(self, "namespace")
|
190
209
|
|
191
210
|
@namespace.setter
|
192
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
211
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
193
212
|
pulumi.set(self, "namespace", value)
|
194
213
|
|
195
214
|
@property
|
196
215
|
@pulumi.getter(name="ocspDisable")
|
197
|
-
def ocsp_disable(self) -> Optional[pulumi.Input[bool]]:
|
216
|
+
def ocsp_disable(self) -> Optional[pulumi.Input[builtins.bool]]:
|
198
217
|
"""
|
199
218
|
Disables the OCSP responder in Vault. **Vault 1.12+**
|
200
219
|
"""
|
201
220
|
return pulumi.get(self, "ocsp_disable")
|
202
221
|
|
203
222
|
@ocsp_disable.setter
|
204
|
-
def ocsp_disable(self, value: Optional[pulumi.Input[bool]]):
|
223
|
+
def ocsp_disable(self, value: Optional[pulumi.Input[builtins.bool]]):
|
205
224
|
pulumi.set(self, "ocsp_disable", value)
|
206
225
|
|
207
226
|
@property
|
208
227
|
@pulumi.getter(name="ocspExpiry")
|
209
|
-
def ocsp_expiry(self) -> Optional[pulumi.Input[str]]:
|
228
|
+
def ocsp_expiry(self) -> Optional[pulumi.Input[builtins.str]]:
|
210
229
|
"""
|
211
230
|
The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
212
231
|
refresh durations. **Vault 1.12+**
|
@@ -214,24 +233,24 @@ class SecretBackendCrlConfigArgs:
|
|
214
233
|
return pulumi.get(self, "ocsp_expiry")
|
215
234
|
|
216
235
|
@ocsp_expiry.setter
|
217
|
-
def ocsp_expiry(self, value: Optional[pulumi.Input[str]]):
|
236
|
+
def ocsp_expiry(self, value: Optional[pulumi.Input[builtins.str]]):
|
218
237
|
pulumi.set(self, "ocsp_expiry", value)
|
219
238
|
|
220
239
|
@property
|
221
240
|
@pulumi.getter(name="unifiedCrl")
|
222
|
-
def unified_crl(self) -> Optional[pulumi.Input[bool]]:
|
241
|
+
def unified_crl(self) -> Optional[pulumi.Input[builtins.bool]]:
|
223
242
|
"""
|
224
243
|
Enables unified CRL and OCSP building. **Vault 1.13+**
|
225
244
|
"""
|
226
245
|
return pulumi.get(self, "unified_crl")
|
227
246
|
|
228
247
|
@unified_crl.setter
|
229
|
-
def unified_crl(self, value: Optional[pulumi.Input[bool]]):
|
248
|
+
def unified_crl(self, value: Optional[pulumi.Input[builtins.bool]]):
|
230
249
|
pulumi.set(self, "unified_crl", value)
|
231
250
|
|
232
251
|
@property
|
233
252
|
@pulumi.getter(name="unifiedCrlOnExistingPaths")
|
234
|
-
def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[bool]]:
|
253
|
+
def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[builtins.bool]]:
|
235
254
|
"""
|
236
255
|
Enables serving the unified CRL and OCSP on the existing, previously
|
237
256
|
cluster-local paths. **Vault 1.13+**
|
@@ -239,46 +258,49 @@ class SecretBackendCrlConfigArgs:
|
|
239
258
|
return pulumi.get(self, "unified_crl_on_existing_paths")
|
240
259
|
|
241
260
|
@unified_crl_on_existing_paths.setter
|
242
|
-
def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[bool]]):
|
261
|
+
def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[builtins.bool]]):
|
243
262
|
pulumi.set(self, "unified_crl_on_existing_paths", value)
|
244
263
|
|
245
264
|
|
246
265
|
@pulumi.input_type
|
247
266
|
class _SecretBackendCrlConfigState:
|
248
267
|
def __init__(__self__, *,
|
249
|
-
auto_rebuild: Optional[pulumi.Input[bool]] = None,
|
250
|
-
auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
|
251
|
-
backend: Optional[pulumi.Input[str]] = None,
|
252
|
-
cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
|
253
|
-
delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
|
254
|
-
disable: Optional[pulumi.Input[bool]] = None,
|
255
|
-
enable_delta: Optional[pulumi.Input[bool]] = None,
|
256
|
-
expiry: Optional[pulumi.Input[str]] = None,
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
-
|
261
|
-
|
268
|
+
auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
|
269
|
+
auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
|
270
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
271
|
+
cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
|
272
|
+
delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
|
273
|
+
disable: Optional[pulumi.Input[builtins.bool]] = None,
|
274
|
+
enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
|
275
|
+
expiry: Optional[pulumi.Input[builtins.str]] = None,
|
276
|
+
max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
|
277
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
278
|
+
ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
|
279
|
+
ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
|
280
|
+
unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
|
281
|
+
unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None):
|
262
282
|
"""
|
263
283
|
Input properties used for looking up and filtering SecretBackendCrlConfig resources.
