pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

pulumi_vault/pkisecret/secret_backend_issuer.py

@@ -2,6 +2,7 @@
 # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
+import builtins
 import copy
 import warnings
 import sys
@@ -19,47 +20,74 @@ __all__ = ['SecretBackendIssuerArgs', 'SecretBackendIssuer']
 @pulumi.input_type
 class SecretBackendIssuerArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[str],
-                 issuer_ref: pulumi.Input[str],
-                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
-                 issuer_name: Optional[pulumi.Input[str]] = None,
-                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
-                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
-                 usage: Optional[pulumi.Input[str]] = None):
+                 backend: pulumi.Input[builtins.str],
+                 issuer_ref: pulumi.Input[builtins.str],
+                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
+                 issuer_name: Optional[pulumi.Input[builtins.str]] = None,
+                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
+                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
+                 usage: Optional[pulumi.Input[builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackendIssuer resource.
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
                leading or trailing `/`s.
-        :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
+        :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
                Distribution Points field.
-        :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
+        :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               issued certificate) contain critical extensions not processed by Vault.
+        :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
+               to issue certificates where the chain of trust (including the final issued
+               certificate) contains a link in which the subject of the issuing certificate
+               does not match the named issuer of the certificate it signed.
+        :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               final issued certificate) violates the name constraints critical extension of
+               one of the issuer certificates in the chain.
+        :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
+               is able to issue certificates where the chain of trust (including the final
+               issued certificate) is longer than allowed by a certificate authority in that
+               chain.
+        :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
                be templated.
-        :param pulumi.Input[str] issuer_name: Name of the issuer.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
+        :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
                Certificate field.
-        :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
+        :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
                issuance.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
                computed CAChain field from, when non-empty.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
-        :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
+        :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
                when building CRLs.
-        :param pulumi.Input[str] usage: Allowed usages for this issuer.
+        :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
         """
         pulumi.set(__self__, "backend", backend)
         pulumi.set(__self__, "issuer_ref", issuer_ref)
         if crl_distribution_points is not None:
             pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
+        if disable_critical_extension_checks is not None:
+            pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
+        if disable_name_checks is not None:
+            pulumi.set(__self__, "disable_name_checks", disable_name_checks)
+        if disable_name_constraint_checks is not None:
+            pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
+        if disable_path_length_checks is not None:
+            pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
         if enable_aia_url_templating is not None:
             pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
         if issuer_name is not None:
@@ -81,7 +109,7 @@ class SecretBackendIssuerArgs:
 
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[str]:
+    def backend(self) -> pulumi.Input[builtins.str]:
         """
         The path the PKI secret backend is mounted at, with no
         leading or trailing `/`s.
@@ -89,24 +117,24 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: pulumi.Input[str]):
+    def backend(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "backend", value)
 
     @property
     @pulumi.getter(name="issuerRef")
-    def issuer_ref(self) -> pulumi.Input[str]:
+    def issuer_ref(self) -> pulumi.Input[builtins.str]:
         """
         Reference to an existing issuer.
         """
         return pulumi.get(self, "issuer_ref")
 
     @issuer_ref.setter
-    def issuer_ref(self, value: pulumi.Input[str]):
+    def issuer_ref(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "issuer_ref", value)
 
     @property
     @pulumi.getter(name="crlDistributionPoints")
-    def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the URL values for the CRL
         Distribution Points field.
@@ -114,12 +142,71 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "crl_distribution_points")
 
     @crl_distribution_points.setter
-    def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "crl_distribution_points", value)
 
