pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -21,111 +22,123 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
21
22
  @pulumi.input_type
22
23
  class SecretBackendRoleArgs:
23
24
  def __init__(__self__, *,
24
- backend: pulumi.Input[str],
25
- allow_any_name: Optional[pulumi.Input[bool]] = None,
26
- allow_bare_domains: Optional[pulumi.Input[bool]] = None,
27
- allow_glob_domains: Optional[pulumi.Input[bool]] = None,
28
- allow_ip_sans: Optional[pulumi.Input[bool]] = None,
29
- allow_localhost: Optional[pulumi.Input[bool]] = None,
30
- allow_subdomains: Optional[pulumi.Input[bool]] = None,
31
- allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
32
- allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
33
- allowed_domains_template: Optional[pulumi.Input[bool]] = None,
34
- allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
- allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
36
- allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
37
- allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
38
- allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
39
- basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
40
- client_flag: Optional[pulumi.Input[bool]] = None,
41
- cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
42
- code_signing_flag: Optional[pulumi.Input[bool]] = None,
43
- countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
44
- email_protection_flag: Optional[pulumi.Input[bool]] = None,
45
- enforce_hostnames: Optional[pulumi.Input[bool]] = None,
46
- ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
47
- ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
48
- generate_lease: Optional[pulumi.Input[bool]] = None,
49
- issuer_ref: Optional[pulumi.Input[str]] = None,
50
- key_bits: Optional[pulumi.Input[int]] = None,
51
- key_type: Optional[pulumi.Input[str]] = None,
52
- key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
53
- localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
54
- max_ttl: Optional[pulumi.Input[str]] = None,
55
- name: Optional[pulumi.Input[str]] = None,
56
- namespace: Optional[pulumi.Input[str]] = None,
57
- no_store: Optional[pulumi.Input[bool]] = None,
58
- not_before_duration: Optional[pulumi.Input[str]] = None,
59
- organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
60
- organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
+ backend: pulumi.Input[builtins.str],
26
+ allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
27
+ allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
28
+ allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
29
+ allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
30
+ allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
31
+ allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
32
+ allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
33
+ allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
34
+ allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
35
+ allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
36
+ allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
37
+ allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
38
+ allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
39
+ allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
40
+ basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
41
+ client_flag: Optional[pulumi.Input[builtins.bool]] = None,
42
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
43
+ code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
44
+ countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
45
+ email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
46
+ enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
47
+ ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
48
+ ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
49
+ generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
50
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
51
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
52
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
53
+ key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
54
+ localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
55
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
56
+ name: Optional[pulumi.Input[builtins.str]] = None,
57
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
58
+ no_store: Optional[pulumi.Input[builtins.bool]] = None,
59
+ no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
60
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
61
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
62
+ organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
63
+ organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
61
64
  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
62
- policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
63
- postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
64
- provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
65
- require_cn: Optional[pulumi.Input[bool]] = None,
66
- server_flag: Optional[pulumi.Input[bool]] = None,
67
- street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
68
- ttl: Optional[pulumi.Input[str]] = None,
69
- use_csr_common_name: Optional[pulumi.Input[bool]] = None,
70
- use_csr_sans: Optional[pulumi.Input[bool]] = None):
65
+ policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
66
+ postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
67
+ provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
68
+ require_cn: Optional[pulumi.Input[builtins.bool]] = None,
69
+ serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
70
+ server_flag: Optional[pulumi.Input[builtins.bool]] = None,
71
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
72
+ street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
73
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
74
+ use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
75
+ use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
76
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None):
71
77
  """
72
78
  The set of arguments for constructing a SecretBackendRole resource.
73
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
74
- :param pulumi.Input[bool] allow_any_name: Flag to allow any name
75
- :param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
76
- :param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
77
- :param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
78
- :param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
79
- :param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
80
- :param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
81
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
82
- :param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
83
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
84
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
85
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
86
- :param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
87
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
88
- :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
89
- :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
90
- :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
91
- :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
92
- :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
93
- :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
94
- :param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
95
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
96
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
97
- :param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
98
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
79
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
80
+ :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
81
+ :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
82
+ :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
83
+ :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
84
+ :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
85
+ :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
86
+ :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
87
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
88
+ :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
89
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
90
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
91
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
92
+ :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
93
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
94
+ :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
95
+ :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
96
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
97
+ :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
98
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
99
+ :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
100
+ :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
101
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
102
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
103
+ :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
104
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
99
105
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
100
106
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
101
107
  overriding the role's `issuer_ref` value.
102
- :param pulumi.Input[int] key_bits: The number of bits of generated keys
103
- :param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
108
+ :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
109
+ :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
104
110
  Defaults to `rsa`
105
- :param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
111
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
106
112
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
107
113
  To specify no default key usage constraints, set this to an empty list `[]`.
108
- :param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
109
- :param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
110
- :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
111
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
114
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
115
+ :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
116
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
117
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
112
118
  The value should not contain leading or trailing forward slashes.
113
119
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
114
120
  *Available only for Vault Enterprise*.
115
- :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
116
- :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
117
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
118
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
121
+ :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
122
+ :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
123
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
124
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
125
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
126
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
119
127
  :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
120
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
121
- :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
122
- :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
123
- :param pulumi.Input[bool] require_cn: Flag to force CN usage
124
- :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
125
- :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
126
- :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
127
- :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
128
- :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
128
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
129
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
130
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
131
+ :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
132
+ :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
133
+
134
+ Example usage:
135
+ :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
136
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
137
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
138
+ :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
139
+ :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
140
+ :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
141
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
129
142
  """
130
143
  pulumi.set(__self__, "backend", backend)
131
144
  if allow_any_name is not None:
@@ -194,6 +207,10 @@ class SecretBackendRoleArgs:
194
207
  pulumi.set(__self__, "namespace", namespace)
195
208
  if no_store is not None:
196
209
  pulumi.set(__self__, "no_store", no_store)
210
+ if no_store_metadata is not None:
211
+ pulumi.set(__self__, "no_store_metadata", no_store_metadata)
212
+ if not_after is not None:
213
+ pulumi.set(__self__, "not_after", not_after)
197
214
  if not_before_duration is not None:
198
215
  pulumi.set(__self__, "not_before_duration", not_before_duration)
199
216
  if organization_unit is not None:
@@ -210,8 +227,12 @@ class SecretBackendRoleArgs:
210
227
  pulumi.set(__self__, "provinces", provinces)
211
228
  if require_cn is not None:
212
229
  pulumi.set(__self__, "require_cn", require_cn)
230
+ if serial_number_source is not None:
231
+ pulumi.set(__self__, "serial_number_source", serial_number_source)
213
232
  if server_flag is not None:
214
233
  pulumi.set(__self__, "server_flag", server_flag)
234
+ if signature_bits is not None:
235
+ pulumi.set(__self__, "signature_bits", signature_bits)
215
236
  if street_addresses is not None:
216
237
  pulumi.set(__self__, "street_addresses", street_addresses)
217
238
  if ttl is not None:
@@ -220,310 +241,312 @@ class SecretBackendRoleArgs:
220
241
  pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
221
242
  if use_csr_sans is not None:
222
243
  pulumi.set(__self__, "use_csr_sans", use_csr_sans)
244
+ if use_pss is not None:
245
+ pulumi.set(__self__, "use_pss", use_pss)
223
246
 