|
264
|
-
:param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
265
|
-
:param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
266
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
267
|
-
:param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
268
|
-
:param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
269
|
-
:param pulumi.Input[bool] disable: Disables or enables CRL building.
|
270
|
-
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
284
|
+
:param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
285
|
+
:param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
286
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
287
|
+
:param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
288
|
+
:param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
289
|
+
:param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
|
290
|
+
:param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
271
291
|
augmenting the last complete CRL. **Vault 1.12+**
|
272
|
-
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
273
|
-
:param pulumi.Input[
|
292
|
+
:param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
|
293
|
+
:param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
294
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
295
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
274
296
|
The value should not contain leading or trailing forward slashes.
|
275
297
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
276
298
|
*Available only for Vault Enterprise*.
|
277
|
-
:param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
278
|
-
:param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
299
|
+
:param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
300
|
+
:param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
279
301
|
refresh durations. **Vault 1.12+**
|
280
|
-
:param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
281
|
-
:param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
302
|
+
:param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
303
|
+
:param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
282
304
|
cluster-local paths. **Vault 1.13+**
|
283
305
|
"""
|
284
306
|
if auto_rebuild is not None:
|
@@ -297,6 +319,8 @@ class _SecretBackendCrlConfigState:
|
|
297
319
|
pulumi.set(__self__, "enable_delta", enable_delta)
|
298
320
|
if expiry is not None:
|
299
321
|
pulumi.set(__self__, "expiry", expiry)
|
322
|
+
if max_crl_entries is not None:
|
323
|
+
pulumi.set(__self__, "max_crl_entries", max_crl_entries)
|
300
324
|
if namespace is not None:
|
301
325
|
pulumi.set(__self__, "namespace", namespace)
|
302
326
|
if ocsp_disable is not None:
|
@@ -310,79 +334,79 @@ class _SecretBackendCrlConfigState:
|
|
310
334
|
|
311
335
|
@property
|
312
336
|
@pulumi.getter(name="autoRebuild")
|
313
|
-
def auto_rebuild(self) -> Optional[pulumi.Input[bool]]:
|
337
|
+
def auto_rebuild(self) -> Optional[pulumi.Input[builtins.bool]]:
|
314
338
|
"""
|
315
339
|
Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
316
340
|
"""
|
317
341
|
return pulumi.get(self, "auto_rebuild")
|
318
342
|
|
319
343
|
@auto_rebuild.setter
|
320
|
-
def auto_rebuild(self, value: Optional[pulumi.Input[bool]]):
|
344
|
+
def auto_rebuild(self, value: Optional[pulumi.Input[builtins.bool]]):
|
321
345
|
pulumi.set(self, "auto_rebuild", value)
|
322
346
|
|
323
347
|
@property
|
324
348
|
@pulumi.getter(name="autoRebuildGracePeriod")
|
325
|
-
def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[str]]:
|
349
|
+
def auto_rebuild_grace_period(self) -> Optional[pulumi.Input[builtins.str]]:
|
326
350
|
"""
|
327
351
|
Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
328
352
|
"""
|
329
353
|
return pulumi.get(self, "auto_rebuild_grace_period")
|
