pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,47 +20,74 @@ __all__ = ['SecretBackendIssuerArgs', 'SecretBackendIssuer']
19
20
  @pulumi.input_type
20
21
  class SecretBackendIssuerArgs:
21
22
  def __init__(__self__, *,
22
- backend: pulumi.Input[str],
23
- issuer_ref: pulumi.Input[str],
24
- crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
- enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
26
- issuer_name: Optional[pulumi.Input[str]] = None,
27
- issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
28
- leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
29
- manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
- namespace: Optional[pulumi.Input[str]] = None,
31
- ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
32
- revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
33
- usage: Optional[pulumi.Input[str]] = None):
23
+ backend: pulumi.Input[builtins.str],
24
+ issuer_ref: pulumi.Input[builtins.str],
25
+ crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
26
+ disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
27
+ disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
28
+ disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
29
+ disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
30
+ enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
31
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
32
+ issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
33
+ leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
34
+ manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
35
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
36
+ ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
37
+ revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
38
+ usage: Optional[pulumi.Input[builtins.str]] = None):
34
39
  """
35
40
  The set of arguments for constructing a SecretBackendIssuer resource.
36
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
41
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
37
42
  leading or trailing `/`s.
38
- :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
39
- :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
43
+ :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
44
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
40
45
  Distribution Points field.
41
- :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
46
+ :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
47
+ issuer is able to issue certificates where the chain of trust (including the
48
+ issued certificate) contain critical extensions not processed by Vault.
49
+ :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
50
+ to issue certificates where the chain of trust (including the final issued
51
+ certificate) contains a link in which the subject of the issuing certificate
52
+ does not match the named issuer of the certificate it signed.
53
+ :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
54
+ issuer is able to issue certificates where the chain of trust (including the
55
+ final issued certificate) violates the name constraints critical extension of
56
+ one of the issuer certificates in the chain.
57
+ :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
58
+ is able to issue certificates where the chain of trust (including the final
59
+ issued certificate) is longer than allowed by a certificate authority in that
60
+ chain.
61
+ :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
42
62
  be templated.
43
- :param pulumi.Input[str] issuer_name: Name of the issuer.
44
- :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
63
+ :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
64
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
45
65
  Certificate field.
46
- :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
66
+ :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
47
67
  issuance.
48
- :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
68
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
49
69
  computed CAChain field from, when non-empty.
50
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
70
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
51
71
  The value should not contain leading or trailing forward slashes.
52
72
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
53
73
  *Available only for Vault Enterprise*.
54
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
55
- :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
74
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
75
+ :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
56
76
  when building CRLs.
57
- :param pulumi.Input[str] usage: Allowed usages for this issuer.
77
+ :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
58
78
  """
59
79
  pulumi.set(__self__, "backend", backend)
60
80
  pulumi.set(__self__, "issuer_ref", issuer_ref)
61
81
  if crl_distribution_points is not None:
62
82
  pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
83
+ if disable_critical_extension_checks is not None:
84
+ pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
85
+ if disable_name_checks is not None:
86
+ pulumi.set(__self__, "disable_name_checks", disable_name_checks)
87
+ if disable_name_constraint_checks is not None:
88
+ pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
89
+ if disable_path_length_checks is not None:
90
+ pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
63
91
  if enable_aia_url_templating is not None:
64
92
  pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
65
93
  if issuer_name is not None:
@@ -81,7 +109,7 @@ class SecretBackendIssuerArgs:
81
109
 
82
110
  @property
83
111
  @pulumi.getter
84
- def backend(self) -> pulumi.Input[str]:
112
+ def backend(self) -> pulumi.Input[builtins.str]:
85
113
  """
86
114
  The path the PKI secret backend is mounted at, with no
87
115
  leading or trailing `/`s.
@@ -89,24 +117,24 @@ class SecretBackendIssuerArgs:
89
117
  return pulumi.get(self, "backend")
90
118
 
91
119
  @backend.setter
92
- def backend(self, value: pulumi.Input[str]):
120
+ def backend(self, value: pulumi.Input[builtins.str]):
93
121
  pulumi.set(self, "backend", value)
94
122
 
95
123
  @property
96
124
  @pulumi.getter(name="issuerRef")
97
- def issuer_ref(self) -> pulumi.Input[str]:
125
+ def issuer_ref(self) -> pulumi.Input[builtins.str]:
98
126
  """
99
127
  Reference to an existing issuer.
100
128
  """
101
129
  return pulumi.get(self, "issuer_ref")
102
130
 
103
131
  @issuer_ref.setter
104
- def issuer_ref(self, value: pulumi.Input[str]):
132
+ def issuer_ref(self, value: pulumi.Input[builtins.str]):
105
133
  pulumi.set(self, "issuer_ref", value)
106
134
 
107
135
  @property
108
136
  @pulumi.getter(name="crlDistributionPoints")
109
- def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
137
+ def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
110
138
  """
111
139
  Specifies the URL values for the CRL
112
140
  Distribution Points field.
@@ -114,12 +142,71 @@ class SecretBackendIssuerArgs:
114
142
  return pulumi.get(self, "crl_distribution_points")
115
143
 
116
144
  @crl_distribution_points.setter
117
- def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
145
+ def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
118
146
  pulumi.set(self, "crl_distribution_points", value)
119
147
 