+    @property
+    @pulumi.getter(name="disableCriticalExtensionChecks")
+    def disable_critical_extension_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this
+        issuer is able to issue certificates where the chain of trust (including the
+        issued certificate) contain critical extensions not processed by Vault.
+        """
+        return pulumi.get(self, "disable_critical_extension_checks")
+
+    @disable_critical_extension_checks.setter
+    def disable_critical_extension_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_critical_extension_checks", value)
+
+    @property
+    @pulumi.getter(name="disableNameChecks")
+    def disable_name_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this issuer is able
+        to issue certificates where the chain of trust (including the final issued
+        certificate) contains a link in which the subject of the issuing certificate
+        does not match the named issuer of the certificate it signed.
+        """
+        return pulumi.get(self, "disable_name_checks")
+
+    @disable_name_checks.setter
+    def disable_name_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_name_checks", value)
+
+    @property
+    @pulumi.getter(name="disableNameConstraintChecks")
+    def disable_name_constraint_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this
+        issuer is able to issue certificates where the chain of trust (including the
+        final issued certificate) violates the name constraints critical extension of
+        one of the issuer certificates in the chain.
+        """
+        return pulumi.get(self, "disable_name_constraint_checks")
+
+    @disable_name_constraint_checks.setter
+    def disable_name_constraint_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_name_constraint_checks", value)
+
+    @property
+    @pulumi.getter(name="disablePathLengthChecks")
+    def disable_path_length_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this issuer
+        is able to issue certificates where the chain of trust (including the final
+        issued certificate) is longer than allowed by a certificate authority in that
+        chain.
+        """
+        return pulumi.get(self, "disable_path_length_checks")
+
+    @disable_path_length_checks.setter
+    def disable_path_length_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_path_length_checks", value)
+
     @property
     @pulumi.getter(name="enableAiaUrlTemplating")
-    def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
+    def enable_aia_url_templating(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies that the AIA URL values should
         be templated.
@@ -127,24 +214,24 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "enable_aia_url_templating")
 
     @enable_aia_url_templating.setter
-    def enable_aia_url_templating(self, value: Optional[pulumi.Input[bool]]):
+    def enable_aia_url_templating(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_aia_url_templating", value)
 
     @property
     @pulumi.getter(name="issuerName")
-    def issuer_name(self) -> Optional[pulumi.Input[str]]:
+    def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Name of the issuer.
         """
         return pulumi.get(self, "issuer_name")
 
     @issuer_name.setter
-    def issuer_name(self, value: Optional[pulumi.Input[str]]):
+    def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "issuer_name", value)
 
     @property
     @pulumi.getter(name="issuingCertificates")
-    def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the URL values for the Issuing
         Certificate field.
@@ -152,12 +239,12 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "issuing_certificates")
 
     @issuing_certificates.setter
-    def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "issuing_certificates", value)
 
     @property
     @pulumi.getter(name="leafNotAfterBehavior")
-    def leaf_not_after_behavior(self) -> Optional[pulumi.Input[str]]:
+    def leaf_not_after_behavior(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Behavior of a leaf's NotAfter field during
         issuance.
@@ -165,12 +252,12 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "leaf_not_after_behavior")
 
     @leaf_not_after_behavior.setter
-    def leaf_not_after_behavior(self, value: Optional[pulumi.Input[str]]):
+    def leaf_not_after_behavior(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "leaf_not_after_behavior", value)
 
     @property
     @pulumi.getter(name="manualChains")
-    def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Chain of issuer references to build this issuer's
         computed CAChain field from, when non-empty.
@@ -178,12 +265,12 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "manual_chains")
 
     @manual_chains.setter
-    def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "manual_chains", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -193,24 +280,24 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter(name="ocspServers")
-    def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the URL values for the OCSP Servers field.
         """
         return pulumi.get(self, "ocsp_servers")
 
     @ocsp_servers.setter
-    def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "ocsp_servers", value)
 
     @property
     @pulumi.getter(name="revocationSignatureAlgorithm")
-    def revocation_signature_algorithm(self) -> Optional[pulumi.Input[str]]:
+    def revocation_signature_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Which signature algorithm to use
         when building CRLs.
@@ -218,68 +305,95 @@ class SecretBackendIssuerArgs:
         return pulumi.get(self, "revocation_signature_algorithm")
 
     @revocation_signature_algorithm.setter
-    def revocation_signature_algorithm(self, value: Optional[pulumi.Input[str]]):
+    def revocation_signature_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "revocation_signature_algorithm", value)
 
     @property
     @pulumi.getter
-    def usage(self) -> Optional[pulumi.Input[str]]:
+    def usage(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Allowed usages for this issuer.
         """
         return pulumi.get(self, "usage")
 