224
247
  @property
225
248
  @pulumi.getter
226
- def backend(self) -> pulumi.Input[str]:
249
+ def backend(self) -> pulumi.Input[builtins.str]:
227
250
  """
228
251
  The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
229
252
  """
230
253
  return pulumi.get(self, "backend")
231
254
 
232
255
  @backend.setter
233
- def backend(self, value: pulumi.Input[str]):
256
+ def backend(self, value: pulumi.Input[builtins.str]):
234
257
  pulumi.set(self, "backend", value)
235
258
 
236
259
  @property
237
260
  @pulumi.getter(name="allowAnyName")
238
- def allow_any_name(self) -> Optional[pulumi.Input[bool]]:
261
+ def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
239
262
  """
240
263
  Flag to allow any name
241
264
  """
242
265
  return pulumi.get(self, "allow_any_name")
243
266
 
244
267
  @allow_any_name.setter
245
- def allow_any_name(self, value: Optional[pulumi.Input[bool]]):
268
+ def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
246
269
  pulumi.set(self, "allow_any_name", value)
247
270
 
248
271
  @property
249
272
  @pulumi.getter(name="allowBareDomains")
250
- def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
273
+ def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
251
274
  """
252
275
  Flag to allow certificates matching the actual domain
253
276
  """
254
277
  return pulumi.get(self, "allow_bare_domains")
255
278
 
256
279
  @allow_bare_domains.setter
257
- def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
280
+ def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
258
281
  pulumi.set(self, "allow_bare_domains", value)
259
282
 
260
283
  @property
261
284
  @pulumi.getter(name="allowGlobDomains")
262
- def allow_glob_domains(self) -> Optional[pulumi.Input[bool]]:
285
+ def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
263
286
  """
264
287
  Flag to allow names containing glob patterns.
265
288
  """
266
289
  return pulumi.get(self, "allow_glob_domains")
267
290
 
268
291
  @allow_glob_domains.setter
269
- def allow_glob_domains(self, value: Optional[pulumi.Input[bool]]):
292
+ def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
270
293
  pulumi.set(self, "allow_glob_domains", value)
271
294
 
272
295
  @property
273
296
  @pulumi.getter(name="allowIpSans")
274
- def allow_ip_sans(self) -> Optional[pulumi.Input[bool]]:
297
+ def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
275
298
  """
276
299
  Flag to allow IP SANs
277
300
  """
278
301
  return pulumi.get(self, "allow_ip_sans")
279
302
 
280
303
  @allow_ip_sans.setter
281
- def allow_ip_sans(self, value: Optional[pulumi.Input[bool]]):
304
+ def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
282
305
  pulumi.set(self, "allow_ip_sans", value)
283
306
 
284
307
  @property
285
308
  @pulumi.getter(name="allowLocalhost")
286
- def allow_localhost(self) -> Optional[pulumi.Input[bool]]:
309
+ def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
287
310
  """
288
311
  Flag to allow certificates for localhost
289
312
  """
290
313
  return pulumi.get(self, "allow_localhost")
291
314
 
292
315
  @allow_localhost.setter
293
- def allow_localhost(self, value: Optional[pulumi.Input[bool]]):
316
+ def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
294
317
  pulumi.set(self, "allow_localhost", value)
295
318
 
296
319
  @property
297
320
  @pulumi.getter(name="allowSubdomains")
298
- def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
321
+ def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
299
322
  """
300
323
  Flag to allow certificates matching subdomains
301
324
  """
302
325
  return pulumi.get(self, "allow_subdomains")
303
326
 
304
327
  @allow_subdomains.setter
305
- def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
328
+ def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
306
329
  pulumi.set(self, "allow_subdomains", value)
307
330
 
308
331
  @property
309
332
  @pulumi.getter(name="allowWildcardCertificates")
310
- def allow_wildcard_certificates(self) -> Optional[pulumi.Input[bool]]:
333
+ def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
311
334
  """
312
335
  Flag to allow wildcard certificates.
313
336
  """
314
337
  return pulumi.get(self, "allow_wildcard_certificates")
315
338
 
316
339
  @allow_wildcard_certificates.setter
317
- def allow_wildcard_certificates(self, value: Optional[pulumi.Input[bool]]):
340
+ def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
318
341
  pulumi.set(self, "allow_wildcard_certificates", value)
319
342
 
320
343
  @property
321
344
  @pulumi.getter(name="allowedDomains")
322
- def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
345
+ def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
323
346
  """
324
347
  List of allowed domains for certificates
325
348
  """
326
349
  return pulumi.get(self, "allowed_domains")
327
350
 
328
351
  @allowed_domains.setter
329
- def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
352
+ def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
330
353
  pulumi.set(self, "allowed_domains", value)
331
354
 
332
355
  @property
333
356
  @pulumi.getter(name="allowedDomainsTemplate")
334
- def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
357
+ def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
335
358
  """
336
359
  Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
337
360
  """
338
361
  return pulumi.get(self, "allowed_domains_template")
339
362
 