148
+ @property
149
+ @pulumi.getter(name="disableCriticalExtensionChecks")
150
+ def disable_critical_extension_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
151
+ """
152
+ This determines whether this
153
+ issuer is able to issue certificates where the chain of trust (including the
154
+ issued certificate) contain critical extensions not processed by Vault.
155
+ """
156
+ return pulumi.get(self, "disable_critical_extension_checks")
157
+
158
+ @disable_critical_extension_checks.setter
159
+ def disable_critical_extension_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
160
+ pulumi.set(self, "disable_critical_extension_checks", value)
161
+
162
+ @property
163
+ @pulumi.getter(name="disableNameChecks")
164
+ def disable_name_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
165
+ """
166
+ This determines whether this issuer is able
167
+ to issue certificates where the chain of trust (including the final issued
168
+ certificate) contains a link in which the subject of the issuing certificate
169
+ does not match the named issuer of the certificate it signed.
170
+ """
171
+ return pulumi.get(self, "disable_name_checks")
172
+
173
+ @disable_name_checks.setter
174
+ def disable_name_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
175
+ pulumi.set(self, "disable_name_checks", value)
176
+
177
+ @property
178
+ @pulumi.getter(name="disableNameConstraintChecks")
179
+ def disable_name_constraint_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
180
+ """
181
+ This determines whether this
182
+ issuer is able to issue certificates where the chain of trust (including the
183
+ final issued certificate) violates the name constraints critical extension of
184
+ one of the issuer certificates in the chain.
185
+ """
186
+ return pulumi.get(self, "disable_name_constraint_checks")
187
+
188
+ @disable_name_constraint_checks.setter
189
+ def disable_name_constraint_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
190
+ pulumi.set(self, "disable_name_constraint_checks", value)
191
+
192
+ @property
193
+ @pulumi.getter(name="disablePathLengthChecks")
194
+ def disable_path_length_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
195
+ """
196
+ This determines whether this issuer
197
+ is able to issue certificates where the chain of trust (including the final
198
+ issued certificate) is longer than allowed by a certificate authority in that
199
+ chain.
200
+ """
201
+ return pulumi.get(self, "disable_path_length_checks")
202
+
203
+ @disable_path_length_checks.setter
204
+ def disable_path_length_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
205
+ pulumi.set(self, "disable_path_length_checks", value)
206
+
120
207
  @property
121
208
  @pulumi.getter(name="enableAiaUrlTemplating")
122
- def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
209
+ def enable_aia_url_templating(self) -> Optional[pulumi.Input[builtins.bool]]:
123
210
  """
124
211
  Specifies that the AIA URL values should
125
212
  be templated.
@@ -127,24 +214,24 @@ class SecretBackendIssuerArgs:
127
214
  return pulumi.get(self, "enable_aia_url_templating")
128
215
 
129
216
  @enable_aia_url_templating.setter
130
- def enable_aia_url_templating(self, value: Optional[pulumi.Input[bool]]):
217
+ def enable_aia_url_templating(self, value: Optional[pulumi.Input[builtins.bool]]):
131
218
  pulumi.set(self, "enable_aia_url_templating", value)
132
219
 
133
220
  @property
134
221
  @pulumi.getter(name="issuerName")
135
- def issuer_name(self) -> Optional[pulumi.Input[str]]:
222
+ def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
136
223
  """
137
224
  Name of the issuer.
138
225
  """
139
226
  return pulumi.get(self, "issuer_name")
140
227
 
141
228
  @issuer_name.setter
142
- def issuer_name(self, value: Optional[pulumi.Input[str]]):
229
+ def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
143
230
  pulumi.set(self, "issuer_name", value)
144
231
 
145
232
  @property
146
233
  @pulumi.getter(name="issuingCertificates")
147
- def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
234
+ def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
148
235
  """
149
236
  Specifies the URL values for the Issuing
150
237
  Certificate field.
@@ -152,12 +239,12 @@ class SecretBackendIssuerArgs:
152
239
  return pulumi.get(self, "issuing_certificates")
153
240
 
154
241
  @issuing_certificates.setter
155
- def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
242
+ def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
156
243
  pulumi.set(self, "issuing_certificates", value)
157
244
 
158
245
  @property
159
246
  @pulumi.getter(name="leafNotAfterBehavior")
160
- def leaf_not_after_behavior(self) -> Optional[pulumi.Input[str]]:
247
+ def leaf_not_after_behavior(self) -> Optional[pulumi.Input[builtins.str]]:
161
248
  """
162
249
  Behavior of a leaf's NotAfter field during
163
250
  issuance.
@@ -165,12 +252,12 @@ class SecretBackendIssuerArgs:
165
252
  return pulumi.get(self, "leaf_not_after_behavior")
166
253
 
167
254
  @leaf_not_after_behavior.setter
168
- def leaf_not_after_behavior(self, value: Optional[pulumi.Input[str]]):
255
+ def leaf_not_after_behavior(self, value: Optional[pulumi.Input[builtins.str]]):
169
256
  pulumi.set(self, "leaf_not_after_behavior", value)
170
257
 