     @usage.setter
-    def usage(self, value: Optional[pulumi.Input[str]]):
+    def usage(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "usage", value)
 
 
 @pulumi.input_type
 class _SecretBackendIssuerState:
     def __init__(__self__, *,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
-                 issuer_id: Optional[pulumi.Input[str]] = None,
-                 issuer_name: Optional[pulumi.Input[str]] = None,
-                 issuer_ref: Optional[pulumi.Input[str]] = None,
-                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
-                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
-                 usage: Optional[pulumi.Input[str]] = None):
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
+                 issuer_id: Optional[pulumi.Input[builtins.str]] = None,
+                 issuer_name: Optional[pulumi.Input[builtins.str]] = None,
+                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
+                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
+                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
+                 usage: Optional[pulumi.Input[builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendIssuer resources.
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
                leading or trailing `/`s.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
                Distribution Points field.
-        :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
+        :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               issued certificate) contain critical extensions not processed by Vault.
+        :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
+               to issue certificates where the chain of trust (including the final issued
+               certificate) contains a link in which the subject of the issuing certificate
+               does not match the named issuer of the certificate it signed.
+        :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               final issued certificate) violates the name constraints critical extension of
+               one of the issuer certificates in the chain.
+        :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
+               is able to issue certificates where the chain of trust (including the final
+               issued certificate) is longer than allowed by a certificate authority in that
+               chain.
+        :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
                be templated.
-        :param pulumi.Input[str] issuer_id: ID of the issuer.
-        :param pulumi.Input[str] issuer_name: Name of the issuer.
-        :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
+        :param pulumi.Input[builtins.str] issuer_id: ID of the issuer.
+        :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
+        :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
                Certificate field.
-        :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
+        :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
                issuance.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
                computed CAChain field from, when non-empty.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
-        :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
+        :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
                when building CRLs.
-        :param pulumi.Input[str] usage: Allowed usages for this issuer.
+        :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
         """
         if backend is not None:
             pulumi.set(__self__, "backend", backend)
         if crl_distribution_points is not None:
             pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
+        if disable_critical_extension_checks is not None:
+            pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
+        if disable_name_checks is not None:
+            pulumi.set(__self__, "disable_name_checks", disable_name_checks)
+        if disable_name_constraint_checks is not None:
+            pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
+        if disable_path_length_checks is not None:
+            pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
         if enable_aia_url_templating is not None:
             pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
         if issuer_id is not None:
@@ -305,7 +419,7 @@ class _SecretBackendIssuerState:
 
     @property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[str]]:
+    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The path the PKI secret backend is mounted at, with no
         leading or trailing `/`s.
@@ -313,12 +427,12 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "backend")
 
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[str]]):
+    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "backend", value)
 
     @property
     @pulumi.getter(name="crlDistributionPoints")
-    def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the URL values for the CRL
         Distribution Points field.
@@ -326,12 +440,71 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "crl_distribution_points")
 
     @crl_distribution_points.setter
-    def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "crl_distribution_points", value)
 
+    @property
+    @pulumi.getter(name="disableCriticalExtensionChecks")
+    def disable_critical_extension_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this
+        issuer is able to issue certificates where the chain of trust (including the
+        issued certificate) contain critical extensions not processed by Vault.
+        """
+        return pulumi.get(self, "disable_critical_extension_checks")
+
+    @disable_critical_extension_checks.setter
+    def disable_critical_extension_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_critical_extension_checks", value)
+
+    @property
+    @pulumi.getter(name="disableNameChecks")
+    def disable_name_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this issuer is able
+        to issue certificates where the chain of trust (including the final issued
+        certificate) contains a link in which the subject of the issuing certificate
+        does not match the named issuer of the certificate it signed.
+        """
+        return pulumi.get(self, "disable_name_checks")
+
+    @disable_name_checks.setter
+    def disable_name_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_name_checks", value)
+
+    @property
+    @pulumi.getter(name="disableNameConstraintChecks")
+    def disable_name_constraint_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this
+        issuer is able to issue certificates where the chain of trust (including the
+        final issued certificate) violates the name constraints critical extension of
+        one of the issuer certificates in the chain.
+        """
+        return pulumi.get(self, "disable_name_constraint_checks")
+
+    @disable_name_constraint_checks.setter
+    def disable_name_constraint_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_name_constraint_checks", value)
+
+    @property
+    @pulumi.getter(name="disablePathLengthChecks")
+    def disable_path_length_checks(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        This determines whether this issuer
+        is able to issue certificates where the chain of trust (including the final
+        issued certificate) is longer than allowed by a certificate authority in that
+        chain.
+        """
+        return pulumi.get(self, "disable_path_length_checks")
+
+    @disable_path_length_checks.setter
+    def disable_path_length_checks(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "disable_path_length_checks", value)
+
     @property
     @pulumi.getter(name="enableAiaUrlTemplating")
-    def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
+    def enable_aia_url_templating(self) -> Optional[pulumi.Input[builtins.bool]]:
         """
         Specifies that the AIA URL values should
         be templated.
@@ -339,48 +512,48 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "enable_aia_url_templating")
 