330
354
|
|
331
355
|
@auto_rebuild_grace_period.setter
|
332
|
-
def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[str]]):
|
356
|
+
def auto_rebuild_grace_period(self, value: Optional[pulumi.Input[builtins.str]]):
|
333
357
|
pulumi.set(self, "auto_rebuild_grace_period", value)
|
334
358
|
|
335
359
|
@property
|
336
360
|
@pulumi.getter
|
337
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
361
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
338
362
|
"""
|
339
363
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
340
364
|
"""
|
341
365
|
return pulumi.get(self, "backend")
|
342
366
|
|
343
367
|
@backend.setter
|
344
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
368
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
345
369
|
pulumi.set(self, "backend", value)
|
346
370
|
|
347
371
|
@property
|
348
372
|
@pulumi.getter(name="crossClusterRevocation")
|
349
|
-
def cross_cluster_revocation(self) -> Optional[pulumi.Input[bool]]:
|
373
|
+
def cross_cluster_revocation(self) -> Optional[pulumi.Input[builtins.bool]]:
|
350
374
|
"""
|
351
375
|
Enable cross-cluster revocation request queues. **Vault 1.13+**
|
352
376
|
"""
|
353
377
|
return pulumi.get(self, "cross_cluster_revocation")
|
354
378
|
|
355
379
|
@cross_cluster_revocation.setter
|
356
|
-
def cross_cluster_revocation(self, value: Optional[pulumi.Input[bool]]):
|
380
|
+
def cross_cluster_revocation(self, value: Optional[pulumi.Input[builtins.bool]]):
|
357
381
|
pulumi.set(self, "cross_cluster_revocation", value)
|
358
382
|
|
359
383
|
@property
|
360
384
|
@pulumi.getter(name="deltaRebuildInterval")
|
361
|
-
def delta_rebuild_interval(self) -> Optional[pulumi.Input[str]]:
|
385
|
+
def delta_rebuild_interval(self) -> Optional[pulumi.Input[builtins.str]]:
|
362
386
|
"""
|
363
387
|
Interval to check for new revocations on, to regenerate the delta CRL.
|
364
388
|
"""
|
365
389
|
return pulumi.get(self, "delta_rebuild_interval")
|
366
390
|
|
367
391
|
@delta_rebuild_interval.setter
|
368
|
-
def delta_rebuild_interval(self, value: Optional[pulumi.Input[str]]):
|
392
|
+
def delta_rebuild_interval(self, value: Optional[pulumi.Input[builtins.str]]):
|
369
393
|
pulumi.set(self, "delta_rebuild_interval", value)
|
370
394
|
|
371
395
|
@property
|
372
396
|
@pulumi.getter
|
373
|
-
def disable(self) -> Optional[pulumi.Input[bool]]:
|
397
|
+
def disable(self) -> Optional[pulumi.Input[builtins.bool]]:
|
374
398
|
"""
|
375
399
|
Disables or enables CRL building.
|
376
400
|
"""
|
377
401
|
return pulumi.get(self, "disable")
|
378
402
|
|
379
403
|
@disable.setter
|
380
|
-
def disable(self, value: Optional[pulumi.Input[bool]]):
|
404
|
+
def disable(self, value: Optional[pulumi.Input[builtins.bool]]):
|
381
405
|
pulumi.set(self, "disable", value)
|
382
406
|
|
383
407
|
@property
|
384
408
|
@pulumi.getter(name="enableDelta")
|
385
|
-
def enable_delta(self) -> Optional[pulumi.Input[bool]]:
|
409
|
+
def enable_delta(self) -> Optional[pulumi.Input[builtins.bool]]:
|
386
410
|
"""
|
387
411
|
Enables building of delta CRLs with up-to-date revocation information,
|
388
412
|
augmenting the last complete CRL. **Vault 1.12+**
|
@@ -390,24 +414,37 @@ class _SecretBackendCrlConfigState:
|
|
390
414
|
return pulumi.get(self, "enable_delta")
|
391
415
|
|
392
416
|
@enable_delta.setter
|
393
|
-
def enable_delta(self, value: Optional[pulumi.Input[bool]]):
|
417
|
+
def enable_delta(self, value: Optional[pulumi.Input[builtins.bool]]):
|
394
418
|
pulumi.set(self, "enable_delta", value)
|
395
419
|
|
396
420
|
@property
|
397
421
|
@pulumi.getter
|
398
|
-
def expiry(self) -> Optional[pulumi.Input[str]]:
|
422
|
+
def expiry(self) -> Optional[pulumi.Input[builtins.str]]:
|
399
423
|
"""
|
400
424
|
Specifies the time until expiration.