171
258
  @property
172
259
  @pulumi.getter(name="manualChains")
173
- def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
260
+ def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
174
261
  """
175
262
  Chain of issuer references to build this issuer's
176
263
  computed CAChain field from, when non-empty.
@@ -178,12 +265,12 @@ class SecretBackendIssuerArgs:
178
265
  return pulumi.get(self, "manual_chains")
179
266
 
180
267
  @manual_chains.setter
181
- def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
268
+ def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
182
269
  pulumi.set(self, "manual_chains", value)
183
270
 
184
271
  @property
185
272
  @pulumi.getter
186
- def namespace(self) -> Optional[pulumi.Input[str]]:
273
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
187
274
  """
188
275
  The namespace to provision the resource in.
189
276
  The value should not contain leading or trailing forward slashes.
@@ -193,24 +280,24 @@ class SecretBackendIssuerArgs:
193
280
  return pulumi.get(self, "namespace")
194
281
 
195
282
  @namespace.setter
196
- def namespace(self, value: Optional[pulumi.Input[str]]):
283
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
197
284
  pulumi.set(self, "namespace", value)
198
285
 
199
286
  @property
200
287
  @pulumi.getter(name="ocspServers")
201
- def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
288
+ def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
202
289
  """
203
290
  Specifies the URL values for the OCSP Servers field.
204
291
  """
205
292
  return pulumi.get(self, "ocsp_servers")
206
293
 
207
294
  @ocsp_servers.setter
208
- def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
295
+ def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
209
296
  pulumi.set(self, "ocsp_servers", value)
210
297
 
211
298
  @property
212
299
  @pulumi.getter(name="revocationSignatureAlgorithm")
213
- def revocation_signature_algorithm(self) -> Optional[pulumi.Input[str]]:
300
+ def revocation_signature_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
214
301
  """
215
302
  Which signature algorithm to use
216
303
  when building CRLs.
@@ -218,68 +305,95 @@ class SecretBackendIssuerArgs:
218
305
  return pulumi.get(self, "revocation_signature_algorithm")
219
306
 
220
307
  @revocation_signature_algorithm.setter
221
- def revocation_signature_algorithm(self, value: Optional[pulumi.Input[str]]):
308
+ def revocation_signature_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
222
309
  pulumi.set(self, "revocation_signature_algorithm", value)
223
310
 
224
311
  @property
225
312
  @pulumi.getter
226
- def usage(self) -> Optional[pulumi.Input[str]]:
313
+ def usage(self) -> Optional[pulumi.Input[builtins.str]]:
227
314
  """
228
315
  Allowed usages for this issuer.
229
316
  """
230
317
  return pulumi.get(self, "usage")
231
318
 
232
319
  @usage.setter
233
- def usage(self, value: Optional[pulumi.Input[str]]):
320
+ def usage(self, value: Optional[pulumi.Input[builtins.str]]):
234
321
  pulumi.set(self, "usage", value)
235
322
 
236
323
 
237
324
  @pulumi.input_type
238
325
  class _SecretBackendIssuerState:
239
326
  def __init__(__self__, *,
240
- backend: Optional[pulumi.Input[str]] = None,
241
- crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
242
- enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
243
- issuer_id: Optional[pulumi.Input[str]] = None,
244
- issuer_name: Optional[pulumi.Input[str]] = None,
245
- issuer_ref: Optional[pulumi.Input[str]] = None,
246
- issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
247
- leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
248
- manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
249
- namespace: Optional[pulumi.Input[str]] = None,
250
- ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
251
- revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
252
- usage: Optional[pulumi.Input[str]] = None):
327
+ backend: Optional[pulumi.Input[builtins.str]] = None,
328
+ crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
329
+ disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
330
+ disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
331
+ disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
332
+ disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
333
+ enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
334
+ issuer_id: Optional[pulumi.Input[builtins.str]] = None,
335
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
336
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
337
+ issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
338
+ leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
339
+ manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
340
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
341
+ ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
342
+ revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
343
+ usage: Optional[pulumi.Input[builtins.str]] = None):
253
344
  """
254
345
  Input properties used for looking up and filtering SecretBackendIssuer resources.
255
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
346
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
256
347
  leading or trailing `/`s.
257
- :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
348
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
258
349
  Distribution Points field.
259
- :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
350
+ :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
351
+ issuer is able to issue certificates where the chain of trust (including the
352
+ issued certificate) contain critical extensions not processed by Vault.
353
+ :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
354
+ to issue certificates where the chain of trust (including the final issued
355
+ certificate) contains a link in which the subject of the issuing certificate
356
+ does not match the named issuer of the certificate it signed.
357
+ :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
358
+ issuer is able to issue certificates where the chain of trust (including the
359
+ final issued certificate) violates the name constraints critical extension of
360
+ one of the issuer certificates in the chain.
361
+ :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
362
+ is able to issue certificates where the chain of trust (including the final
363
+ issued certificate) is longer than allowed by a certificate authority in that
364
+ chain.
365
+ :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
260
366
  be templated.
261
- :param pulumi.Input[str] issuer_id: ID of the issuer.
262
- :param pulumi.Input[str] issuer_name: Name of the issuer.
263
- :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
264
- :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
367
+ :param pulumi.Input[builtins.str] issuer_id: ID of the issuer.
368
+ :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
369
+ :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
370
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
265
371
  Certificate field.
266
- :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
372
+ :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
267
373
  issuance.
268
- :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
374
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
269
375
  computed CAChain field from, when non-empty.
270
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
376
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
271
377
  The value should not contain leading or trailing forward slashes.
272
378
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
273
379
  *Available only for Vault Enterprise*.
274
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
275
- :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
380
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
381
+ :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
276
382
  when building CRLs.
277
- :param pulumi.Input[str] usage: Allowed usages for this issuer.
383
+ :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
278
384
  """
279
385
  if backend is not None:
280
386
  pulumi.set(__self__, "backend", backend)
281
387
  if crl_distribution_points is not None:
282
388
  pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
389
+ if disable_critical_extension_checks is not None:
390
+ pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
391
+ if disable_name_checks is not None:
392
+ pulumi.set(__self__, "disable_name_checks", disable_name_checks)
393
+ if disable_name_constraint_checks is not None:
394
+ pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
395
+ if disable_path_length_checks is not None:
396
+ pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
283
397
  if enable_aia_url_templating is not None:
284
398
  pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
285
399
  if issuer_id is not None:
@@ -305,7 +419,7 @@ class _SecretBackendIssuerState:
305
419
 