340
363
  @allowed_domains_template.setter
341
- def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
364
+ def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
342
365
  pulumi.set(self, "allowed_domains_template", value)
343
366
 
344
367
  @property
345
368
  @pulumi.getter(name="allowedOtherSans")
346
- def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
369
+ def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
347
370
  """
348
371
  Defines allowed custom SANs
349
372
  """
350
373
  return pulumi.get(self, "allowed_other_sans")
351
374
 
352
375
  @allowed_other_sans.setter
353
- def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
376
+ def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
354
377
  pulumi.set(self, "allowed_other_sans", value)
355
378
 
356
379
  @property
357
380
  @pulumi.getter(name="allowedSerialNumbers")
358
- def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
381
+ def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
359
382
  """
360
383
  An array of allowed serial numbers to put in Subject
361
384
  """
362
385
  return pulumi.get(self, "allowed_serial_numbers")
363
386
 
364
387
  @allowed_serial_numbers.setter
365
- def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
388
+ def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
366
389
  pulumi.set(self, "allowed_serial_numbers", value)
367
390
 
368
391
  @property
369
392
  @pulumi.getter(name="allowedUriSans")
370
- def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
393
+ def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
371
394
  """
372
395
  Defines allowed URI SANs
373
396
  """
374
397
  return pulumi.get(self, "allowed_uri_sans")
375
398
 
376
399
  @allowed_uri_sans.setter
377
- def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
400
+ def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
378
401
  pulumi.set(self, "allowed_uri_sans", value)
379
402
 
380
403
  @property
381
404
  @pulumi.getter(name="allowedUriSansTemplate")
382
- def allowed_uri_sans_template(self) -> Optional[pulumi.Input[bool]]:
405
+ def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
383
406
  """
384
407
  Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
385
408
  """
386
409
  return pulumi.get(self, "allowed_uri_sans_template")
387
410
 
388
411
  @allowed_uri_sans_template.setter
389
- def allowed_uri_sans_template(self, value: Optional[pulumi.Input[bool]]):
412
+ def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
390
413
  pulumi.set(self, "allowed_uri_sans_template", value)
391
414
 
392
415
  @property
393
416
  @pulumi.getter(name="allowedUserIds")
394
- def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
417
+ def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
395
418
  """
396
419
  Defines allowed User IDs
397
420
  """
398
421
  return pulumi.get(self, "allowed_user_ids")
399
422
 
400
423
  @allowed_user_ids.setter
401
- def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
424
+ def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
402
425
  pulumi.set(self, "allowed_user_ids", value)
403
426
 
404
427
  @property
405
428
  @pulumi.getter(name="basicConstraintsValidForNonCa")
406
- def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[bool]]:
429
+ def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
407
430
  """
408
431
  Flag to mark basic constraints valid when issuing non-CA certificates
409
432
  """
410
433
  return pulumi.get(self, "basic_constraints_valid_for_non_ca")
411
434
 
412
435
  @basic_constraints_valid_for_non_ca.setter
413
- def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[bool]]):
436
+ def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
414
437
  pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
415
438
 
416
439
  @property
417
440
  @pulumi.getter(name="clientFlag")
418
- def client_flag(self) -> Optional[pulumi.Input[bool]]:
441
+ def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
419
442
  """
420
443
  Flag to specify certificates for client use
421
444
  """
422
445
  return pulumi.get(self, "client_flag")
423
446
 
424
447
  @client_flag.setter
425
- def client_flag(self, value: Optional[pulumi.Input[bool]]):
448
+ def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
426
449
  pulumi.set(self, "client_flag", value)
427
450
 
428
451
  @property
429
452
  @pulumi.getter(name="cnValidations")
430
- def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
453
+ def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
431
454
  """
432
455
  Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
433
456
  """
434
457
  return pulumi.get(self, "cn_validations")
435
458
 
436
459
  @cn_validations.setter
437
- def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
460
+ def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
438
461
  pulumi.set(self, "cn_validations", value)
439
462
 
440
463
  @property
441
464
  @pulumi.getter(name="codeSigningFlag")
442
- def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
465
+ def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
443
466
  """
444
467
  Flag to specify certificates for code signing use
445
468
  """
446
469
  return pulumi.get(self, "code_signing_flag")
447
470
 
448
471
  @code_signing_flag.setter
449
- def code_signing_flag(self, value: Optional[pulumi.Input[bool]]):
472
+ def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
450
473
  pulumi.set(self, "code_signing_flag", value)
451
474
 
452
475
  @property
453
476
  @pulumi.getter
454
- def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
477
+ def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
455
478
  """
456
479
  The country of generated certificates
457
480
  """
458
481
  return pulumi.get(self, "countries")
459
482
 
460
483
  @countries.setter
461
- def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
484
+ def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
462
485
  pulumi.set(self, "countries", value)
463
486
 
464
487
  @property
465
488
  @pulumi.getter(name="emailProtectionFlag")
466
- def email_protection_flag(self) -> Optional[pulumi.Input[bool]]:
489
+ def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
467
490
  """
468
491
  Flag to specify certificates for email protection use
469
492
  """
470
493
  return pulumi.get(self, "email_protection_flag")
471
494
 
472
495
  @email_protection_flag.setter
473
- def email_protection_flag(self, value: Optional[pulumi.Input[bool]]):
496
+ def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
474
497
  pulumi.set(self, "email_protection_flag", value)
475
498
 
476
499
  @property
477
500
  @pulumi.getter(name="enforceHostnames")
478
- def enforce_hostnames(self) -> Optional[pulumi.Input[bool]]:
501
+ def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
479
502
  """
480
503
  Flag to allow only valid host names
481
504
  """
482
505
  return pulumi.get(self, "enforce_hostnames")
483
506
 
484
507
  @enforce_hostnames.setter
485
- def enforce_hostnames(self, value: Optional[pulumi.Input[bool]]):
508
+ def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
486
509
  pulumi.set(self, "enforce_hostnames", value)
487
510
 
488
511
  @property
489
512
  @pulumi.getter(name="extKeyUsageOids")
490
- def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
513
+ def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
491
514
  """
492
515
  Specify the allowed extended key usage OIDs constraint on issued certificates
493
516
  """
494
517
  return pulumi.get(self, "ext_key_usage_oids")
495
518
 