     @enable_aia_url_templating.setter
-    def enable_aia_url_templating(self, value: Optional[pulumi.Input[bool]]):
+    def enable_aia_url_templating(self, value: Optional[pulumi.Input[builtins.bool]]):
         pulumi.set(self, "enable_aia_url_templating", value)
 
     @property
     @pulumi.getter(name="issuerId")
-    def issuer_id(self) -> Optional[pulumi.Input[str]]:
+    def issuer_id(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         ID of the issuer.
         """
         return pulumi.get(self, "issuer_id")
 
     @issuer_id.setter
-    def issuer_id(self, value: Optional[pulumi.Input[str]]):
+    def issuer_id(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "issuer_id", value)
 
     @property
     @pulumi.getter(name="issuerName")
-    def issuer_name(self) -> Optional[pulumi.Input[str]]:
+    def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Name of the issuer.
         """
         return pulumi.get(self, "issuer_name")
 
     @issuer_name.setter
-    def issuer_name(self, value: Optional[pulumi.Input[str]]):
+    def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "issuer_name", value)
 
     @property
     @pulumi.getter(name="issuerRef")
-    def issuer_ref(self) -> Optional[pulumi.Input[str]]:
+    def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Reference to an existing issuer.
         """
         return pulumi.get(self, "issuer_ref")
 
     @issuer_ref.setter
-    def issuer_ref(self, value: Optional[pulumi.Input[str]]):
+    def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "issuer_ref", value)
 
     @property
     @pulumi.getter(name="issuingCertificates")
-    def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the URL values for the Issuing
         Certificate field.
@@ -388,12 +561,12 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "issuing_certificates")
 
     @issuing_certificates.setter
-    def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "issuing_certificates", value)
 
     @property
     @pulumi.getter(name="leafNotAfterBehavior")
-    def leaf_not_after_behavior(self) -> Optional[pulumi.Input[str]]:
+    def leaf_not_after_behavior(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Behavior of a leaf's NotAfter field during
         issuance.
@@ -401,12 +574,12 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "leaf_not_after_behavior")
 
     @leaf_not_after_behavior.setter
-    def leaf_not_after_behavior(self, value: Optional[pulumi.Input[str]]):
+    def leaf_not_after_behavior(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "leaf_not_after_behavior", value)
 
     @property
     @pulumi.getter(name="manualChains")
-    def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Chain of issuer references to build this issuer's
         computed CAChain field from, when non-empty.
@@ -414,12 +587,12 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "manual_chains")
 
     @manual_chains.setter
-    def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "manual_chains", value)
 
     @property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[str]]:
+    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -429,24 +602,24 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "namespace")
 
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[str]]):
+    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "namespace", value)
 
     @property
     @pulumi.getter(name="ocspServers")
-    def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
         """
         Specifies the URL values for the OCSP Servers field.
         """
         return pulumi.get(self, "ocsp_servers")
 
     @ocsp_servers.setter
-    def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+    def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
         pulumi.set(self, "ocsp_servers", value)
 