306
420
  @property
307
421
  @pulumi.getter
308
- def backend(self) -> Optional[pulumi.Input[str]]:
422
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
309
423
  """
310
424
  The path the PKI secret backend is mounted at, with no
311
425
  leading or trailing `/`s.
@@ -313,12 +427,12 @@ class _SecretBackendIssuerState:
313
427
  return pulumi.get(self, "backend")
314
428
 
315
429
  @backend.setter
316
- def backend(self, value: Optional[pulumi.Input[str]]):
430
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
317
431
  pulumi.set(self, "backend", value)
318
432
 
319
433
  @property
320
434
  @pulumi.getter(name="crlDistributionPoints")
321
- def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
435
+ def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
322
436
  """
323
437
  Specifies the URL values for the CRL
324
438
  Distribution Points field.
@@ -326,12 +440,71 @@ class _SecretBackendIssuerState:
326
440
  return pulumi.get(self, "crl_distribution_points")
327
441
 
328
442
  @crl_distribution_points.setter
329
- def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
443
+ def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
330
444
  pulumi.set(self, "crl_distribution_points", value)
331
445
 
446
+ @property
447
+ @pulumi.getter(name="disableCriticalExtensionChecks")
448
+ def disable_critical_extension_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
449
+ """
450
+ This determines whether this
451
+ issuer is able to issue certificates where the chain of trust (including the
452
+ issued certificate) contain critical extensions not processed by Vault.
453
+ """
454
+ return pulumi.get(self, "disable_critical_extension_checks")
455
+
456
+ @disable_critical_extension_checks.setter
457
+ def disable_critical_extension_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
458
+ pulumi.set(self, "disable_critical_extension_checks", value)
459
+
460
+ @property
461
+ @pulumi.getter(name="disableNameChecks")
462
+ def disable_name_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
463
+ """
464
+ This determines whether this issuer is able
465
+ to issue certificates where the chain of trust (including the final issued
466
+ certificate) contains a link in which the subject of the issuing certificate
467
+ does not match the named issuer of the certificate it signed.
468
+ """
469
+ return pulumi.get(self, "disable_name_checks")
470
+
471
+ @disable_name_checks.setter
472
+ def disable_name_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
473
+ pulumi.set(self, "disable_name_checks", value)
474
+
475
+ @property
476
+ @pulumi.getter(name="disableNameConstraintChecks")
477
+ def disable_name_constraint_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
478
+ """
479
+ This determines whether this
480
+ issuer is able to issue certificates where the chain of trust (including the
481
+ final issued certificate) violates the name constraints critical extension of
482
+ one of the issuer certificates in the chain.
483
+ """
484
+ return pulumi.get(self, "disable_name_constraint_checks")
485
+
486
+ @disable_name_constraint_checks.setter
487
+ def disable_name_constraint_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
488
+ pulumi.set(self, "disable_name_constraint_checks", value)
489
+
490
+ @property
491
+ @pulumi.getter(name="disablePathLengthChecks")
492
+ def disable_path_length_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
493
+ """
494
+ This determines whether this issuer
495
+ is able to issue certificates where the chain of trust (including the final
496
+ issued certificate) is longer than allowed by a certificate authority in that
497
+ chain.
498
+ """
499
+ return pulumi.get(self, "disable_path_length_checks")
500
+
501
+ @disable_path_length_checks.setter
502
+ def disable_path_length_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
503
+ pulumi.set(self, "disable_path_length_checks", value)
504
+
332
505
  @property
333
506
  @pulumi.getter(name="enableAiaUrlTemplating")
334
- def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
507
+ def enable_aia_url_templating(self) -> Optional[pulumi.Input[builtins.bool]]:
335
508
  """
336
509
  Specifies that the AIA URL values should
337
510
  be templated.
@@ -339,48 +512,48 @@ class _SecretBackendIssuerState:
339
512
  return pulumi.get(self, "enable_aia_url_templating")
340
513
 