|
401
425
|
"""
|
402
426
|
return pulumi.get(self, "expiry")
|
403
427
|
|
404
428
|
@expiry.setter
|
405
|
-
def expiry(self, value: Optional[pulumi.Input[str]]):
|
429
|
+
def expiry(self, value: Optional[pulumi.Input[builtins.str]]):
|
406
430
|
pulumi.set(self, "expiry", value)
|
407
431
|
|
432
|
+
@property
|
433
|
+
@pulumi.getter(name="maxCrlEntries")
|
434
|
+
def max_crl_entries(self) -> Optional[pulumi.Input[builtins.int]]:
|
435
|
+
"""
|
436
|
+
The maximum number of entries a CRL can contain. This option exists to prevent
|
437
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
438
|
+
"""
|
439
|
+
return pulumi.get(self, "max_crl_entries")
|
440
|
+
|
441
|
+
@max_crl_entries.setter
|
442
|
+
def max_crl_entries(self, value: Optional[pulumi.Input[builtins.int]]):
|
443
|
+
pulumi.set(self, "max_crl_entries", value)
|
444
|
+
|
408
445
|
@property
|
409
446
|
@pulumi.getter
|
410
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
447
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
411
448
|
"""
|
412
449
|
The namespace to provision the resource in.
|
413
450
|
The value should not contain leading or trailing forward slashes.
|
@@ -417,24 +454,24 @@ class _SecretBackendCrlConfigState:
|
|
417
454
|
return pulumi.get(self, "namespace")
|
418
455
|
|
419
456
|
@namespace.setter
|
420
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
457
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
421
458
|
pulumi.set(self, "namespace", value)
|
422
459
|
|
423
460
|
@property
|
424
461
|
@pulumi.getter(name="ocspDisable")
|
425
|
-
def ocsp_disable(self) -> Optional[pulumi.Input[bool]]:
|
462
|
+
def ocsp_disable(self) -> Optional[pulumi.Input[builtins.bool]]:
|
426
463
|
"""
|
427
464
|
Disables the OCSP responder in Vault. **Vault 1.12+**
|
428
465
|
"""
|
429
466
|
return pulumi.get(self, "ocsp_disable")
|
430
467
|
|
431
468
|
@ocsp_disable.setter
|
432
|
-
def ocsp_disable(self, value: Optional[pulumi.Input[bool]]):
|
469
|
+
def ocsp_disable(self, value: Optional[pulumi.Input[builtins.bool]]):
|
433
470
|
pulumi.set(self, "ocsp_disable", value)
|
434
471
|
|
435
472
|
@property
|
436
473
|
@pulumi.getter(name="ocspExpiry")
|
437
|
-
def ocsp_expiry(self) -> Optional[pulumi.Input[str]]:
|
474
|
+
def ocsp_expiry(self) -> Optional[pulumi.Input[builtins.str]]:
|
438
475
|
"""
|
439
476
|
The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
440
477
|
refresh durations. **Vault 1.12+**
|
@@ -442,24 +479,24 @@ class _SecretBackendCrlConfigState:
|
|
442
479
|
return pulumi.get(self, "ocsp_expiry")
|
443
480
|
|
444
481
|
@ocsp_expiry.setter
|
445
|
-
def ocsp_expiry(self, value: Optional[pulumi.Input[str]]):
|
482
|
+
def ocsp_expiry(self, value: Optional[pulumi.Input[builtins.str]]):
|
446
483
|
pulumi.set(self, "ocsp_expiry", value)
|
447
484
|
|
448
485
|
@property
|
449
486
|
@pulumi.getter(name="unifiedCrl")
|
450
|
-
def unified_crl(self) -> Optional[pulumi.Input[bool]]:
|
487
|
+
def unified_crl(self) -> Optional[pulumi.Input[builtins.bool]]:
|
451
488
|
"""
|
452
489
|
Enables unified CRL and OCSP building. **Vault 1.13+**
|
453
490
|
"""
|
454
491
|
return pulumi.get(self, "unified_crl")
|
455
492
|
|
456
493
|
@unified_crl.setter
|
457
|
-
def unified_crl(self, value: Optional[pulumi.Input[bool]]):
|
494
|
+
def unified_crl(self, value: Optional[pulumi.Input[builtins.bool]]):
|
458
495
|
pulumi.set(self, "unified_crl", value)
|
459
496
|
|
460
497
|
@property
|
461
498
|
@pulumi.getter(name="unifiedCrlOnExistingPaths")
|
462
|
-
def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[bool]]:
|
499
|
+
def unified_crl_on_existing_paths(self) -> Optional[pulumi.Input[builtins.bool]]:
|
463
500
|
"""
|
464
501
|
Enables serving the unified CRL and OCSP on the existing, previously
|
465
502
|
cluster-local paths. **Vault 1.13+**
|
@@ -467,7 +504,7 @@ class _SecretBackendCrlConfigState:
|
|
467
504
|
return pulumi.get(self, "unified_crl_on_existing_paths")
|
468
505
|
|
469
506
|
@unified_crl_on_existing_paths.setter
|
470
|
-
def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[bool]]):
|
507
|
+
def unified_crl_on_existing_paths(self, value: Optional[pulumi.Input[builtins.bool]]):
|
471
508
|
pulumi.set(self, "unified_crl_on_existing_paths", value)
|
472
509
|
|
473
510
|
|