     @property
     @pulumi.getter(name="revocationSignatureAlgorithm")
-    def revocation_signature_algorithm(self) -> Optional[pulumi.Input[str]]:
+    def revocation_signature_algorithm(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Which signature algorithm to use
         when building CRLs.
@@ -454,19 +627,19 @@ class _SecretBackendIssuerState:
         return pulumi.get(self, "revocation_signature_algorithm")
 
     @revocation_signature_algorithm.setter
-    def revocation_signature_algorithm(self, value: Optional[pulumi.Input[str]]):
+    def revocation_signature_algorithm(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "revocation_signature_algorithm", value)
 
     @property
     @pulumi.getter
-    def usage(self) -> Optional[pulumi.Input[str]]:
+    def usage(self) -> Optional[pulumi.Input[builtins.str]]:
         """
         Allowed usages for this issuer.
         """
         return pulumi.get(self, "usage")
 
     @usage.setter
-    def usage(self, value: Optional[pulumi.Input[str]]):
+    def usage(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "usage", value)
 
 
@@ -475,18 +648,22 @@ class SecretBackendIssuer(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
-                 issuer_name: Optional[pulumi.Input[str]] = None,
-                 issuer_ref: Optional[pulumi.Input[str]] = None,
-                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
-                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
-                 usage: Optional[pulumi.Input[str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
+                 issuer_name: Optional[pulumi.Input[builtins.str]] = None,
+                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
+                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
+                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
+                 usage: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         """
         ## Example Usage
@@ -521,28 +698,43 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
                leading or trailing `/`s.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
                Distribution Points field.
-        :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
+        :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               issued certificate) contain critical extensions not processed by Vault.
+        :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
+               to issue certificates where the chain of trust (including the final issued
+               certificate) contains a link in which the subject of the issuing certificate
+               does not match the named issuer of the certificate it signed.
+        :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               final issued certificate) violates the name constraints critical extension of
+               one of the issuer certificates in the chain.
+        :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
+               is able to issue certificates where the chain of trust (including the final
+               issued certificate) is longer than allowed by a certificate authority in that
+               chain.
+        :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
                be templated.
-        :param pulumi.Input[str] issuer_name: Name of the issuer.
-        :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
+        :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
+        :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
                Certificate field.
-        :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
+        :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
                issuance.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
                computed CAChain field from, when non-empty.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
-        :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
+        :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
                when building CRLs.
-        :param pulumi.Input[str] usage: Allowed usages for this issuer.
+        :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
         """
         ...
     @overload
@@ -596,18 +788,22 @@ class SecretBackendIssuer(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 backend: Optional[pulumi.Input[str]] = None,
-                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
-                 issuer_name: Optional[pulumi.Input[str]] = None,
-                 issuer_ref: Optional[pulumi.Input[str]] = None,
-                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
-                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 namespace: Optional[pulumi.Input[str]] = None,
-                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
-                 usage: Optional[pulumi.Input[str]] = None,
+                 backend: Optional[pulumi.Input[builtins.str]] = None,
+                 crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
+                 enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
+                 issuer_name: Optional[pulumi.Input[builtins.str]] = None,
+                 issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
+                 issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
+                 manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 namespace: Optional[pulumi.Input[builtins.str]] = None,
+                 ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+                 revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
+                 usage: Optional[pulumi.Input[builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -621,6 +817,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
                 raise TypeError("Missing required property 'backend'")
             __props__.__dict__["backend"] = backend
             __props__.__dict__["crl_distribution_points"] = crl_distribution_points
+            __props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
+            __props__.__dict__["disable_name_checks"] = disable_name_checks
+            __props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
+            __props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
             __props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
             __props__.__dict__["issuer_name"] = issuer_name
             if issuer_ref is None and not opts.urn:
@@ -644,19 +844,23 @@ class SecretBackendIssuer(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            backend: Optional[pulumi.Input[str]] = None,