496
519
  @ext_key_usage_oids.setter
497
- def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
520
+ def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
498
521
  pulumi.set(self, "ext_key_usage_oids", value)
499
522
 
500
523
  @property
501
524
  @pulumi.getter(name="extKeyUsages")
502
- def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
525
+ def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
503
526
  """
504
527
  Specify the allowed extended key usage constraint on issued certificates
505
528
  """
506
529
  return pulumi.get(self, "ext_key_usages")
507
530
 
508
531
  @ext_key_usages.setter
509
- def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
532
+ def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
510
533
  pulumi.set(self, "ext_key_usages", value)
511
534
 
512
535
  @property
513
536
  @pulumi.getter(name="generateLease")
514
- def generate_lease(self) -> Optional[pulumi.Input[bool]]:
537
+ def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
515
538
  """
516
539
  Flag to generate leases with certificates
517
540
  """
518
541
  return pulumi.get(self, "generate_lease")
519
542
 
520
543
  @generate_lease.setter
521
- def generate_lease(self, value: Optional[pulumi.Input[bool]]):
544
+ def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
522
545
  pulumi.set(self, "generate_lease", value)
523
546
 
524
547
  @property
525
548
  @pulumi.getter(name="issuerRef")
526
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
549
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
527
550
  """
528
551
  Specifies the default issuer of this request. May
529
552
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -533,24 +556,24 @@ class SecretBackendRoleArgs:
533
556
  return pulumi.get(self, "issuer_ref")
534
557
 
535
558
  @issuer_ref.setter
536
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
559
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
537
560
  pulumi.set(self, "issuer_ref", value)
538
561
 
539
562
  @property
540
563
  @pulumi.getter(name="keyBits")
541
- def key_bits(self) -> Optional[pulumi.Input[int]]:
564
+ def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
542
565
  """
543
566
  The number of bits of generated keys
544
567
  """
545
568
  return pulumi.get(self, "key_bits")
546
569
 
547
570
  @key_bits.setter
548
- def key_bits(self, value: Optional[pulumi.Input[int]]):
571
+ def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
549
572
  pulumi.set(self, "key_bits", value)
550
573
 
551
574
  @property
552
575
  @pulumi.getter(name="keyType")
553
- def key_type(self) -> Optional[pulumi.Input[str]]:
576
+ def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
554
577
  """
555
578
  The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
556
579
  Defaults to `rsa`
@@ -558,12 +581,12 @@ class SecretBackendRoleArgs:
558
581
  return pulumi.get(self, "key_type")
559
582
 
560
583
  @key_type.setter
561
- def key_type(self, value: Optional[pulumi.Input[str]]):
584
+ def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
562
585
  pulumi.set(self, "key_type", value)
563
586
 
564
587
  @property
565
588
  @pulumi.getter(name="keyUsages")
566
- def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
589
+ def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
567
590
  """
568
591
  Specify the allowed key usage constraint on issued
569
592
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
@@ -572,48 +595,48 @@ class SecretBackendRoleArgs:
572
595
  return pulumi.get(self, "key_usages")
573
596
 
574
597
  @key_usages.setter
575
- def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
598
+ def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
576
599
  pulumi.set(self, "key_usages", value)
577
600
 
578
601
  @property
579
602
  @pulumi.getter
580
- def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
603
+ def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
581
604
  """
582
605
  The locality of generated certificates
583
606
  """
584
607
  return pulumi.get(self, "localities")
585
608
 
586
609
  @localities.setter
587
- def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
610
+ def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
588
611
  pulumi.set(self, "localities", value)
589
612
 
590
613
  @property
591
614
  @pulumi.getter(name="maxTtl")
592
- def max_ttl(self) -> Optional[pulumi.Input[str]]:
615
+ def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
593
616
  """
594
617
  The maximum lease TTL, in seconds, for the role.
595
618
  """
596
619
  return pulumi.get(self, "max_ttl")
597
620
 
598
621
  @max_ttl.setter
599
- def max_ttl(self, value: Optional[pulumi.Input[str]]):
622
+ def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
600
623
  pulumi.set(self, "max_ttl", value)
601
624
 
602
625
  @property
603
626
  @pulumi.getter
604
- def name(self) -> Optional[pulumi.Input[str]]:
627
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
605
628
  """
606
629
  The name to identify this role within the backend. Must be unique within the backend.
607
630
  """
608
631
  return pulumi.get(self, "name")
609
632
 
610
633
  @name.setter
611
- def name(self, value: Optional[pulumi.Input[str]]):
634
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
612
635
  pulumi.set(self, "name", value)
613
636
 
614
637
  @property
615
638
  @pulumi.getter
616
- def namespace(self) -> Optional[pulumi.Input[str]]:
639
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
617
640
  """
618
641
  The namespace to provision the resource in.
619
642
  The value should not contain leading or trailing forward slashes.
@@ -623,55 +646,79 @@ class SecretBackendRoleArgs:
623
646
  return pulumi.get(self, "namespace")
624
647
 
625
648
  @namespace.setter
626
- def namespace(self, value: Optional[pulumi.Input[str]]):
649
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
627
650
  pulumi.set(self, "namespace", value)
628
651
 
629
652
  @property
630
653
  @pulumi.getter(name="noStore")
631
- def no_store(self) -> Optional[pulumi.Input[bool]]:
654
+ def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
632
655
  """
633
656
  Flag to not store certificates in the storage backend
634
657
  """
635
658
  return pulumi.get(self, "no_store")
636
659
 
637
660
  @no_store.setter
638
- def no_store(self, value: Optional[pulumi.Input[bool]]):
661
+ def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
639
662
  pulumi.set(self, "no_store", value)
640
663
 
