pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,47 +20,74 @@ __all__ = ['SecretBackendIssuerArgs', 'SecretBackendIssuer']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendIssuerArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
issuer_ref: pulumi.Input[str],
|
24
|
-
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
issuer_ref: pulumi.Input[builtins.str],
|
25
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
28
|
+
disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
issuer_name: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
33
|
+
leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
35
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
37
|
+
revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
38
|
+
usage: Optional[pulumi.Input[builtins.str]] = None):
|
34
39
|
"""
|
35
40
|
The set of arguments for constructing a SecretBackendIssuer resource.
|
36
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
|
41
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
37
42
|
leading or trailing `/`s.
|
38
|
-
:param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
|
39
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
43
|
+
:param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
|
44
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
40
45
|
Distribution Points field.
|
41
|
-
:param pulumi.Input[bool]
|
46
|
+
:param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
|
47
|
+
issuer is able to issue certificates where the chain of trust (including the
|
48
|
+
issued certificate) contain critical extensions not processed by Vault.
|
49
|
+
:param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
|
50
|
+
to issue certificates where the chain of trust (including the final issued
|
51
|
+
certificate) contains a link in which the subject of the issuing certificate
|
52
|
+
does not match the named issuer of the certificate it signed.
|
53
|
+
:param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
|
54
|
+
issuer is able to issue certificates where the chain of trust (including the
|
55
|
+
final issued certificate) violates the name constraints critical extension of
|
56
|
+
one of the issuer certificates in the chain.
|
57
|
+
:param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
|
58
|
+
is able to issue certificates where the chain of trust (including the final
|
59
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
60
|
+
chain.
|
61
|
+
:param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
42
62
|
be templated.
|
43
|
-
:param pulumi.Input[str] issuer_name: Name of the issuer.
|
44
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
|
63
|
+
:param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
|
64
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
45
65
|
Certificate field.
|
46
|
-
:param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
66
|
+
:param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
47
67
|
issuance.
|
48
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
49
69
|
computed CAChain field from, when non-empty.
|
50
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
70
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
51
71
|
The value should not contain leading or trailing forward slashes.
|
52
72
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
53
73
|
*Available only for Vault Enterprise*.
|
54
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
55
|
-
:param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
|
74
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
75
|
+
:param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
56
76
|
when building CRLs.
|
57
|
-
:param pulumi.Input[str] usage: Allowed usages for this issuer.
|
77
|
+
:param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
|
58
78
|
"""
|
59
79
|
pulumi.set(__self__, "backend", backend)
|
60
80
|
pulumi.set(__self__, "issuer_ref", issuer_ref)
|
61
81
|
if crl_distribution_points is not None:
|
62
82
|
pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
|
83
|
+
if disable_critical_extension_checks is not None:
|
84
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
85
|
+
if disable_name_checks is not None:
|
86
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
87
|
+
if disable_name_constraint_checks is not None:
|
88
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
89
|
+
if disable_path_length_checks is not None:
|
90
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
63
91
|
if enable_aia_url_templating is not None:
|
64
92
|
pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
|
65
93
|
if issuer_name is not None:
|
@@ -81,7 +109,7 @@ class SecretBackendIssuerArgs:
|
|
81
109
|
|
82
110
|
@property
|
83
111
|
@pulumi.getter
|
84
|
-
def backend(self) -> pulumi.Input[str]:
|
112
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
85
113
|
"""
|
86
114
|
The path the PKI secret backend is mounted at, with no
|
87
115
|
leading or trailing `/`s.
|
@@ -89,24 +117,24 @@ class SecretBackendIssuerArgs:
|
|
89
117
|
return pulumi.get(self, "backend")
|
90
118
|
|
91
119
|
@backend.setter
|
92
|
-
def backend(self, value: pulumi.Input[str]):
|
120
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
93
121
|
pulumi.set(self, "backend", value)
|
94
122
|
|
95
123
|
@property
|
96
124
|
@pulumi.getter(name="issuerRef")
|
97
|
-
def issuer_ref(self) -> pulumi.Input[str]:
|
125
|
+
def issuer_ref(self) -> pulumi.Input[builtins.str]:
|
98
126
|
"""
|
99
127
|
Reference to an existing issuer.
|
100
128
|
"""
|
101
129
|
return pulumi.get(self, "issuer_ref")
|
102
130
|
|
103
131
|
@issuer_ref.setter
|
104
|
-
def issuer_ref(self, value: pulumi.Input[str]):
|
132
|
+
def issuer_ref(self, value: pulumi.Input[builtins.str]):
|
105
133
|
pulumi.set(self, "issuer_ref", value)
|
106
134
|
|
107
135
|
@property
|
108
136
|
@pulumi.getter(name="crlDistributionPoints")
|
109
|
-
def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
137
|
+
def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
110
138
|
"""
|
111
139
|
Specifies the URL values for the CRL
|
112
140
|
Distribution Points field.
|
@@ -114,12 +142,71 @@ class SecretBackendIssuerArgs:
|
|
114
142
|
return pulumi.get(self, "crl_distribution_points")
|
115
143
|
|
116
144
|
@crl_distribution_points.setter
|
117
|
-
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
145
|
+
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
118
146
|
pulumi.set(self, "crl_distribution_points", value)
|
119
147
|
|
148
|
+
@property
|
149
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
150
|
+
def disable_critical_extension_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
151
|
+
"""
|
152
|
+
This determines whether this
|
153
|
+
issuer is able to issue certificates where the chain of trust (including the
|
154
|
+
issued certificate) contain critical extensions not processed by Vault.