341
514
  @enable_aia_url_templating.setter
342
- def enable_aia_url_templating(self, value: Optional[pulumi.Input[bool]]):
515
+ def enable_aia_url_templating(self, value: Optional[pulumi.Input[builtins.bool]]):
343
516
  pulumi.set(self, "enable_aia_url_templating", value)
344
517
 
345
518
  @property
346
519
  @pulumi.getter(name="issuerId")
347
- def issuer_id(self) -> Optional[pulumi.Input[str]]:
520
+ def issuer_id(self) -> Optional[pulumi.Input[builtins.str]]:
348
521
  """
349
522
  ID of the issuer.
350
523
  """
351
524
  return pulumi.get(self, "issuer_id")
352
525
 
353
526
  @issuer_id.setter
354
- def issuer_id(self, value: Optional[pulumi.Input[str]]):
527
+ def issuer_id(self, value: Optional[pulumi.Input[builtins.str]]):
355
528
  pulumi.set(self, "issuer_id", value)
356
529
 
357
530
  @property
358
531
  @pulumi.getter(name="issuerName")
359
- def issuer_name(self) -> Optional[pulumi.Input[str]]:
532
+ def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
360
533
  """
361
534
  Name of the issuer.
362
535
  """
363
536
  return pulumi.get(self, "issuer_name")
364
537
 
365
538
  @issuer_name.setter
366
- def issuer_name(self, value: Optional[pulumi.Input[str]]):
539
+ def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
367
540
  pulumi.set(self, "issuer_name", value)
368
541
 
369
542
  @property
370
543
  @pulumi.getter(name="issuerRef")
371
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
544
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
372
545
  """
373
546
  Reference to an existing issuer.
374
547
  """
375
548
  return pulumi.get(self, "issuer_ref")
376
549
 
377
550
  @issuer_ref.setter
378
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
551
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
379
552
  pulumi.set(self, "issuer_ref", value)
380
553
 
381
554
  @property
382
555
  @pulumi.getter(name="issuingCertificates")
383
- def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
556
+ def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
384
557
  """
385
558
  Specifies the URL values for the Issuing
386
559
  Certificate field.
@@ -388,12 +561,12 @@ class _SecretBackendIssuerState:
388
561
  return pulumi.get(self, "issuing_certificates")
389
562
 
390
563
  @issuing_certificates.setter
391
- def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
564
+ def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
392
565
  pulumi.set(self, "issuing_certificates", value)
393
566
 
394
567
  @property
395
568
  @pulumi.getter(name="leafNotAfterBehavior")
396
- def leaf_not_after_behavior(self) -> Optional[pulumi.Input[str]]:
569
+ def leaf_not_after_behavior(self) -> Optional[pulumi.Input[builtins.str]]:
397
570
  """
398
571
  Behavior of a leaf's NotAfter field during
399
572
  issuance.
@@ -401,12 +574,12 @@ class _SecretBackendIssuerState:
401
574
  return pulumi.get(self, "leaf_not_after_behavior")
402
575
 
403
576
  @leaf_not_after_behavior.setter
404
- def leaf_not_after_behavior(self, value: Optional[pulumi.Input[str]]):
577
+ def leaf_not_after_behavior(self, value: Optional[pulumi.Input[builtins.str]]):
405
578
  pulumi.set(self, "leaf_not_after_behavior", value)
406
579
 
407
580
  @property
408
581
  @pulumi.getter(name="manualChains")
409
- def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
582
+ def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
410
583
  """
411
584
  Chain of issuer references to build this issuer's
412
585
  computed CAChain field from, when non-empty.
@@ -414,12 +587,12 @@ class _SecretBackendIssuerState:
414
587
  return pulumi.get(self, "manual_chains")
415
588
 
416
589
  @manual_chains.setter
417
- def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
590
+ def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
418
591
  pulumi.set(self, "manual_chains", value)
419
592
 
420
593
  @property
421
594
  @pulumi.getter
422
- def namespace(self) -> Optional[pulumi.Input[str]]:
595
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
423
596
  """
424
597
  The namespace to provision the resource in.
425
598
  The value should not contain leading or trailing forward slashes.
@@ -429,24 +602,24 @@ class _SecretBackendIssuerState:
429
602
  return pulumi.get(self, "namespace")
430
603
 
431
604
  @namespace.setter
432
- def namespace(self, value: Optional[pulumi.Input[str]]):
605
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
433
606
  pulumi.set(self, "namespace", value)
434
607
 
435
608
  @property
436
609
  @pulumi.getter(name="ocspServers")
437
- def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
610
+ def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
438
611
  """
439
612
  Specifies the URL values for the OCSP Servers field.
440
613
  """
441
614
  return pulumi.get(self, "ocsp_servers")
442
615
 
443
616
  @ocsp_servers.setter
444
- def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
617
+ def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
445
618
  pulumi.set(self, "ocsp_servers", value)
446
619
 
447
620
  @property
448
621
  @pulumi.getter(name="revocationSignatureAlgorithm")
449
- def revocation_signature_algorithm(self) -> Optional[pulumi.Input[str]]:
622
+ def revocation_signature_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
450
623
  """
451
624
  Which signature algorithm to use
452
625
  when building CRLs.
@@ -454,19 +627,19 @@ class _SecretBackendIssuerState:
454
627
  return pulumi.get(self, "revocation_signature_algorithm")
455
628
 