664
+ @property
665
+ @pulumi.getter(name="noStoreMetadata")
666
+ def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
667
+ """
668
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
669
+ """
670
+ return pulumi.get(self, "no_store_metadata")
671
+
672
+ @no_store_metadata.setter
673
+ def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
674
+ pulumi.set(self, "no_store_metadata", value)
675
+
676
+ @property
677
+ @pulumi.getter(name="notAfter")
678
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
679
+ """
680
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
681
+ """
682
+ return pulumi.get(self, "not_after")
683
+
684
+ @not_after.setter
685
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
686
+ pulumi.set(self, "not_after", value)
687
+
641
688
  @property
642
689
  @pulumi.getter(name="notBeforeDuration")
643
- def not_before_duration(self) -> Optional[pulumi.Input[str]]:
690
+ def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
644
691
  """
645
692
  Specifies the duration by which to backdate the NotBefore property.
646
693
  """
647
694
  return pulumi.get(self, "not_before_duration")
648
695
 
649
696
  @not_before_duration.setter
650
- def not_before_duration(self, value: Optional[pulumi.Input[str]]):
697
+ def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
651
698
  pulumi.set(self, "not_before_duration", value)
652
699
 
653
700
  @property
654
701
  @pulumi.getter(name="organizationUnit")
655
- def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
702
+ def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
656
703
  """
657
704
  The organization unit of generated certificates
658
705
  """
659
706
  return pulumi.get(self, "organization_unit")
660
707
 
661
708
  @organization_unit.setter
662
- def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
709
+ def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
663
710
  pulumi.set(self, "organization_unit", value)
664
711
 
665
712
  @property
666
713
  @pulumi.getter
667
- def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
714
+ def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
668
715
  """
669
716
  The organization of generated certificates
670
717
  """
671
718
  return pulumi.get(self, "organizations")
672
719
 
673
720
  @organizations.setter
674
- def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
721
+ def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
675
722
  pulumi.set(self, "organizations", value)
676
723
 
677
724
  @property
@@ -688,221 +735,271 @@ class SecretBackendRoleArgs:
688
735
 
689
736
  @property
690
737
  @pulumi.getter(name="policyIdentifiers")
691
- def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
738
+ def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
692
739
  """
693
740
  Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
694
741
  """
695
742
  return pulumi.get(self, "policy_identifiers")
696
743
 
697
744
  @policy_identifiers.setter
698
- def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
745
+ def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
699
746
  pulumi.set(self, "policy_identifiers", value)
700
747
 
701
748
  @property
702
749
  @pulumi.getter(name="postalCodes")
703
- def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
750
+ def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
704
751
  """
705
752
  The postal code of generated certificates
706
753
  """
707
754
  return pulumi.get(self, "postal_codes")
708
755
 
709
756
  @postal_codes.setter
710
- def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
757
+ def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
711
758
  pulumi.set(self, "postal_codes", value)
712
759
 
713
760
  @property
714
761
  @pulumi.getter
715
- def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
762
+ def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
716
763
  """
717
764
  The province of generated certificates
718
765
  """
719
766
  return pulumi.get(self, "provinces")
720
767
 
721
768
  @provinces.setter
722
- def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
769
+ def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
723
770
  pulumi.set(self, "provinces", value)
724
771
 
725
772
  @property
726
773
  @pulumi.getter(name="requireCn")
727
- def require_cn(self) -> Optional[pulumi.Input[bool]]:
774
+ def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
728
775
  """
729
776
  Flag to force CN usage
730
777
  """
731
778
  return pulumi.get(self, "require_cn")
732
779
 
733
780
  @require_cn.setter
734
- def require_cn(self, value: Optional[pulumi.Input[bool]]):
781
+ def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
735
782
  pulumi.set(self, "require_cn", value)
736
783
 
784
+ @property
785
+ @pulumi.getter(name="serialNumberSource")
786
+ def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
787
+ """
788
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
789
+
790
+ Example usage:
791
+ """
792
+ return pulumi.get(self, "serial_number_source")
793
+
794
+ @serial_number_source.setter
795
+ def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
796
+ pulumi.set(self, "serial_number_source", value)
797
+
737
798
  @property
738
799
  @pulumi.getter(name="serverFlag")
739
- def server_flag(self) -> Optional[pulumi.Input[bool]]:
800
+ def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
740
801
  """
741
802
  Flag to specify certificates for server use
742
803
  """
743
804
  return pulumi.get(self, "server_flag")
744
805
 
745
806
  @server_flag.setter
746
- def server_flag(self, value: Optional[pulumi.Input[bool]]):
807
+ def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
747
808
  pulumi.set(self, "server_flag", value)
748
809
 
810
+ @property
811
+ @pulumi.getter(name="signatureBits")
812
+ def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
813
+ """
814
+ The number of bits to use in the signature algorithm
815
+ """
816
+ return pulumi.get(self, "signature_bits")
817
+
818
+ @signature_bits.setter
819
+ def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
820
+ pulumi.set(self, "signature_bits", value)
821
+
749
822
  @property
750
823
  @pulumi.getter(name="streetAddresses")
751
- def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
824
+ def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
752
825
  """
753
826
  The street address of generated certificates
754
827
  """
755
828
  return pulumi.get(self, "street_addresses")
756
829
 
757
830
  @street_addresses.setter
758
- def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
831
+ def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
759
832
  pulumi.set(self, "street_addresses", value)
760
833
 
761
834
  @property
762
835
  @pulumi.getter
763
- def ttl(self) -> Optional[pulumi.Input[str]]:
836
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
764
837
  """
765
838
  The TTL, in seconds, for any certificate issued against this role.
766
839
  """
767
840
  return pulumi.get(self, "ttl")
768
841
 
769
842
  @ttl.setter
770
- def ttl(self, value: Optional[pulumi.Input[str]]):
843
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
771
844
  pulumi.set(self, "ttl", value)
772
845
 
773
846
  @property
774
847
  @pulumi.getter(name="useCsrCommonName")
775
- def use_csr_common_name(self) -> Optional[pulumi.Input[bool]]:
848
+ def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
776
849
  """
777
850
  Flag to use the CN in the CSR
778
851
  """
779
852
  return pulumi.get(self, "use_csr_common_name")
780
853
 
781
854
  @use_csr_common_name.setter
782
- def use_csr_common_name(self, value: Optional[pulumi.Input[bool]]):
855
+ def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
783
856
  pulumi.set(self, "use_csr_common_name", value)
784
857
 
785
858
  @property
786
859
  @pulumi.getter(name="useCsrSans")
787
- def use_csr_sans(self) -> Optional[pulumi.Input[bool]]:
860
+ def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
788
861
  """
789
862
  Flag to use the SANs in the CSR
790
863
  """
791
864
  return pulumi.get(self, "use_csr_sans")
792
865
 