|
155
|
+
"""
|
156
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
157
|
+
|
158
|
+
@disable_critical_extension_checks.setter
|
159
|
+
def disable_critical_extension_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
160
|
+
pulumi.set(self, "disable_critical_extension_checks", value)
|
161
|
+
|
162
|
+
@property
|
163
|
+
@pulumi.getter(name="disableNameChecks")
|
164
|
+
def disable_name_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
165
|
+
"""
|
166
|
+
This determines whether this issuer is able
|
167
|
+
to issue certificates where the chain of trust (including the final issued
|
168
|
+
certificate) contains a link in which the subject of the issuing certificate
|
169
|
+
does not match the named issuer of the certificate it signed.
|
170
|
+
"""
|
171
|
+
return pulumi.get(self, "disable_name_checks")
|
172
|
+
|
173
|
+
@disable_name_checks.setter
|
174
|
+
def disable_name_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
175
|
+
pulumi.set(self, "disable_name_checks", value)
|
176
|
+
|
177
|
+
@property
|
178
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
179
|
+
def disable_name_constraint_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
180
|
+
"""
|
181
|
+
This determines whether this
|
182
|
+
issuer is able to issue certificates where the chain of trust (including the
|
183
|
+
final issued certificate) violates the name constraints critical extension of
|
184
|
+
one of the issuer certificates in the chain.
|
185
|
+
"""
|
186
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
187
|
+
|
188
|
+
@disable_name_constraint_checks.setter
|
189
|
+
def disable_name_constraint_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
190
|
+
pulumi.set(self, "disable_name_constraint_checks", value)
|
191
|
+
|
192
|
+
@property
|
193
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
194
|
+
def disable_path_length_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
195
|
+
"""
|
196
|
+
This determines whether this issuer
|
197
|
+
is able to issue certificates where the chain of trust (including the final
|
198
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
199
|
+
chain.
|
200
|
+
"""
|
201
|
+
return pulumi.get(self, "disable_path_length_checks")
|
202
|
+
|
203
|
+
@disable_path_length_checks.setter
|
204
|
+
def disable_path_length_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
205
|
+
pulumi.set(self, "disable_path_length_checks", value)
|
206
|
+
|
120
207
|
@property
|
121
208
|
@pulumi.getter(name="enableAiaUrlTemplating")
|
122
|
-
def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
|
209
|
+
def enable_aia_url_templating(self) -> Optional[pulumi.Input[builtins.bool]]:
|
123
210
|
"""
|
124
211
|
Specifies that the AIA URL values should
|
125
212
|
be templated.
|
@@ -127,24 +214,24 @@ class SecretBackendIssuerArgs:
|
|
127
214
|
return pulumi.get(self, "enable_aia_url_templating")
|
128
215
|
|
129
216
|
@enable_aia_url_templating.setter
|
130
|
-
def enable_aia_url_templating(self, value: Optional[pulumi.Input[bool]]):
|
217
|
+
def enable_aia_url_templating(self, value: Optional[pulumi.Input[builtins.bool]]):
|
131
218
|
pulumi.set(self, "enable_aia_url_templating", value)
|
132
219
|
|
133
220
|
@property
|
134
221
|
@pulumi.getter(name="issuerName")
|
135
|
-
def issuer_name(self) -> Optional[pulumi.Input[str]]:
|
222
|
+
def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
136
223
|
"""
|
137
224
|
Name of the issuer.
|
138
225
|
"""
|
139
226
|
return pulumi.get(self, "issuer_name")
|
140
227
|
|
141
228
|
@issuer_name.setter
|
142
|
-
def issuer_name(self, value: Optional[pulumi.Input[str]]):
|
229
|
+
def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
143
230
|
pulumi.set(self, "issuer_name", value)
|
144
231
|
|
145
232
|
@property
|
146
233
|
@pulumi.getter(name="issuingCertificates")
|
147
|
-
def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
234
|
+
def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
148
235
|
"""
|
149
236
|
Specifies the URL values for the Issuing
|
150
237
|
Certificate field.
|
@@ -152,12 +239,12 @@ class SecretBackendIssuerArgs:
|
|
152
239
|
return pulumi.get(self, "issuing_certificates")
|
153
240
|
|
154
241
|
@issuing_certificates.setter
|
155
|
-
def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
242
|
+
def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
156
243
|
pulumi.set(self, "issuing_certificates", value)
|
157
244
|
|
158
245
|
@property
|
159
246
|
@pulumi.getter(name="leafNotAfterBehavior")
|
160
|
-
def leaf_not_after_behavior(self) -> Optional[pulumi.Input[str]]:
|
247
|
+
def leaf_not_after_behavior(self) -> Optional[pulumi.Input[builtins.str]]:
|
161
248
|
"""
|
162
249
|
Behavior of a leaf's NotAfter field during
|
163
250
|
issuance.
|
@@ -165,12 +252,12 @@ class SecretBackendIssuerArgs:
|
|
165
252
|
return pulumi.get(self, "leaf_not_after_behavior")
|
166
253
|
|
167
254
|
@leaf_not_after_behavior.setter
|
168
|
-
def leaf_not_after_behavior(self, value: Optional[pulumi.Input[str]]):
|
255
|
+
def leaf_not_after_behavior(self, value: Optional[pulumi.Input[builtins.str]]):
|
169
256
|
pulumi.set(self, "leaf_not_after_behavior", value)
|
170
257
|
|
171
258
|
@property
|
172
259
|
@pulumi.getter(name="manualChains")
|
173
|
-
def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
260
|
+
def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
174
261
|
"""
|
175
262
|
Chain of issuer references to build this issuer's
|
176
263
|
computed CAChain field from, when non-empty.