-            crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
-            issuer_id: Optional[pulumi.Input[str]] = None,
-            issuer_name: Optional[pulumi.Input[str]] = None,
-            issuer_ref: Optional[pulumi.Input[str]] = None,
-            issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            leaf_not_after_behavior: Optional[pulumi.Input[str]] = None,
-            manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            namespace: Optional[pulumi.Input[str]] = None,
-            ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-            revocation_signature_algorithm: Optional[pulumi.Input[str]] = None,
-            usage: Optional[pulumi.Input[str]] = None) -> 'SecretBackendIssuer':
+            backend: Optional[pulumi.Input[builtins.str]] = None,
+            crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            disable_critical_extension_checks: Optional[pulumi.Input[builtins.bool]] = None,
+            disable_name_checks: Optional[pulumi.Input[builtins.bool]] = None,
+            disable_name_constraint_checks: Optional[pulumi.Input[builtins.bool]] = None,
+            disable_path_length_checks: Optional[pulumi.Input[builtins.bool]] = None,
+            enable_aia_url_templating: Optional[pulumi.Input[builtins.bool]] = None,
+            issuer_id: Optional[pulumi.Input[builtins.str]] = None,
+            issuer_name: Optional[pulumi.Input[builtins.str]] = None,
+            issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
+            issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            leaf_not_after_behavior: Optional[pulumi.Input[builtins.str]] = None,
+            manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            namespace: Optional[pulumi.Input[builtins.str]] = None,
+            ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
+            revocation_signature_algorithm: Optional[pulumi.Input[builtins.str]] = None,
+            usage: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendIssuer':
         """
         Get an existing SecretBackendIssuer resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -664,29 +868,44 @@ class SecretBackendIssuer(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no
+        :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no
                leading or trailing `/`s.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
                Distribution Points field.
-        :param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
+        :param pulumi.Input[builtins.bool] disable_critical_extension_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               issued certificate) contain critical extensions not processed by Vault.
+        :param pulumi.Input[builtins.bool] disable_name_checks: This determines whether this issuer is able
+               to issue certificates where the chain of trust (including the final issued
+               certificate) contains a link in which the subject of the issuing certificate
+               does not match the named issuer of the certificate it signed.
+        :param pulumi.Input[builtins.bool] disable_name_constraint_checks: This determines whether this
+               issuer is able to issue certificates where the chain of trust (including the
+               final issued certificate) violates the name constraints critical extension of
+               one of the issuer certificates in the chain.
+        :param pulumi.Input[builtins.bool] disable_path_length_checks: This determines whether this issuer
+               is able to issue certificates where the chain of trust (including the final
+               issued certificate) is longer than allowed by a certificate authority in that
+               chain.
+        :param pulumi.Input[builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
                be templated.
-        :param pulumi.Input[str] issuer_id: ID of the issuer.
-        :param pulumi.Input[str] issuer_name: Name of the issuer.
-        :param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] issuing_certificates: Specifies the URL values for the Issuing
+        :param pulumi.Input[builtins.str] issuer_id: ID of the issuer.
+        :param pulumi.Input[builtins.str] issuer_name: Name of the issuer.
+        :param pulumi.Input[builtins.str] issuer_ref: Reference to an existing issuer.
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
                Certificate field.
-        :param pulumi.Input[str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
+        :param pulumi.Input[builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
                issuance.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] manual_chains: Chain of issuer references to build this issuer's
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
                computed CAChain field from, when non-empty.
-        :param pulumi.Input[str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
-        :param pulumi.Input[str] revocation_signature_algorithm: Which signature algorithm to use
+        :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
+        :param pulumi.Input[builtins.str] revocation_signature_algorithm: Which signature algorithm to use
                when building CRLs.
-        :param pulumi.Input[str] usage: Allowed usages for this issuer.
+        :param pulumi.Input[builtins.str] usage: Allowed usages for this issuer.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -694,6 +913,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
         __props__.__dict__["backend"] = backend
         __props__.__dict__["crl_distribution_points"] = crl_distribution_points
+        __props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
+        __props__.__dict__["disable_name_checks"] = disable_name_checks
+        __props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
+        __props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
         __props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
         __props__.__dict__["issuer_id"] = issuer_id
         __props__.__dict__["issuer_name"] = issuer_name
@@ -709,7 +932,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[str]:
+    def backend(self) -> pulumi.Output[builtins.str]:
         """
         The path the PKI secret backend is mounted at, with no
         leading or trailing `/`s.
@@ -718,16 +941,59 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="crlDistributionPoints")
-    def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         Specifies the URL values for the CRL
         Distribution Points field.
         """
         return pulumi.get(self, "crl_distribution_points")
 