793
866
  @use_csr_sans.setter
794
- def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
867
+ def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
795
868
  pulumi.set(self, "use_csr_sans", value)
796
869
 
870
+ @property
871
+ @pulumi.getter(name="usePss")
872
+ def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
873
+ """
874
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
875
+ """
876
+ return pulumi.get(self, "use_pss")
877
+
878
+ @use_pss.setter
879
+ def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
880
+ pulumi.set(self, "use_pss", value)
881
+
797
882
 
798
883
  @pulumi.input_type
799
884
  class _SecretBackendRoleState:
800
885
  def __init__(__self__, *,
801
- allow_any_name: Optional[pulumi.Input[bool]] = None,
802
- allow_bare_domains: Optional[pulumi.Input[bool]] = None,
803
- allow_glob_domains: Optional[pulumi.Input[bool]] = None,
804
- allow_ip_sans: Optional[pulumi.Input[bool]] = None,
805
- allow_localhost: Optional[pulumi.Input[bool]] = None,
806
- allow_subdomains: Optional[pulumi.Input[bool]] = None,
807
- allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
808
- allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
809
- allowed_domains_template: Optional[pulumi.Input[bool]] = None,
810
- allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
811
- allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
812
- allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
813
- allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
814
- allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
815
- backend: Optional[pulumi.Input[str]] = None,
816
- basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
817
- client_flag: Optional[pulumi.Input[bool]] = None,
818
- cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
819
- code_signing_flag: Optional[pulumi.Input[bool]] = None,
820
- countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
821
- email_protection_flag: Optional[pulumi.Input[bool]] = None,
822
- enforce_hostnames: Optional[pulumi.Input[bool]] = None,
823
- ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
824
- ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
825
- generate_lease: Optional[pulumi.Input[bool]] = None,
826
- issuer_ref: Optional[pulumi.Input[str]] = None,
827
- key_bits: Optional[pulumi.Input[int]] = None,
828
- key_type: Optional[pulumi.Input[str]] = None,
829
- key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
830
- localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
831
- max_ttl: Optional[pulumi.Input[str]] = None,
832
- name: Optional[pulumi.Input[str]] = None,
833
- namespace: Optional[pulumi.Input[str]] = None,
834
- no_store: Optional[pulumi.Input[bool]] = None,
835
- not_before_duration: Optional[pulumi.Input[str]] = None,
836
- organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
837
- organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
886
+ allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
887
+ allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
888
+ allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
889
+ allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
890
+ allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
891
+ allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
892
+ allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
893
+ allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
894
+ allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
895
+ allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
896
+ allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
897
+ allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
898
+ allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
899
+ allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
900
+ backend: Optional[pulumi.Input[builtins.str]] = None,
901
+ basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
902
+ client_flag: Optional[pulumi.Input[builtins.bool]] = None,
903
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
904
+ code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
905
+ countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
906
+ email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
907
+ enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
908
+ ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
909
+ ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
910
+ generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
911
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
912
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
913
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
914
+ key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
915
+ localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
916
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
917
+ name: Optional[pulumi.Input[builtins.str]] = None,
918
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
919
+ no_store: Optional[pulumi.Input[builtins.bool]] = None,
920
+ no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
921
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
922
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
923
+ organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
924
+ organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
838
925
  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
839
- policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
840
- postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
841
- provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
842
- require_cn: Optional[pulumi.Input[bool]] = None,
843
- server_flag: Optional[pulumi.Input[bool]] = None,
844
- street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
845
- ttl: Optional[pulumi.Input[str]] = None,
846
- use_csr_common_name: Optional[pulumi.Input[bool]] = None,
847
- use_csr_sans: Optional[pulumi.Input[bool]] = None):
926
+ policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
927
+ postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
928
+ provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
929
+ require_cn: Optional[pulumi.Input[builtins.bool]] = None,
930
+ serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
931
+ server_flag: Optional[pulumi.Input[builtins.bool]] = None,
932
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
933
+ street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
934
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
935
+ use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
936
+ use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
937
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None):
848
938
  """
849
939
  Input properties used for looking up and filtering SecretBackendRole resources.
850
- :param pulumi.Input[bool] allow_any_name: Flag to allow any name
851
- :param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
852
- :param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
853
- :param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
854
- :param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
855
- :param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
856
- :param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
857
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
858
- :param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
859
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
860
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
861
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
862
- :param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
863
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
864
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
865
- :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
866
- :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
867
- :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
868
- :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
869
- :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
870
- :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
871
- :param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
872
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
873
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
874
- :param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
875
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
940
+ :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
941
+ :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
942
+ :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
943
+ :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
944
+ :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
945
+ :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
946
+ :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
947
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
948
+ :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
949
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
950
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
951
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
952
+ :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
953
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
954
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
955
+ :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
956
+ :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
957
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
958
+ :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
959
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
960
+ :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
961
+ :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
962
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
963
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
964
+ :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
965
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
876
966
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
877
967
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
878
968
  overriding the role's `issuer_ref` value.
879
- :param pulumi.Input[int] key_bits: The number of bits of generated keys
880
- :param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
969
+ :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
970
+ :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
881
971
  Defaults to `rsa`
882
- :param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
972
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
883
973
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
884
974
  To specify no default key usage constraints, set this to an empty list `[]`.
885
- :param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
886
- :param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
887
- :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
888
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
975
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
976
+ :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
977
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
978
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
889
979
  The value should not contain leading or trailing forward slashes.
890
980
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
891
981
  *Available only for Vault Enterprise*.
892
- :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
893
- :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
894
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
895
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
982
+ :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
983
+ :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
984
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
985
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
986
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
987
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
896
988
  :param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
897
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
898
- :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
899
- :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
900
- :param pulumi.Input[bool] require_cn: Flag to force CN usage
901
- :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
902
- :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
903
- :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
904
- :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
905
- :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
989
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
990
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
991
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
992
+ :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
993
+ :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
994
+
995
+ Example usage:
996
+ :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
997
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
998
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
999
+ :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
1000
+ :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
1001
+ :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
1002
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
906
1003
  """
907
1004
  if allow_any_name is not None:
908
1005
  pulumi.set(__self__, "allow_any_name", allow_any_name)
@@ -972,6 +1069,10 @@ class _SecretBackendRoleState:
972
1069
  pulumi.set(__self__, "namespace", namespace)
973
1070
  if no_store is not None:
974
1071
  pulumi.set(__self__, "no_store", no_store)
1072
+ if no_store_metadata is not None:
1073
+ pulumi.set(__self__, "no_store_metadata", no_store_metadata)
1074
+ if not_after is not None:
1075
+ pulumi.set(__self__, "not_after", not_after)
975
1076
  if not_before_duration is not None:
976
1077
  pulumi.set(__self__, "not_before_duration", not_before_duration)
977
1078
  if organization_unit is not None:
@@ -988,8 +1089,12 @@ class _SecretBackendRoleState:
988
1089
  pulumi.set(__self__, "provinces", provinces)
989
1090
  if require_cn is not None:
990
1091
  pulumi.set(__self__, "require_cn", require_cn)
1092
+ if serial_number_source is not None:
1093
+ pulumi.set(__self__, "serial_number_source", serial_number_source)
991
1094
  if server_flag is not None:
992
1095
  pulumi.set(__self__, "server_flag", server_flag)
1096
+ if signature_bits is not None:
1097
+ pulumi.set(__self__, "signature_bits", signature_bits)
993
1098
  if street_addresses is not None:
994
1099
  pulumi.set(__self__, "street_addresses", street_addresses)
995
1100
  if ttl is not None:
@@ -998,310 +1103,312 @@ class _SecretBackendRoleState:
998
1103
  pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
999
1104
  if use_csr_sans is not None:
1000
1105
  pulumi.set(__self__, "use_csr_sans", use_csr_sans)
1106
+ if use_pss is not None:
1107
+ pulumi.set(__self__, "use_pss", use_pss)
1001
1108
 