|
@@ -178,12 +265,12 @@ class SecretBackendIssuerArgs:
|
|
178
265
|
return pulumi.get(self, "manual_chains")
|
179
266
|
|
180
267
|
@manual_chains.setter
|
181
|
-
def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
268
|
+
def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
182
269
|
pulumi.set(self, "manual_chains", value)
|
183
270
|
|
184
271
|
@property
|
185
272
|
@pulumi.getter
|
186
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
273
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
187
274
|
"""
|
188
275
|
The namespace to provision the resource in.
|
189
276
|
The value should not contain leading or trailing forward slashes.
|
@@ -193,24 +280,24 @@ class SecretBackendIssuerArgs:
|
|
193
280
|
return pulumi.get(self, "namespace")
|
194
281
|
|
195
282
|
@namespace.setter
|
196
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
283
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
197
284
|
pulumi.set(self, "namespace", value)
|
198
285
|
|
199
286
|
@property
|
200
287
|
@pulumi.getter(name="ocspServers")
|
201
|
-
def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
288
|
+
def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
202
289
|
"""
|
203
290
|
Specifies the URL values for the OCSP Servers field.
|
204
291
|
"""
|
205
292
|
return pulumi.get(self, "ocsp_servers")
|
206
293
|
|
207
294
|
@ocsp_servers.setter
|
208
|
-
def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
295
|
+
def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
209
296
|
pulumi.set(self, "ocsp_servers", value)
|
210
297
|
|
211
298
|
@property
|
212
299
|
@pulumi.getter(name="revocationSignatureAlgorithm")
|
213
|
-
def revocation_signature_algorithm(self) -> Optional[pulumi.Input[str]]:
|
300
|
+
def revocation_signature_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
|
214
301
|
"""
|
215
302
|
Which signature algorithm to use
|
216
303
|
when building CRLs.
|
@@ -218,68 +305,95 @@ class SecretBackendIssuerArgs:
|
|
218
305
|
return pulumi.get(self, "revocation_signature_algorithm")
|
219
306
|
|
220
307
|
@revocation_signature_algorithm.setter
|
221
|
-
def revocation_signature_algorithm(self, value: Optional[pulumi.Input[str]]):
|
308
|
+
def revocation_signature_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
|
222
309
|
pulumi.set(self, "revocation_signature_algorithm", value)
|
223
310
|
|
224
311
|
@property
|
225
312
|
@pulumi.getter
|
226
|
-
def usage(self) -> Optional[pulumi.Input[str]]:
|
313
|
+
def usage(self) -> Optional[pulumi.Input[builtins.str]]:
|
227
314
|
"""
|
228
315
|
Allowed usages for this issuer.
|
229
316
|
"""
|
230
317
|
return pulumi.get(self, "usage")
|
231
318
|
|
232
319
|
@usage.setter
|
233
|
-
def usage(self, value: Optional[pulumi.Input[str]]):
|
320
|
+
def usage(self, value: Optional[pulumi.Input[builtins.str]]):
|
234
321
|
pulumi.set(self, "usage", value)
|
235
322
|
|
236
323
|
|
237
324
|
@pulumi.input_type
|
238
325
|
class _SecretBackendIssuerState:
|
239
326
|
def __init__(__self__, *,
|
240
|
-
backend: Optional[pulumi.Input[str]] = None,
|
241
|
-
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
242
|
-
|
243
|
-
|
244
|
-
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
327
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
328
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
329
|
+
disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
330
|
+
disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
331
|
+
disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
332
|
+
disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
333
|
+
enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
|
334
|
+
issuer_id: Optional[pulumi.Input[builtins.str]] = None,
|
335
|
+
issuer_name: Optional[pulumi.Input[builtins.str]] = None,
|
336
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
337
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
338
|
+
leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
|
339
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
340
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
341
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
342
|
+
revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
343
|
+
usage: Optional[pulumi.Input[builtins.str]] = None):
|
253
344
|
"""
|
254
345
|
Input properties used for looking up and filtering SecretBackendIssuer resources.
|
255
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
|
346
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
256
347
|
leading or trailing `/`s.
|
257
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
348
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
258
349
|
Distribution Points field.
|
259
|
-
:param pulumi.Input[bool]
|
350
|
+
:param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
|
351
|
+
issuer is able to issue certificates where the chain of trust (including the
|
352
|
+
issued certificate) contain critical extensions not processed by Vault.
|
353
|
+
:param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
|
354
|
+
to issue certificates where the chain of trust (including the final issued
|
355
|
+
certificate) contains a link in which the subject of the issuing certificate
|
356
|
+
does not match the named issuer of the certificate it signed.
|
357
|
+
:param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
|
358
|
+
issuer is able to issue certificates where the chain of trust (including the
|
359
|
+
final issued certificate) violates the name constraints critical extension of
|
360
|
+
one of the issuer certificates in the chain.
|
361
|
+
:param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
|
362
|
+
is able to issue certificates where the chain of trust (including the final
|
363
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
364
|
+
chain.
|
365
|
+
:param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
260
366
|
be templated.
|
261
|
-
:param pulumi.Input[str] issuer_id: ID of the issuer.
|
262
|
-
:param pulumi.Input[str] issuer_name: Name of the issuer.
|
263
|
-
:param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
|
264
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
|
367
|
+
:param pulumi.Input[builtins.str] issuer_id: ID of the issuer.
|
368
|
+
:param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
|
369
|
+
:param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
|
370
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
265
371
|
Certificate field.
|
266
|
-
:param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
372
|
+
:param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
267
373
|
issuance.
|
268
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
|
374
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
269
375
|
computed CAChain field from, when non-empty.
|
270
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
376
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
271
377
|
The value should not contain leading or trailing forward slashes.