456
629
  @revocation_signature_algorithm.setter
457
- def revocation_signature_algorithm(self, value: Optional[pulumi.Input[str]]):
630
+ def revocation_signature_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
458
631
  pulumi.set(self, "revocation_signature_algorithm", value)
459
632
 
460
633
  @property
461
634
  @pulumi.getter
462
- def usage(self) -> Optional[pulumi.Input[str]]:
635
+ def usage(self) -> Optional[pulumi.Input[builtins.str]]:
463
636
  """
464
637
  Allowed usages for this issuer.
465
638
  """
466
639
  return pulumi.get(self, "usage")
467
640
 
468
641
  @usage.setter
469
- def usage(self, value: Optional[pulumi.Input[str]]):
642
+ def usage(self, value: Optional[pulumi.Input[builtins.str]]):
470
643
  pulumi.set(self, "usage", value)
471
644
 
472
645
 
@@ -475,18 +648,22 @@ class SecretBackendIssuer(pulumi.CustomResource):
475
648
  def __init__(__self__,
476
649
  resource_name: str,
477
650
  opts: Optional[pulumi.ResourceOptions] = None,
478
- backend: Optional[pulumi.Input[str]] = None,
479
- crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
480
- enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
481
- issuer_name: Optional[pulumi.Input[str]] = None,
482
- issuer_ref: Optional[pulumi.Input[str]] = None,
483
- issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
484
- leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
485
- manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
486
- namespace: Optional[pulumi.Input[str]] = None,
487
- ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
488
- revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
489
- usage: Optional[pulumi.Input[str]] = None,
651
+ backend: Optional[pulumi.Input[builtins.str]] = None,
652
+ crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
653
+ disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
654
+ disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
655
+ disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
656
+ disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
657
+ enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
658
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
659
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
660
+ issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
661
+ leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
662
+ manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
663
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
664
+ ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
665
+ revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
666
+ usage: Optional[pulumi.Input[builtins.str]] = None,
490
667
  __props__=None):
491
668
  """
492
669
  ## Example Usage
@@ -521,28 +698,43 @@ class SecretBackendIssuer(pulumi.CustomResource):
521
698
 