@@ -476,19 +513,20 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
476
513
|
def __init__(__self__,
|
477
514
|
resource_name: str,
|
478
515
|
opts: Optional[pulumi.ResourceOptions] = None,
|
479
|
-
auto_rebuild: Optional[pulumi.Input[bool]] = None,
|
480
|
-
auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
|
481
|
-
backend: Optional[pulumi.Input[str]] = None,
|
482
|
-
cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
|
483
|
-
delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
|
484
|
-
disable: Optional[pulumi.Input[bool]] = None,
|
485
|
-
enable_delta: Optional[pulumi.Input[bool]] = None,
|
486
|
-
expiry: Optional[pulumi.Input[str]] = None,
|
487
|
-
|
488
|
-
|
489
|
-
|
490
|
-
|
491
|
-
|
516
|
+
auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
|
517
|
+
auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
|
518
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
519
|
+
cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
|
520
|
+
delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
|
521
|
+
disable: Optional[pulumi.Input[builtins.bool]] = None,
|
522
|
+
enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
|
523
|
+
expiry: Optional[pulumi.Input[builtins.str]] = None,
|
524
|
+
max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
|
525
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
526
|
+
ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
|
527
|
+
ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
|
528
|
+
unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
|
529
|
+
unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None,
|
492
530
|
__props__=None):
|
493
531
|
"""
|
494
532
|
Allows setting the duration for which the generated CRL should be marked valid. If the CRL is disabled, it will return a signed but zero-length CRL for any request. If enabled, it will re-build the CRL.
|
@@ -512,24 +550,26 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
512
550
|
|
513
551
|
:param str resource_name: The name of the resource.
|
514
552
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
515
|
-
:param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
516
|
-
:param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
517
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
518
|
-
:param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
519
|
-
:param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
520
|
-
:param pulumi.Input[bool] disable: Disables or enables CRL building.
|
521
|
-
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
553
|
+
:param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
554
|
+
:param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
555
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
556
|
+
:param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
557
|
+
:param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
558
|
+
:param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
|
559
|
+
:param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
522
560
|
augmenting the last complete CRL. **Vault 1.12+**
|
523
|
-
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
524
|
-
:param pulumi.Input[
|
561
|
+
:param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
|
562
|
+
:param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
563
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
564
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
525
565
|
The value should not contain leading or trailing forward slashes.
|
526
566
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
527
567
|
*Available only for Vault Enterprise*.
|
528
|
-
:param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
529
|
-
:param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
568
|
+
:param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
569
|
+
:param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
530
570
|
refresh durations. **Vault 1.12+**
|
531
|
-
:param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
532
|
-
:param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
571
|
+
:param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
572
|
+
:param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
533
573
|
cluster-local paths. **Vault 1.13+**
|
534
574
|
"""
|
535
575
|
...