1002
1109
  @property
1003
1110
  @pulumi.getter(name="allowAnyName")
1004
- def allow_any_name(self) -> Optional[pulumi.Input[bool]]:
1111
+ def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
1005
1112
  """
1006
1113
  Flag to allow any name
1007
1114
  """
1008
1115
  return pulumi.get(self, "allow_any_name")
1009
1116
 
1010
1117
  @allow_any_name.setter
1011
- def allow_any_name(self, value: Optional[pulumi.Input[bool]]):
1118
+ def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
1012
1119
  pulumi.set(self, "allow_any_name", value)
1013
1120
 
1014
1121
  @property
1015
1122
  @pulumi.getter(name="allowBareDomains")
1016
- def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
1123
+ def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
1017
1124
  """
1018
1125
  Flag to allow certificates matching the actual domain
1019
1126
  """
1020
1127
  return pulumi.get(self, "allow_bare_domains")
1021
1128
 
1022
1129
  @allow_bare_domains.setter
1023
- def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
1130
+ def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
1024
1131
  pulumi.set(self, "allow_bare_domains", value)
1025
1132
 
1026
1133
  @property
1027
1134
  @pulumi.getter(name="allowGlobDomains")
1028
- def allow_glob_domains(self) -> Optional[pulumi.Input[bool]]:
1135
+ def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
1029
1136
  """
1030
1137
  Flag to allow names containing glob patterns.
1031
1138
  """
1032
1139
  return pulumi.get(self, "allow_glob_domains")
1033
1140
 
1034
1141
  @allow_glob_domains.setter
1035
- def allow_glob_domains(self, value: Optional[pulumi.Input[bool]]):
1142
+ def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
1036
1143
  pulumi.set(self, "allow_glob_domains", value)
1037
1144
 
1038
1145
  @property
1039
1146
  @pulumi.getter(name="allowIpSans")
1040
- def allow_ip_sans(self) -> Optional[pulumi.Input[bool]]:
1147
+ def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
1041
1148
  """
1042
1149
  Flag to allow IP SANs
1043
1150
  """
1044
1151
  return pulumi.get(self, "allow_ip_sans")
1045
1152
 
1046
1153
  @allow_ip_sans.setter
1047
- def allow_ip_sans(self, value: Optional[pulumi.Input[bool]]):
1154
+ def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
1048
1155
  pulumi.set(self, "allow_ip_sans", value)
1049
1156
 
1050
1157
  @property
1051
1158
  @pulumi.getter(name="allowLocalhost")
1052
- def allow_localhost(self) -> Optional[pulumi.Input[bool]]:
1159
+ def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
1053
1160
  """
1054
1161
  Flag to allow certificates for localhost
1055
1162
  """
1056
1163
  return pulumi.get(self, "allow_localhost")
1057
1164
 
1058
1165
  @allow_localhost.setter
1059
- def allow_localhost(self, value: Optional[pulumi.Input[bool]]):
1166
+ def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
1060
1167
  pulumi.set(self, "allow_localhost", value)
1061
1168
 
1062
1169
  @property
1063
1170
  @pulumi.getter(name="allowSubdomains")
1064
- def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
1171
+ def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
1065
1172
  """
1066
1173
  Flag to allow certificates matching subdomains
1067
1174
  """
1068
1175
  return pulumi.get(self, "allow_subdomains")
1069
1176
 
1070
1177
  @allow_subdomains.setter
1071
- def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
1178
+ def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
1072
1179
  pulumi.set(self, "allow_subdomains", value)
1073
1180
 
1074
1181
  @property
1075
1182
  @pulumi.getter(name="allowWildcardCertificates")
1076
- def allow_wildcard_certificates(self) -> Optional[pulumi.Input[bool]]:
1183
+ def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
1077
1184
  """
1078
1185
  Flag to allow wildcard certificates.
1079
1186
  """
1080
1187
  return pulumi.get(self, "allow_wildcard_certificates")
1081
1188
 
1082
1189
  @allow_wildcard_certificates.setter
1083
- def allow_wildcard_certificates(self, value: Optional[pulumi.Input[bool]]):
1190
+ def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
1084
1191
  pulumi.set(self, "allow_wildcard_certificates", value)
1085
1192
 