+    @property
+    @pulumi.getter(name="disableCriticalExtensionChecks")
+    def disable_critical_extension_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        This determines whether this
+        issuer is able to issue certificates where the chain of trust (including the
+        issued certificate) contain critical extensions not processed by Vault.
+        """
+        return pulumi.get(self, "disable_critical_extension_checks")
+
+    @property
+    @pulumi.getter(name="disableNameChecks")
+    def disable_name_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        This determines whether this issuer is able
+        to issue certificates where the chain of trust (including the final issued
+        certificate) contains a link in which the subject of the issuing certificate
+        does not match the named issuer of the certificate it signed.
+        """
+        return pulumi.get(self, "disable_name_checks")
+
+    @property
+    @pulumi.getter(name="disableNameConstraintChecks")
+    def disable_name_constraint_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        This determines whether this
+        issuer is able to issue certificates where the chain of trust (including the
+        final issued certificate) violates the name constraints critical extension of
+        one of the issuer certificates in the chain.
+        """
+        return pulumi.get(self, "disable_name_constraint_checks")
+
+    @property
+    @pulumi.getter(name="disablePathLengthChecks")
+    def disable_path_length_checks(self) -> pulumi.Output[Optional[builtins.bool]]:
+        """
+        This determines whether this issuer
+        is able to issue certificates where the chain of trust (including the final
+        issued certificate) is longer than allowed by a certificate authority in that
+        chain.
+        """
+        return pulumi.get(self, "disable_path_length_checks")
+
     @property
     @pulumi.getter(name="enableAiaUrlTemplating")
-    def enable_aia_url_templating(self) -> pulumi.Output[Optional[bool]]:
+    def enable_aia_url_templating(self) -> pulumi.Output[Optional[builtins.bool]]:
         """
         Specifies that the AIA URL values should
         be templated.
@@ -736,7 +1002,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="issuerId")
-    def issuer_id(self) -> pulumi.Output[str]:
+    def issuer_id(self) -> pulumi.Output[builtins.str]:
         """
         ID of the issuer.
         """
@@ -744,7 +1010,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="issuerName")
-    def issuer_name(self) -> pulumi.Output[Optional[str]]:
+    def issuer_name(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         Name of the issuer.
         """
@@ -752,7 +1018,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="issuerRef")
-    def issuer_ref(self) -> pulumi.Output[str]:
+    def issuer_ref(self) -> pulumi.Output[builtins.str]:
         """
         Reference to an existing issuer.
         """
@@ -760,7 +1026,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="issuingCertificates")
-    def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         Specifies the URL values for the Issuing
         Certificate field.
@@ -769,7 +1035,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="leafNotAfterBehavior")
-    def leaf_not_after_behavior(self) -> pulumi.Output[str]:
+    def leaf_not_after_behavior(self) -> pulumi.Output[builtins.str]:
         """
         Behavior of a leaf's NotAfter field during
         issuance.
@@ -778,7 +1044,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="manualChains")
-    def manual_chains(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def manual_chains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         Chain of issuer references to build this issuer's
         computed CAChain field from, when non-empty.
@@ -787,7 +1053,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[str]]:
+    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -798,7 +1064,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="ocspServers")
-    def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
         """
         Specifies the URL values for the OCSP Servers field.
         """
@@ -806,7 +1072,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="revocationSignatureAlgorithm")
-    def revocation_signature_algorithm(self) -> pulumi.Output[str]:
+    def revocation_signature_algorithm(self) -> pulumi.Output[builtins.str]:
         """
         Which signature algorithm to use
         when building CRLs.
@@ -815,7 +1081,7 @@ class SecretBackendIssuer(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def usage(self) -> pulumi.Output[str]:
+    def usage(self) -> pulumi.Output[builtins.str]:
         """
         Allowed usages for this issuer.
         """