|
@@ -573,19 +613,20 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
573
613
|
def _internal_init(__self__,
|
574
614
|
resource_name: str,
|
575
615
|
opts: Optional[pulumi.ResourceOptions] = None,
|
576
|
-
auto_rebuild: Optional[pulumi.Input[bool]] = None,
|
577
|
-
auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
|
578
|
-
backend: Optional[pulumi.Input[str]] = None,
|
579
|
-
cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
|
580
|
-
delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
|
581
|
-
disable: Optional[pulumi.Input[bool]] = None,
|
582
|
-
enable_delta: Optional[pulumi.Input[bool]] = None,
|
583
|
-
expiry: Optional[pulumi.Input[str]] = None,
|
584
|
-
|
585
|
-
|
586
|
-
|
587
|
-
|
588
|
-
|
616
|
+
auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
|
617
|
+
auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
|
618
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
619
|
+
cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
|
620
|
+
delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
|
621
|
+
disable: Optional[pulumi.Input[builtins.bool]] = None,
|
622
|
+
enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
|
623
|
+
expiry: Optional[pulumi.Input[builtins.str]] = None,
|
624
|
+
max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
|
625
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
626
|
+
ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
|
627
|
+
ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
|
628
|
+
unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
|
629
|
+
unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None,
|
589
630
|
__props__=None):
|
590
631
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
591
632
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -605,6 +646,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
605
646
|
__props__.__dict__["disable"] = disable
|
606
647
|
__props__.__dict__["enable_delta"] = enable_delta
|
607
648
|
__props__.__dict__["expiry"] = expiry
|
649
|
+
__props__.__dict__["max_crl_entries"] = max_crl_entries
|
608
650
|
__props__.__dict__["namespace"] = namespace
|
609
651
|
__props__.__dict__["ocsp_disable"] = ocsp_disable
|
610
652
|
__props__.__dict__["ocsp_expiry"] = ocsp_expiry
|
@@ -620,19 +662,20 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
620
662
|
def get(resource_name: str,
|
621
663
|
id: pulumi.Input[str],
|
622
664
|
opts: Optional[pulumi.ResourceOptions] = None,
|
623
|
-
auto_rebuild: Optional[pulumi.Input[bool]] = None,
|
624
|
-
auto_rebuild_grace_period: Optional[pulumi.Input[str]] = None,
|
625
|
-
backend: Optional[pulumi.Input[str]] = None,
|
626
|
-
cross_cluster_revocation: Optional[pulumi.Input[bool]] = None,
|
627
|
-
delta_rebuild_interval: Optional[pulumi.Input[str]] = None,
|
628
|
-
disable: Optional[pulumi.Input[bool]] = None,
|
629
|
-
enable_delta: Optional[pulumi.Input[bool]] = None,
|
630
|
-
expiry: Optional[pulumi.Input[str]] = None,
|
631
|
-
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
665
|
+
auto_rebuild: Optional[pulumi.Input[builtins.bool]] = None,
|
666
|
+
auto_rebuild_grace_period: Optional[pulumi.Input[builtins.str]] = None,
|
667
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
668
|
+
cross_cluster_revocation: Optional[pulumi.Input[builtins.bool]] = None,
|
669
|
+
delta_rebuild_interval: Optional[pulumi.Input[builtins.str]] = None,
|
670
|
+
disable: Optional[pulumi.Input[builtins.bool]] = None,
|
671
|
+
enable_delta: Optional[pulumi.Input[builtins.bool]] = None,
|
672
|
+
expiry: Optional[pulumi.Input[builtins.str]] = None,
|
673
|
+
max_crl_entries: Optional[pulumi.Input[builtins.int]] = None,
|
674
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
675
|
+
ocsp_disable: Optional[pulumi.Input[builtins.bool]] = None,
|
676
|
+
ocsp_expiry: Optional[pulumi.Input[builtins.str]] = None,
|
677
|
+
unified_crl: Optional[pulumi.Input[builtins.bool]] = None,
|
678
|
+
unified_crl_on_existing_paths: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendCrlConfig':
|
636
679
|
"""
|
637
680
|
Get an existing SecretBackendCrlConfig resource's state with the given name, id, and optional extra
|
638
681
|
properties used to qualify the lookup.
|
@@ -640,24 +683,26 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
640
683
|
:param str resource_name: The unique name of the resulting resource.
|
641
684
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
642
685
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
643
|
-
:param pulumi.Input[bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
644
|
-
:param pulumi.Input[str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
645
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
646
|
-
:param pulumi.Input[bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
647
|
-
:param pulumi.Input[str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
648
|
-
:param pulumi.Input[bool] disable: Disables or enables CRL building.
|
649
|
-
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
686
|
+
:param pulumi.Input[builtins.bool] auto_rebuild: Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
687
|
+
:param pulumi.Input[builtins.str] auto_rebuild_grace_period: Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
688
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
689
|
+
:param pulumi.Input[builtins.bool] cross_cluster_revocation: Enable cross-cluster revocation request queues. **Vault 1.13+**
|
690
|
+
:param pulumi.Input[builtins.str] delta_rebuild_interval: Interval to check for new revocations on, to regenerate the delta CRL.