|
272
378
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
273
379
|
*Available only for Vault Enterprise*.
|
274
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
275
|
-
:param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
|
380
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
381
|
+
:param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
276
382
|
when building CRLs.
|
277
|
-
:param pulumi.Input[str] usage: Allowed usages for this issuer.
|
383
|
+
:param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
|
278
384
|
"""
|
279
385
|
if backend is not None:
|
280
386
|
pulumi.set(__self__, "backend", backend)
|
281
387
|
if crl_distribution_points is not None:
|
282
388
|
pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
|
389
|
+
if disable_critical_extension_checks is not None:
|
390
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
391
|
+
if disable_name_checks is not None:
|
392
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
393
|
+
if disable_name_constraint_checks is not None:
|
394
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
395
|
+
if disable_path_length_checks is not None:
|
396
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
283
397
|
if enable_aia_url_templating is not None:
|
284
398
|
pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
|
285
399
|
if issuer_id is not None:
|
@@ -305,7 +419,7 @@ class _SecretBackendIssuerState:
|
|
305
419
|
|
306
420
|
@property
|
307
421
|
@pulumi.getter
|
308
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
422
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
309
423
|
"""
|
310
424
|
The path the PKI secret backend is mounted at, with no
|
311
425
|
leading or trailing `/`s.
|
@@ -313,12 +427,12 @@ class _SecretBackendIssuerState:
|
|
313
427
|
return pulumi.get(self, "backend")
|
314
428
|
|
315
429
|
@backend.setter
|
316
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
430
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
317
431
|
pulumi.set(self, "backend", value)
|
318
432
|
|
319
433
|
@property
|
320
434
|
@pulumi.getter(name="crlDistributionPoints")
|
321
|
-
def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
435
|
+
def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
322
436
|
"""
|
323
437
|
Specifies the URL values for the CRL
|
324
438
|
Distribution Points field.
|
@@ -326,12 +440,71 @@ class _SecretBackendIssuerState:
|
|
326
440
|
return pulumi.get(self, "crl_distribution_points")
|
327
441
|
|
328
442
|
@crl_distribution_points.setter
|
329
|
-
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
443
|
+
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
330
444
|
pulumi.set(self, "crl_distribution_points", value)
|
331
445
|
|
446
|
+
@property
|
447
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
448
|
+
def disable_critical_extension_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
449
|
+
"""
|
450
|
+
This determines whether this
|
451
|
+
issuer is able to issue certificates where the chain of trust (including the
|
452
|
+
issued certificate) contain critical extensions not processed by Vault.
|
453
|
+
"""
|
454
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
455
|
+
|
456
|
+
@disable_critical_extension_checks.setter
|
457
|
+
def disable_critical_extension_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
458
|
+
pulumi.set(self, "disable_critical_extension_checks", value)
|
459
|
+
|
460
|
+
@property
|
461
|
+
@pulumi.getter(name="disableNameChecks")
|
462
|
+
def disable_name_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
463
|
+
"""
|
464
|
+
This determines whether this issuer is able
|
465
|
+
to issue certificates where the chain of trust (including the final issued
|
466
|
+
certificate) contains a link in which the subject of the issuing certificate
|
467
|
+
does not match the named issuer of the certificate it signed.
|
468
|
+
"""
|
469
|
+
return pulumi.get(self, "disable_name_checks")
|
470
|
+
|
471
|
+
@disable_name_checks.setter
|
472
|
+
def disable_name_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
473
|
+
pulumi.set(self, "disable_name_checks", value)
|
474
|
+
|
475
|
+
@property
|
476
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
477
|
+
def disable_name_constraint_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
478
|
+
"""
|
479
|
+
This determines whether this
|
480
|
+
issuer is able to issue certificates where the chain of trust (including the
|
481
|
+
final issued certificate) violates the name constraints critical extension of
|
482
|
+
one of the issuer certificates in the chain.
|
483
|
+
"""
|
484
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
485
|
+
|
486
|
+
@disable_name_constraint_checks.setter
|
487
|
+
def disable_name_constraint_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
488
|
+
pulumi.set(self, "disable_name_constraint_checks", value)
|
489
|
+
|
490
|
+
@property
|
491
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
492
|
+
def disable_path_length_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
|
493
|
+
"""
|
494
|
+
This determines whether this issuer
|
495
|
+
is able to issue certificates where the chain of trust (including the final
|
496
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
497
|
+
chain.
|
498
|
+
"""
|
499
|
+
return pulumi.get(self, "disable_path_length_checks")
|
500
|
+
|
501
|
+
@disable_path_length_checks.setter
|
502
|
+
def disable_path_length_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
|
503
|
+
pulumi.set(self, "disable_path_length_checks", value)
|
504
|
+
|
332
505
|
@property
|
333
506
|
@pulumi.getter(name="enableAiaUrlTemplating")
|
334
|
-
def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
|
507
|
+
def enable_aia_url_templating(self) -> Optional[pulumi.Input[builtins.bool]]:
|
335
508
|
"""
|
336
509
|
Specifies that the AIA URL values should
|
337
510
|
be templated.
|
@@ -339,48 +512,48 @@ class _SecretBackendIssuerState:
|
|
339
512
|
return pulumi.get(self, "enable_aia_url_templating")
|
340
513
|
|
341
514
|
@enable_aia_url_templating.setter
|
342
|
-
def enable_aia_url_templating(self, value: Optional[pulumi.Input[bool]]):
|
515
|
+
def enable_aia_url_templating(self, value: Optional[pulumi.Input[builtins.bool]]):
|
343
516
|
pulumi.set(self, "enable_aia_url_templating", value)
|
344
517
|
|
345
518
|
@property
|
346
519
|
@pulumi.getter(name="issuerId")
|
347
|
-
def issuer_id(self) -> Optional[pulumi.Input[str]]:
|
520
|
+
def issuer_id(self) -> Optional[pulumi.Input[builtins.str]]:
|
348
521
|
"""
|
349
522
|
ID of the issuer.