522
699
  :param str resource_name: The name of the resource.
523
700
  :param pulumi.ResourceOptions opts: Options for the resource.
524
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
701
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
525
702
  leading or trailing `/`s.
526
- :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
703
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
527
704
  Distribution Points field.
528
- :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
705
+ :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
706
+ issuer is able to issue certificates where the chain of trust (including the
707
+ issued certificate) contain critical extensions not processed by Vault.
708
+ :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
709
+ to issue certificates where the chain of trust (including the final issued
710
+ certificate) contains a link in which the subject of the issuing certificate
711
+ does not match the named issuer of the certificate it signed.
712
+ :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
713
+ issuer is able to issue certificates where the chain of trust (including the
714
+ final issued certificate) violates the name constraints critical extension of
715
+ one of the issuer certificates in the chain.
716
+ :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
717
+ is able to issue certificates where the chain of trust (including the final
718
+ issued certificate) is longer than allowed by a certificate authority in that
719
+ chain.
720
+ :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
529
721
  be templated.
530
- :param pulumi.Input[str] issuer_name: Name of the issuer.
531
- :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
532
- :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
722
+ :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
723
+ :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
724
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
533
725
  Certificate field.
534
- :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
726
+ :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
535
727
  issuance.
536
- :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
728
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
537
729
  computed CAChain field from, when non-empty.
538
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
730
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
539
731
  The value should not contain leading or trailing forward slashes.
540
732
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
541
733
  *Available only for Vault Enterprise*.
542
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
543
- :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
734
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
735
+ :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
544
736
  when building CRLs.
545
- :param pulumi.Input[str] usage: Allowed usages for this issuer.
737
+ :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
546
738
  """
547
739
  ...
548
740
  @overload
@@ -596,18 +788,22 @@ class SecretBackendIssuer(pulumi.CustomResource):
596
788
  def _internal_init(__self__,
597
789
  resource_name: str,
598
790
  opts: Optional[pulumi.ResourceOptions] = None,
599
- backend: Optional[pulumi.Input[str]] = None,
600
- crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
601
- enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
602
- issuer_name: Optional[pulumi.Input[str]] = None,
603
- issuer_ref: Optional[pulumi.Input[str]] = None,
604
- issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
605
- leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
606
- manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
607
- namespace: Optional[pulumi.Input[str]] = None,
608
- ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
609
- revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
610
- usage: Optional[pulumi.Input[str]] = None,
791
+ backend: Optional[pulumi.Input[builtins.str]] = None,
792
+ crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
793
+ disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
794
+ disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
795
+ disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
796
+ disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
797
+ enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
798
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
799
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
800
+ issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
801
+ leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
802
+ manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
803
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
804
+ ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
805
+ revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
806
+ usage: Optional[pulumi.Input[builtins.str]] = None,
611
807
  __props__=None):
612
808
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
613
809
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -621,6 +817,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
621
817
  raise TypeError("Missing required property 'backend'")
622
818
  __props__.__dict__["backend"] = backend
623
819
  __props__.__dict__["crl_distribution_points"] = crl_distribution_points
820
+ __props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
821
+ __props__.__dict__["disable_name_checks"] = disable_name_checks
822
+ __props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
823
+ __props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
624
824
  __props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
625
825
  __props__.__dict__["issuer_name"] = issuer_name
626
826
  if issuer_ref is None and not opts.urn:
@@ -644,19 +844,23 @@ class SecretBackendIssuer(pulumi.CustomResource):
644
844
  def get(resource_name: str,
645
845
  id: pulumi.Input[str],
646
846
  opts: Optional[pulumi.ResourceOptions] = None,
647
- backend: Optional[pulumi.Input[str]] = None,
648
- crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
649
- enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
650
- issuer_id: Optional[pulumi.Input[str]] = None,
651
- issuer_name: Optional[pulumi.Input[str]] = None,
652
- issuer_ref: Optional[pulumi.Input[str]] = None,
653
- issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
654
- leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
655
- manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
656
- namespace: Optional[pulumi.Input[str]] = None,
657
- ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
658
- revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
659
- usage: Optional[pulumi.Input[str]] = None) -> 'SecretBackendIssuer':
847
+ backend: Optional[pulumi.Input[builtins.str]] = None,
848
+ crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
849
+ disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
850
+ disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
851
+ disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
852
+ disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
853
+ enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
854
+ issuer_id: Optional[pulumi.Input[builtins.str]] = None,
855
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
856
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
857
+ issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
858
+ leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
859
+ manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
860
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
861
+ ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
862
+ revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
863
+ usage: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendIssuer':
660
864
  """
661
865
  Get an existing SecretBackendIssuer resource's state with the given name, id, and optional extra
662
866
  properties used to qualify the lookup.
@@ -664,29 +868,44 @@ class SecretBackendIssuer(pulumi.CustomResource):
664
868
  :param str resource_name: The unique name of the resulting resource.
665
869
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
666
870
  :param pulumi.ResourceOptions opts: Options for the resource.
667
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
871
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
668
872
  leading or trailing `/`s.
669
- :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
873
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
670
874
  Distribution Points field.
671
- :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
875
+ :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
876
+ issuer is able to issue certificates where the chain of trust (including the
877
+ issued certificate) contain critical extensions not processed by Vault.
878
+ :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
879
+ to issue certificates where the chain of trust (including the final issued
880
+ certificate) contains a link in which the subject of the issuing certificate
881
+ does not match the named issuer of the certificate it signed.
882
+ :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
883
+ issuer is able to issue certificates where the chain of trust (including the
884
+ final issued certificate) violates the name constraints critical extension of
885
+ one of the issuer certificates in the chain.
886
+ :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
887
+ is able to issue certificates where the chain of trust (including the final
888
+ issued certificate) is longer than allowed by a certificate authority in that
889
+ chain.
890
+ :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
672
891
  be templated.
673
- :param pulumi.Input[str] issuer_id: ID of the issuer.
674
- :param pulumi.Input[str] issuer_name: Name of the issuer.
675
- :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
676
- :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
892
+ :param pulumi.Input[builtins.str] issuer_id: ID of the issuer.
893
+ :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
894
+ :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
895
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
677
896
  Certificate field.
678
- :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
897
+ :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
679
898
  issuance.
680
- :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
899
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
681
900
  computed CAChain field from, when non-empty.
682
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
901
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
683
902
  The value should not contain leading or trailing forward slashes.
684
903
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
685
904
  *Available only for Vault Enterprise*.
686
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
687
- :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
905
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
906
+ :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
688
907
  when building CRLs.
689
- :param pulumi.Input[str] usage: Allowed usages for this issuer.
908
+ :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
690
909
  """
691
910
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
692
911
 
@@ -694,6 +913,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
694
913
 
695
914
  __props__.__dict__["backend"] = backend
696
915
  __props__.__dict__["crl_distribution_points"] = crl_distribution_points
916
+ __props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
917
+ __props__.__dict__["disable_name_checks"] = disable_name_checks
918
+ __props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
919
+ __props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
697
920
  __props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
698
921
  __props__.__dict__["issuer_id"] = issuer_id
699
922
  __props__.__dict__["issuer_name"] = issuer_name
@@ -709,7 +932,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
709
932
 
710
933
  @property
711
934
  @pulumi.getter
712
- def backend(self) -> pulumi.Output[str]:
935
+ def backend(self) -> pulumi.Output[builtins.str]:
713
936
  """
714
937
  The path the PKI secret backend is mounted at, with no
715
938
  leading or trailing `/`s.
@@ -718,16 +941,59 @@ class SecretBackendIssuer(pulumi.CustomResource):
718
941
 
719
942
  @property
720
943
  @pulumi.getter(name="crlDistributionPoints")
721
- def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[str]]]:
944
+ def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
722
945
  """
723
946
  Specifies the URL values for the CRL
724
947
  Distribution Points field.
725
948
  """
726
949
  return pulumi.get(self, "crl_distribution_points")
727
950
 