|
691
|
+
:param pulumi.Input[builtins.bool] disable: Disables or enables CRL building.
|
692
|
+
:param pulumi.Input[builtins.bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
650
693
|
augmenting the last complete CRL. **Vault 1.12+**
|
651
|
-
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
652
|
-
:param pulumi.Input[
|
694
|
+
:param pulumi.Input[builtins.str] expiry: Specifies the time until expiration.
|
695
|
+
:param pulumi.Input[builtins.int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
696
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
697
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
653
698
|
The value should not contain leading or trailing forward slashes.
|
654
699
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
655
700
|
*Available only for Vault Enterprise*.
|
656
|
-
:param pulumi.Input[bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
657
|
-
:param pulumi.Input[str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
701
|
+
:param pulumi.Input[builtins.bool] ocsp_disable: Disables the OCSP responder in Vault. **Vault 1.12+**
|
702
|
+
:param pulumi.Input[builtins.str] ocsp_expiry: The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
658
703
|
refresh durations. **Vault 1.12+**
|
659
|
-
:param pulumi.Input[bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
660
|
-
:param pulumi.Input[bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
704
|
+
:param pulumi.Input[builtins.bool] unified_crl: Enables unified CRL and OCSP building. **Vault 1.13+**
|
705
|
+
:param pulumi.Input[builtins.bool] unified_crl_on_existing_paths: Enables serving the unified CRL and OCSP on the existing, previously
|
661
706
|
cluster-local paths. **Vault 1.13+**
|
662
707
|
"""
|
663
708
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
@@ -672,6 +717,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
672
717
|
__props__.__dict__["disable"] = disable
|
673
718
|
__props__.__dict__["enable_delta"] = enable_delta
|
674
719
|
__props__.__dict__["expiry"] = expiry
|
720
|
+
__props__.__dict__["max_crl_entries"] = max_crl_entries
|
675
721
|
__props__.__dict__["namespace"] = namespace
|
676
722
|
__props__.__dict__["ocsp_disable"] = ocsp_disable
|
677
723
|
__props__.__dict__["ocsp_expiry"] = ocsp_expiry
|
@@ -681,7 +727,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
681
727
|
|
682
728
|
@property
|
683
729
|
@pulumi.getter(name="autoRebuild")
|
684
|
-
def auto_rebuild(self) -> pulumi.Output[Optional[bool]]:
|
730
|
+
def auto_rebuild(self) -> pulumi.Output[Optional[builtins.bool]]:
|
685
731
|
"""
|
686
732
|
Enables periodic rebuilding of the CRL upon expiry. **Vault 1.12+**
|
687
733
|
"""
|
@@ -689,7 +735,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
689
735
|
|
690
736
|
@property
|
691
737
|
@pulumi.getter(name="autoRebuildGracePeriod")
|
692
|
-
def auto_rebuild_grace_period(self) -> pulumi.Output[str]:
|
738
|
+
def auto_rebuild_grace_period(self) -> pulumi.Output[builtins.str]:
|
693
739
|
"""
|
694
740
|
Grace period before CRL expiry to attempt rebuild of CRL. **Vault 1.12+**
|
695
741
|
"""
|
@@ -697,7 +743,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
697
743
|
|
698
744
|
@property
|
699
745
|
@pulumi.getter
|
700
|
-
def backend(self) -> pulumi.Output[str]:
|
746
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
701
747
|
"""
|
702
748
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
703
749
|
"""
|
@@ -705,7 +751,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
705
751
|
|
706
752
|
@property
|
707
753
|
@pulumi.getter(name="crossClusterRevocation")
|
708
|
-
def cross_cluster_revocation(self) -> pulumi.Output[bool]:
|
754
|
+
def cross_cluster_revocation(self) -> pulumi.Output[builtins.bool]:
|
709
755
|
"""
|
710
756
|
Enable cross-cluster revocation request queues. **Vault 1.13+**
|
711
757
|
"""
|
@@ -713,7 +759,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
713
759
|
|
714
760
|
@property
|
715
761
|
@pulumi.getter(name="deltaRebuildInterval")
|
716
|
-
def delta_rebuild_interval(self) -> pulumi.Output[str]:
|
762
|
+
def delta_rebuild_interval(self) -> pulumi.Output[builtins.str]:
|
717
763
|
"""
|
718
764
|
Interval to check for new revocations on, to regenerate the delta CRL.