|
350
523
|
"""
|
351
524
|
return pulumi.get(self, "issuer_id")
|
352
525
|
|
353
526
|
@issuer_id.setter
|
354
|
-
def issuer_id(self, value: Optional[pulumi.Input[str]]):
|
527
|
+
def issuer_id(self, value: Optional[pulumi.Input[builtins.str]]):
|
355
528
|
pulumi.set(self, "issuer_id", value)
|
356
529
|
|
357
530
|
@property
|
358
531
|
@pulumi.getter(name="issuerName")
|
359
|
-
def issuer_name(self) -> Optional[pulumi.Input[str]]:
|
532
|
+
def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
360
533
|
"""
|
361
534
|
Name of the issuer.
|
362
535
|
"""
|
363
536
|
return pulumi.get(self, "issuer_name")
|
364
537
|
|
365
538
|
@issuer_name.setter
|
366
|
-
def issuer_name(self, value: Optional[pulumi.Input[str]]):
|
539
|
+
def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
367
540
|
pulumi.set(self, "issuer_name", value)
|
368
541
|
|
369
542
|
@property
|
370
543
|
@pulumi.getter(name="issuerRef")
|
371
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
544
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
372
545
|
"""
|
373
546
|
Reference to an existing issuer.
|
374
547
|
"""
|
375
548
|
return pulumi.get(self, "issuer_ref")
|
376
549
|
|
377
550
|
@issuer_ref.setter
|
378
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
551
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
379
552
|
pulumi.set(self, "issuer_ref", value)
|
380
553
|
|
381
554
|
@property
|
382
555
|
@pulumi.getter(name="issuingCertificates")
|
383
|
-
def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
556
|
+
def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
384
557
|
"""
|
385
558
|
Specifies the URL values for the Issuing
|
386
559
|
Certificate field.
|
@@ -388,12 +561,12 @@ class _SecretBackendIssuerState:
|
|
388
561
|
return pulumi.get(self, "issuing_certificates")
|
389
562
|
|
390
563
|
@issuing_certificates.setter
|
391
|
-
def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
564
|
+
def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
392
565
|
pulumi.set(self, "issuing_certificates", value)
|
393
566
|
|
394
567
|
@property
|
395
568
|
@pulumi.getter(name="leafNotAfterBehavior")
|
396
|
-
def leaf_not_after_behavior(self) -> Optional[pulumi.Input[str]]:
|
569
|
+
def leaf_not_after_behavior(self) -> Optional[pulumi.Input[builtins.str]]:
|
397
570
|
"""
|
398
571
|
Behavior of a leaf's NotAfter field during
|
399
572
|
issuance.
|
@@ -401,12 +574,12 @@ class _SecretBackendIssuerState:
|
|
401
574
|
return pulumi.get(self, "leaf_not_after_behavior")
|
402
575
|
|
403
576
|
@leaf_not_after_behavior.setter
|
404
|
-
def leaf_not_after_behavior(self, value: Optional[pulumi.Input[str]]):
|
577
|
+
def leaf_not_after_behavior(self, value: Optional[pulumi.Input[builtins.str]]):
|
405
578
|
pulumi.set(self, "leaf_not_after_behavior", value)
|
406
579
|
|
407
580
|
@property
|
408
581
|
@pulumi.getter(name="manualChains")
|
409
|
-
def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
582
|
+
def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
410
583
|
"""
|
411
584
|
Chain of issuer references to build this issuer's
|
412
585
|
computed CAChain field from, when non-empty.
|
@@ -414,12 +587,12 @@ class _SecretBackendIssuerState:
|
|
414
587
|
return pulumi.get(self, "manual_chains")
|
415
588
|
|
416
589
|
@manual_chains.setter
|
417
|
-
def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
590
|
+
def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
418
591
|
pulumi.set(self, "manual_chains", value)
|
419
592
|
|
420
593
|
@property
|
421
594
|
@pulumi.getter
|
422
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
595
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
423
596
|
"""
|
424
597
|
The namespace to provision the resource in.
|
425
598
|
The value should not contain leading or trailing forward slashes.
|
@@ -429,24 +602,24 @@ class _SecretBackendIssuerState:
|
|
429
602
|
return pulumi.get(self, "namespace")
|
430
603
|
|
431
604
|
@namespace.setter
|
432
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
605
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
433
606
|
pulumi.set(self, "namespace", value)
|
434
607
|
|
435
608
|
@property
|
436
609
|
@pulumi.getter(name="ocspServers")
|
437
|
-
def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
610
|
+
def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
438
611
|
"""
|
439
612
|
Specifies the URL values for the OCSP Servers field.
|
440
613
|
"""
|
441
614
|
return pulumi.get(self, "ocsp_servers")
|
442
615
|
|
443
616
|
@ocsp_servers.setter
|
444
|
-
def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
617
|
+
def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
445
618
|
pulumi.set(self, "ocsp_servers", value)
|
446
619
|
|
447
620
|
@property
|
448
621
|
@pulumi.getter(name="revocationSignatureAlgorithm")
|
449
|
-
def revocation_signature_algorithm(self) -> Optional[pulumi.Input[str]]:
|
622
|
+
def revocation_signature_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
|
450
623
|
"""
|
451
624
|
Which signature algorithm to use
|
452
625
|
when building CRLs.