951
+ @property
952
+ @pulumi.getter(name="disableCriticalExtensionChecks")
953
+ def disable_critical_extension_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
954
+ """
955
+ This determines whether this
956
+ issuer is able to issue certificates where the chain of trust (including the
957
+ issued certificate) contain critical extensions not processed by Vault.
958
+ """
959
+ return pulumi.get(self, "disable_critical_extension_checks")
960
+
961
+ @property
962
+ @pulumi.getter(name="disableNameChecks")
963
+ def disable_name_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
964
+ """
965
+ This determines whether this issuer is able
966
+ to issue certificates where the chain of trust (including the final issued
967
+ certificate) contains a link in which the subject of the issuing certificate
968
+ does not match the named issuer of the certificate it signed.
969
+ """
970
+ return pulumi.get(self, "disable_name_checks")
971
+
972
+ @property
973
+ @pulumi.getter(name="disableNameConstraintChecks")
974
+ def disable_name_constraint_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
975
+ """
976
+ This determines whether this
977
+ issuer is able to issue certificates where the chain of trust (including the
978
+ final issued certificate) violates the name constraints critical extension of
979
+ one of the issuer certificates in the chain.
980
+ """
981
+ return pulumi.get(self, "disable_name_constraint_checks")
982
+
983
+ @property
984
+ @pulumi.getter(name="disablePathLengthChecks")
985
+ def disable_path_length_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
986
+ """
987
+ This determines whether this issuer
988
+ is able to issue certificates where the chain of trust (including the final
989
+ issued certificate) is longer than allowed by a certificate authority in that
990
+ chain.
991
+ """
992
+ return pulumi.get(self, "disable_path_length_checks")
993
+
728
994
  @property
729
995
  @pulumi.getter(name="enableAiaUrlTemplating")
730
- def enable_aia_url_templating(self) -> pulumi.Output[Optional[bool]]:
996
+ def enable_aia_url_templating(self) -> pulumi.Output[Optional[builtins.bool]]:
731
997
  """
732
998
  Specifies that the AIA URL values should
733
999
  be templated.
@@ -736,7 +1002,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
736
1002
 
737
1003
  @property
738
1004
  @pulumi.getter(name="issuerId")
739
- def issuer_id(self) -> pulumi.Output[str]:
1005
+ def issuer_id(self) -> pulumi.Output[builtins.str]:
740
1006
  """
741
1007
  ID of the issuer.
742
1008
  """
@@ -744,7 +1010,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
744
1010
 
745
1011
  @property
746
1012
  @pulumi.getter(name="issuerName")
747
- def issuer_name(self) -> pulumi.Output[Optional[str]]:
1013
+ def issuer_name(self) -> pulumi.Output[Optional[builtins.str]]:
748
1014
  """
749
1015
  Name of the issuer.
750
1016
  """
@@ -752,7 +1018,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
752
1018
 
753
1019
  @property
754
1020
  @pulumi.getter(name="issuerRef")
755
- def issuer_ref(self) -> pulumi.Output[str]:
1021
+ def issuer_ref(self) -> pulumi.Output[builtins.str]:
756
1022
  """
757
1023
  Reference to an existing issuer.
758
1024
  """
@@ -760,7 +1026,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
760
1026
 
761
1027
  @property
762
1028
  @pulumi.getter(name="issuingCertificates")
763
- def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[str]]]:
1029
+ def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
764
1030
  """
765
1031
  Specifies the URL values for the Issuing
766
1032
  Certificate field.
@@ -769,7 +1035,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
769
1035
 
770
1036
  @property
771
1037
  @pulumi.getter(name="leafNotAfterBehavior")
772
- def leaf_not_after_behavior(self) -> pulumi.Output[str]:
1038
+ def leaf_not_after_behavior(self) -> pulumi.Output[builtins.str]:
773
1039
  """
774
1040
  Behavior of a leaf's NotAfter field during
775
1041
  issuance.
@@ -778,7 +1044,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
778
1044
 
779
1045
  @property
780
1046
  @pulumi.getter(name="manualChains")
781
- def manual_chains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1047
+ def manual_chains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
782
1048
  """
783
1049
  Chain of issuer references to build this issuer's
784
1050
  computed CAChain field from, when non-empty.
@@ -787,7 +1053,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
787
1053
 
788
1054
  @property
789
1055
  @pulumi.getter
790
- def namespace(self) -> pulumi.Output[Optional[str]]:
1056
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
791
1057
  """
792
1058
  The namespace to provision the resource in.
793
1059
  The value should not contain leading or trailing forward slashes.
@@ -798,7 +1064,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
798
1064
 
799
1065
  @property
800
1066
  @pulumi.getter(name="ocspServers")
801
- def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[str]]]:
1067
+ def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
802
1068
  """
803
1069
  Specifies the URL values for the OCSP Servers field.
804
1070
  """
@@ -806,7 +1072,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
806
1072
 
807
1073
  @property
808
1074
  @pulumi.getter(name="revocationSignatureAlgorithm")
809
- def revocation_signature_algorithm(self) -> pulumi.Output[str]:
1075
+ def revocation_signature_algorithm(self) -> pulumi.Output[builtins.str]:
810
1076
  """
811
1077
  Which signature algorithm to use
812
1078
  when building CRLs.
@@ -815,7 +1081,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
815
1081
 
816
1082
  @property
817
1083
  @pulumi.getter
818
- def usage(self) -> pulumi.Output[str]:
1084
+ def usage(self) -> pulumi.Output[builtins.str]:
819
1085
  """
820
1086
  Allowed usages for this issuer.
821
1087
  """