|
719
765
|
"""
|
@@ -721,7 +767,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
721
767
|
|
722
768
|
@property
|
723
769
|
@pulumi.getter
|
724
|
-
def disable(self) -> pulumi.Output[Optional[bool]]:
|
770
|
+
def disable(self) -> pulumi.Output[Optional[builtins.bool]]:
|
725
771
|
"""
|
726
772
|
Disables or enables CRL building.
|
727
773
|
"""
|
@@ -729,7 +775,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
729
775
|
|
730
776
|
@property
|
731
777
|
@pulumi.getter(name="enableDelta")
|
732
|
-
def enable_delta(self) -> pulumi.Output[Optional[bool]]:
|
778
|
+
def enable_delta(self) -> pulumi.Output[Optional[builtins.bool]]:
|
733
779
|
"""
|
734
780
|
Enables building of delta CRLs with up-to-date revocation information,
|
735
781
|
augmenting the last complete CRL. **Vault 1.12+**
|
@@ -738,15 +784,24 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
738
784
|
|
739
785
|
@property
|
740
786
|
@pulumi.getter
|
741
|
-
def expiry(self) -> pulumi.Output[Optional[str]]:
|
787
|
+
def expiry(self) -> pulumi.Output[Optional[builtins.str]]:
|
742
788
|
"""
|
743
789
|
Specifies the time until expiration.
|
744
790
|
"""
|
745
791
|
return pulumi.get(self, "expiry")
|
746
792
|
|
793
|
+
@property
|
794
|
+
@pulumi.getter(name="maxCrlEntries")
|
795
|
+
def max_crl_entries(self) -> pulumi.Output[builtins.int]:
|
796
|
+
"""
|
797
|
+
The maximum number of entries a CRL can contain. This option exists to prevent
|
798
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
799
|
+
"""
|
800
|
+
return pulumi.get(self, "max_crl_entries")
|
801
|
+
|
747
802
|
@property
|
748
803
|
@pulumi.getter
|
749
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
804
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
750
805
|
"""
|
751
806
|
The namespace to provision the resource in.
|
752
807
|
The value should not contain leading or trailing forward slashes.
|
@@ -757,7 +812,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
757
812
|
|
758
813
|
@property
|
759
814
|
@pulumi.getter(name="ocspDisable")
|
760
|
-
def ocsp_disable(self) -> pulumi.Output[Optional[bool]]:
|
815
|
+
def ocsp_disable(self) -> pulumi.Output[Optional[builtins.bool]]:
|
761
816
|
"""
|
762
817
|
Disables the OCSP responder in Vault. **Vault 1.12+**
|
763
818
|
"""
|
@@ -765,7 +820,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
765
820
|
|
766
821
|
@property
|
767
822
|
@pulumi.getter(name="ocspExpiry")
|
768
|
-
def ocsp_expiry(self) -> pulumi.Output[str]:
|
823
|
+
def ocsp_expiry(self) -> pulumi.Output[builtins.str]:
|
769
824
|
"""
|
770
825
|
The amount of time an OCSP response can be cached for, useful for OCSP stapling
|
771
826
|
refresh durations. **Vault 1.12+**
|
@@ -774,7 +829,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
774
829
|
|
775
830
|
@property
|
776
831
|
@pulumi.getter(name="unifiedCrl")
|
777
|
-
def unified_crl(self) -> pulumi.Output[bool]:
|
832
|
+
def unified_crl(self) -> pulumi.Output[builtins.bool]:
|
778
833
|
"""
|
779
834
|
Enables unified CRL and OCSP building. **Vault 1.13+**
|
780
835
|
"""
|
@@ -782,7 +837,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
782
837
|
|
783
838
|
@property
|
784
839
|
@pulumi.getter(name="unifiedCrlOnExistingPaths")
|
785
|
-
def unified_crl_on_existing_paths(self) -> pulumi.Output[bool]:
|
840
|
+
def unified_crl_on_existing_paths(self) -> pulumi.Output[builtins.bool]:
|
786
841
|
"""
|
787
842
|
Enables serving the unified CRL and OCSP on the existing, previously
|
788
843
|
cluster-local paths. **Vault 1.13+**
|