|
@@ -454,19 +627,19 @@ class _SecretBackendIssuerState:
|
|
454
627
|
return pulumi.get(self, "revocation_signature_algorithm")
|
455
628
|
|
456
629
|
@revocation_signature_algorithm.setter
|
457
|
-
def revocation_signature_algorithm(self, value: Optional[pulumi.Input[str]]):
|
630
|
+
def revocation_signature_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
|
458
631
|
pulumi.set(self, "revocation_signature_algorithm", value)
|
459
632
|
|
460
633
|
@property
|
461
634
|
@pulumi.getter
|
462
|
-
def usage(self) -> Optional[pulumi.Input[str]]:
|
635
|
+
def usage(self) -> Optional[pulumi.Input[builtins.str]]:
|
463
636
|
"""
|
464
637
|
Allowed usages for this issuer.
|
465
638
|
"""
|
466
639
|
return pulumi.get(self, "usage")
|
467
640
|
|
468
641
|
@usage.setter
|
469
|
-
def usage(self, value: Optional[pulumi.Input[str]]):
|
642
|
+
def usage(self, value: Optional[pulumi.Input[builtins.str]]):
|
470
643
|
pulumi.set(self, "usage", value)
|
471
644
|
|
472
645
|
|
@@ -475,18 +648,22 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
475
648
|
def __init__(__self__,
|
476
649
|
resource_name: str,
|
477
650
|
opts: Optional[pulumi.ResourceOptions] = None,
|
478
|
-
backend: Optional[pulumi.Input[str]] = None,
|
479
|
-
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
480
|
-
|
481
|
-
|
482
|
-
|
483
|
-
|
484
|
-
|
485
|
-
|
486
|
-
|
487
|
-
|
488
|
-
|
489
|
-
|
651
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
652
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
653
|
+
disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
654
|
+
disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
655
|
+
disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
656
|
+
disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
657
|
+
enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
|
658
|
+
issuer_name: Optional[pulumi.Input[builtins.str]] = None,
|
659
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
660
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
661
|
+
leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
|
662
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
663
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
664
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
665
|
+
revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
666
|
+
usage: Optional[pulumi.Input[builtins.str]] = None,
|
490
667
|
__props__=None):
|
491
668
|
"""
|
492
669
|
## Example Usage
|
@@ -521,28 +698,43 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
521
698
|
|
522
699
|
:param str resource_name: The name of the resource.
|
523
700
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
524
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
|
701
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
525
702
|
leading or trailing `/`s.
|
526
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
703
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
527
704
|
Distribution Points field.
|
528
|
-
:param pulumi.Input[bool]
|
705
|
+
:param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
|
706
|
+
issuer is able to issue certificates where the chain of trust (including the
|
707
|
+
issued certificate) contain critical extensions not processed by Vault.
|
708
|
+
:param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
|
709
|
+
to issue certificates where the chain of trust (including the final issued
|
710
|
+
certificate) contains a link in which the subject of the issuing certificate
|
711
|
+
does not match the named issuer of the certificate it signed.
|
712
|
+
:param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
|
713
|
+
issuer is able to issue certificates where the chain of trust (including the
|
714
|
+
final issued certificate) violates the name constraints critical extension of
|
715
|
+
one of the issuer certificates in the chain.
|
716
|
+
:param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
|
717
|
+
is able to issue certificates where the chain of trust (including the final
|
718
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
719
|
+
chain.
|
720
|
+
:param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
529
721
|
be templated.
|
530
|
-
:param pulumi.Input[str] issuer_name: Name of the issuer.
|
531
|
-
:param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
|
532
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
|
722
|
+
:param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
|
723
|
+
:param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
|
724
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
533
725
|
Certificate field.
|
534
|
-
:param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
726
|
+
:param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
535
727
|
issuance.
|
536
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
|
728
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
537
729
|
computed CAChain field from, when non-empty.
|
538
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
730
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
539
731
|
The value should not contain leading or trailing forward slashes.
|
540
732
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
541
733
|
*Available only for Vault Enterprise*.
|
542
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
543
|
-
:param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
|
734
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
735
|
+
:param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
544
736
|
when building CRLs.
|
545
|
-
:param pulumi.Input[str] usage: Allowed usages for this issuer.
|
737
|
+
:param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
|
546
738
|
"""
|
547
739
|
...
|
548
740
|
@overload
|
@@ -596,18 +788,22 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
596
788
|
def _internal_init(__self__,
|
597
789
|
resource_name: str,
|
598
790
|
opts: Optional[pulumi.ResourceOptions] = None,
|
599
|
-
backend: Optional[pulumi.Input[str]] = None,
|
600
|
-
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
601
|
-
|
602
|
-
|
603
|
-
|
604
|
-
|
605
|
-
|
606
|
-
|
607
|
-
|
608
|
-
|
609
|
-
|
610
|
-
|
791
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
792
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
793
|
+
disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
794
|
+
disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
795
|
+
disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
796
|
+
disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
797
|
+
enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
|
798
|
+
issuer_name: Optional[pulumi.Input[builtins.str]] = None,
|
799
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
800
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
801
|
+
leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
|
802
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
803
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
804
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
805
|
+
revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
806
|
+
usage: Optional[pulumi.Input[builtins.str]] = None,
|
611
807
|
__props__=None):
|
612
808
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
613
809
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -621,6 +817,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
621
817
|
raise TypeError("Missing required property 'backend'")
|
622
818
|
__props__.__dict__["backend"] = backend
|
623
819
|
__props__.__dict__["crl_distribution_points"] = crl_distribution_points
|
820
|
+
__props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
|
821
|
+
__props__.__dict__["disable_name_checks"] = disable_name_checks
|
822
|
+
__props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
|
823
|
+
__props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
|
624
824
|
__props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
|
625
825
|
__props__.__dict__["issuer_name"] = issuer_name
|
626
826
|
if issuer_ref is None and not opts.urn:
|
@@ -644,19 +844,23 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
644
844
|
def get(resource_name: str,
|
645
845
|
id: pulumi.Input[str],
|
646
846
|
opts: Optional[pulumi.ResourceOptions] = None,
|
647
|
-
backend: Optional[pulumi.Input[str]] = None,
|
648
|
-
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
649
|
-
|
650
|
-
|
651
|
-
|
652
|
-
|
653
|
-
|
654
|
-
|
655
|
-
|
656
|
-
|
657
|
-
|
658
|
-
|
659
|
-
|
847
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
848
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
849
|
+
disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
850
|
+
disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
851
|
+
disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
852
|
+
disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
|
853
|
+
enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
|
854
|
+
issuer_id: Optional[pulumi.Input[builtins.str]] = None,
|
855
|
+
issuer_name: Optional[pulumi.Input[builtins.str]] = None,
|
856
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
857
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
858
|
+
leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
|
859
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
860
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
861
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
862
|
+
revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
|
863
|
+
usage: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendIssuer':
|
660
864
|
"""
|
661
865
|
Get an existing SecretBackendIssuer resource's state with the given name, id, and optional extra
|
662
866
|
properties used to qualify the lookup.
|
@@ -664,29 +868,44 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
664
868
|
:param str resource_name: The unique name of the resulting resource.
|
665
869
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
666
870
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
667
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
|
871
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
668
872
|
leading or trailing `/`s.
|
669
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
873
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
670
874
|
Distribution Points field.
|
671
|
-
:param pulumi.Input[bool]
|
875
|
+
:param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
|
876
|
+
issuer is able to issue certificates where the chain of trust (including the
|
877
|
+
issued certificate) contain critical extensions not processed by Vault.
|
878
|
+
:param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
|
879
|
+
to issue certificates where the chain of trust (including the final issued
|
880
|
+
certificate) contains a link in which the subject of the issuing certificate
|
881
|
+
does not match the named issuer of the certificate it signed.
|
882
|
+
:param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
|
883
|
+
issuer is able to issue certificates where the chain of trust (including the
|
884
|
+
final issued certificate) violates the name constraints critical extension of
|
885
|
+
one of the issuer certificates in the chain.
|
886
|
+
:param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
|
887
|
+
is able to issue certificates where the chain of trust (including the final
|
888
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
889
|
+
chain.
|
890
|
+
:param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
672
891
|
be templated.
|
673
|
-
:param pulumi.Input[str] issuer_id: ID of the issuer.
|
674
|
-
:param pulumi.Input[str] issuer_name: Name of the issuer.
|
675
|
-
:param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
|
676
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
|
892
|
+
:param pulumi.Input[builtins.str] issuer_id: ID of the issuer.
|
893
|
+
:param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
|
894
|
+
:param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
|
895
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
677
896
|
Certificate field.
|
678
|
-
:param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
897
|
+
:param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
679
898
|
issuance.
|
680
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
|
899
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
681
900
|
computed CAChain field from, when non-empty.
|
682
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
901
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
683
902
|
The value should not contain leading or trailing forward slashes.
|
684
903
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
685
904
|
*Available only for Vault Enterprise*.
|
686
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
687
|
-
:param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
|
905
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
906
|
+
:param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
688
907
|
when building CRLs.
|
689
|
-
:param pulumi.Input[str] usage: Allowed usages for this issuer.
|
908
|
+
:param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
|
690
909
|
"""
|
691
910
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
692
911
|
|
@@ -694,6 +913,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
694
913
|
|
695
914
|
__props__.__dict__["backend"] = backend
|
696
915
|
__props__.__dict__["crl_distribution_points"] = crl_distribution_points
|
916
|
+
__props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
|
917
|
+
__props__.__dict__["disable_name_checks"] = disable_name_checks
|
918
|
+
__props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
|
919
|
+
__props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
|
697
920
|
__props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
|
698
921
|
__props__.__dict__["issuer_id"] = issuer_id
|
699
922
|
__props__.__dict__["issuer_name"] = issuer_name
|
@@ -709,7 +932,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
709
932
|
|
710
933
|
@property
|
711
934
|
@pulumi.getter
|
712
|
-
def backend(self) -> pulumi.Output[str]:
|
935
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
713
936
|
"""
|
714
937
|
The path the PKI secret backend is mounted at, with no
|
715
938
|
leading or trailing `/`s.
|
@@ -718,16 +941,59 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
718
941
|
|
719
942
|
@property
|
720
943
|
@pulumi.getter(name="crlDistributionPoints")
|
721
|
-
def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
944
|
+
def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
722
945
|
"""
|
723
946
|
Specifies the URL values for the CRL
|
724
947
|
Distribution Points field.
|
725
948
|
"""
|
726
949
|
return pulumi.get(self, "crl_distribution_points")
|
727
950
|
|
951
|
+
@property
|
952
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
953
|
+
def disable_critical_extension_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
|
954
|
+
"""
|
955
|
+
This determines whether this
|
956
|
+
issuer is able to issue certificates where the chain of trust (including the
|
957
|
+
issued certificate) contain critical extensions not processed by Vault.
|
958
|
+
"""
|
959
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
960
|
+
|
961
|
+
@property
|
962
|
+
@pulumi.getter(name="disableNameChecks")
|
963
|
+
def disable_name_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
|
964
|
+
"""
|
965
|
+
This determines whether this issuer is able
|
966
|
+
to issue certificates where the chain of trust (including the final issued
|
967
|
+
certificate) contains a link in which the subject of the issuing certificate
|
968
|
+
does not match the named issuer of the certificate it signed.
|
969
|
+
"""
|
970
|
+
return pulumi.get(self, "disable_name_checks")
|
971
|
+
|
972
|
+
@property
|
973
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
974
|
+
def disable_name_constraint_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
|
975
|
+
"""
|
976
|
+
This determines whether this
|
977
|
+
issuer is able to issue certificates where the chain of trust (including the
|
978
|
+
final issued certificate) violates the name constraints critical extension of
|
979
|
+
one of the issuer certificates in the chain.
|
980
|
+
"""
|
981
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
982
|
+
|
983
|
+
@property
|
984
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
985
|
+
def disable_path_length_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
|
986
|
+
"""
|
987
|
+
This determines whether this issuer
|
988
|
+
is able to issue certificates where the chain of trust (including the final
|
989
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
990
|
+
chain.
|
991
|
+
"""
|
992
|
+
return pulumi.get(self, "disable_path_length_checks")
|
993
|
+
|
728
994
|
@property
|
729
995
|
@pulumi.getter(name="enableAiaUrlTemplating")
|
730
|
-
def enable_aia_url_templating(self) -> pulumi.Output[Optional[bool]]:
|
996
|
+
def enable_aia_url_templating(self) -> pulumi.Output[Optional[builtins.bool]]:
|
731
997
|
"""
|
732
998
|
Specifies that the AIA URL values should
|
733
999
|
be templated.
|
@@ -736,7 +1002,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
736
1002
|
|
737
1003
|
@property
|
738
1004
|
@pulumi.getter(name="issuerId")
|
739
|
-
def issuer_id(self) -> pulumi.Output[str]:
|
1005
|
+
def issuer_id(self) -> pulumi.Output[builtins.str]:
|
740
1006
|
"""
|
741
1007
|
ID of the issuer.
|
742
1008
|
"""
|
@@ -744,7 +1010,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
744
1010
|
|
745
1011
|
@property
|
746
1012
|
@pulumi.getter(name="issuerName")
|
747
|
-
def issuer_name(self) -> pulumi.Output[Optional[str]]:
|
1013
|
+
def issuer_name(self) -> pulumi.Output[Optional[builtins.str]]:
|
748
1014
|
"""
|
749
1015
|
Name of the issuer.
|
750
1016
|
"""
|
@@ -752,7 +1018,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
752
1018
|
|
753
1019
|
@property
|
754
1020
|
@pulumi.getter(name="issuerRef")
|
755
|
-
def issuer_ref(self) -> pulumi.Output[str]:
|
1021
|
+
def issuer_ref(self) -> pulumi.Output[builtins.str]:
|
756
1022
|
"""
|
757
1023
|
Reference to an existing issuer.
|
758
1024
|
"""
|
@@ -760,7 +1026,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
760
1026
|
|
761
1027
|
@property
|
762
1028
|
@pulumi.getter(name="issuingCertificates")
|
763
|
-
def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1029
|
+
def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
764
1030
|
"""
|
765
1031
|
Specifies the URL values for the Issuing
|
766
1032
|
Certificate field.
|
@@ -769,7 +1035,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
769
1035
|
|
770
1036
|
@property
|
771
1037
|
@pulumi.getter(name="leafNotAfterBehavior")
|
772
|
-
def leaf_not_after_behavior(self) -> pulumi.Output[str]:
|
1038
|
+
def leaf_not_after_behavior(self) -> pulumi.Output[builtins.str]:
|
773
1039
|
"""
|
774
1040
|
Behavior of a leaf's NotAfter field during
|
775
1041
|
issuance.
|
@@ -778,7 +1044,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
778
1044
|
|
779
1045
|
@property
|
780
1046
|
@pulumi.getter(name="manualChains")
|
781
|
-
def manual_chains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1047
|
+
def manual_chains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
782
1048
|
"""
|
783
1049
|
Chain of issuer references to build this issuer's
|
784
1050
|
computed CAChain field from, when non-empty.
|
@@ -787,7 +1053,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
787
1053
|
|
788
1054
|
@property
|
789
1055
|
@pulumi.getter
|
790
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1056
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
791
1057
|
"""
|
792
1058
|
The namespace to provision the resource in.
|
793
1059
|
The value should not contain leading or trailing forward slashes.
|
@@ -798,7 +1064,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
798
1064
|
|
799
1065
|
@property
|
800
1066
|
@pulumi.getter(name="ocspServers")
|
801
|
-
def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1067
|
+
def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
802
1068
|
"""
|
803
1069
|
Specifies the URL values for the OCSP Servers field.
|
804
1070
|
"""
|
@@ -806,7 +1072,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
806
1072
|
|
807
1073
|
@property
|
808
1074
|
@pulumi.getter(name="revocationSignatureAlgorithm")
|
809
|
-
def revocation_signature_algorithm(self) -> pulumi.Output[str]:
|
1075
|
+
def revocation_signature_algorithm(self) -> pulumi.Output[builtins.str]:
|
810
1076
|
"""
|
811
1077
|
Which signature algorithm to use
|
812
1078
|
when building CRLs.
|
@@ -815,7 +1081,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
815
1081
|
|
816
1082
|
@property
|
817
1083
|
@pulumi.getter
|
818
|
-
def usage(self) -> pulumi.Output[str]:
|
1084
|
+
def usage(self) -> pulumi.Output[builtins.str]:
|
819
1085
|
"""
|
820
1086
|
Allowed usages for this issuer.
|
821
1087
|
"""
|