1086
1193
  @property
1087
1194
  @pulumi.getter(name="allowedDomains")
1088
- def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1195
+ def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1089
1196
  """
1090
1197
  List of allowed domains for certificates
1091
1198
  """
1092
1199
  return pulumi.get(self, "allowed_domains")
1093
1200
 
1094
1201
  @allowed_domains.setter
1095
- def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1202
+ def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1096
1203
  pulumi.set(self, "allowed_domains", value)
1097
1204
 
1098
1205
  @property
1099
1206
  @pulumi.getter(name="allowedDomainsTemplate")
1100
- def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
1207
+ def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
1101
1208
  """
1102
1209
  Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1103
1210
  """
1104
1211
  return pulumi.get(self, "allowed_domains_template")
1105
1212
 
1106
1213
  @allowed_domains_template.setter
1107
- def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
1214
+ def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
1108
1215
  pulumi.set(self, "allowed_domains_template", value)
1109
1216
 
1110
1217
  @property
1111
1218
  @pulumi.getter(name="allowedOtherSans")
1112
- def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1219
+ def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1113
1220
  """
1114
1221
  Defines allowed custom SANs
1115
1222
  """
1116
1223
  return pulumi.get(self, "allowed_other_sans")
1117
1224
 
1118
1225
  @allowed_other_sans.setter
1119
- def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1226
+ def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1120
1227
  pulumi.set(self, "allowed_other_sans", value)
1121
1228
 
1122
1229
  @property
1123
1230
  @pulumi.getter(name="allowedSerialNumbers")
1124
- def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1231
+ def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1125
1232
  """
1126
1233
  An array of allowed serial numbers to put in Subject
1127
1234
  """
1128
1235
  return pulumi.get(self, "allowed_serial_numbers")
1129
1236
 
1130
1237
  @allowed_serial_numbers.setter
1131
- def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1238
+ def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1132
1239
  pulumi.set(self, "allowed_serial_numbers", value)
1133
1240
 
1134
1241
  @property
1135
1242
  @pulumi.getter(name="allowedUriSans")
1136
- def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1243
+ def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1137
1244
  """
1138
1245
  Defines allowed URI SANs
1139
1246
  """
1140
1247
  return pulumi.get(self, "allowed_uri_sans")
1141
1248
 
1142
1249
  @allowed_uri_sans.setter
1143
- def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1250
+ def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1144
1251
  pulumi.set(self, "allowed_uri_sans", value)
1145
1252
 
1146
1253
  @property
1147
1254
  @pulumi.getter(name="allowedUriSansTemplate")
1148
- def allowed_uri_sans_template(self) -> Optional[pulumi.Input[bool]]:
1255
+ def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
1149
1256
  """
1150
1257
  Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1151
1258
  """
1152
1259
  return pulumi.get(self, "allowed_uri_sans_template")
1153
1260
 
1154
1261
  @allowed_uri_sans_template.setter
1155
- def allowed_uri_sans_template(self, value: Optional[pulumi.Input[bool]]):
1262
+ def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
1156
1263
  pulumi.set(self, "allowed_uri_sans_template", value)
1157
1264
 
1158
1265
  @property
1159
1266
  @pulumi.getter(name="allowedUserIds")
1160
- def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1267
+ def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1161
1268
  """
1162
1269
  Defines allowed User IDs
1163
1270
  """
1164
1271
  return pulumi.get(self, "allowed_user_ids")
1165
1272
 
1166
1273
  @allowed_user_ids.setter
1167
- def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1274
+ def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1168
1275
  pulumi.set(self, "allowed_user_ids", value)
1169
1276
 
1170
1277
  @property
1171
1278
  @pulumi.getter
1172
- def backend(self) -> Optional[pulumi.Input[str]]:
1279
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
1173
1280
  """
1174
1281
  The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
1175
1282
  """
1176
1283
  return pulumi.get(self, "backend")
1177
1284
 
1178
1285
  @backend.setter
1179
- def backend(self, value: Optional[pulumi.Input[str]]):
1286
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
1180
1287
  pulumi.set(self, "backend", value)
1181
1288
 
1182
1289
  @property
1183
1290
  @pulumi.getter(name="basicConstraintsValidForNonCa")
1184
- def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[bool]]:
1291
+ def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
1185
1292
  """
1186
1293
  Flag to mark basic constraints valid when issuing non-CA certificates
1187
1294
  """
1188
1295
  return pulumi.get(self, "basic_constraints_valid_for_non_ca")
1189
1296
 
1190
1297
  @basic_constraints_valid_for_non_ca.setter
1191
- def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[bool]]):
1298
+ def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
1192
1299
  pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
1193
1300
 
1194
1301
  @property
1195
1302
  @pulumi.getter(name="clientFlag")
1196
- def client_flag(self) -> Optional[pulumi.Input[bool]]:
1303
+ def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
1197
1304
  """
1198
1305
  Flag to specify certificates for client use
1199
1306
  """
1200
1307
  return pulumi.get(self, "client_flag")
1201
1308
 
1202
1309
  @client_flag.setter
1203
- def client_flag(self, value: Optional[pulumi.Input[bool]]):
1310
+ def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
1204
1311
  pulumi.set(self, "client_flag", value)
1205
1312
 
1206
1313
  @property
1207
1314
  @pulumi.getter(name="cnValidations")
1208
- def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1315
+ def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1209
1316
  """
1210
1317
  Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1211
1318
  """
1212
1319
  return pulumi.get(self, "cn_validations")
1213
1320
 
1214
1321
  @cn_validations.setter
1215
- def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1322
+ def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1216
1323
  pulumi.set(self, "cn_validations", value)
1217
1324
 
1218
1325
  @property
1219
1326
  @pulumi.getter(name="codeSigningFlag")
1220
- def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
1327
+ def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
1221
1328
  """
1222
1329
  Flag to specify certificates for code signing use
1223
1330
  """
1224
1331
  return pulumi.get(self, "code_signing_flag")
1225
1332
 
1226
1333
  @code_signing_flag.setter
1227
- def code_signing_flag(self, value: Optional[pulumi.Input[bool]]):
1334
+ def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
1228
1335
  pulumi.set(self, "code_signing_flag", value)
1229
1336
 
1230
1337
  @property
1231
1338
  @pulumi.getter
1232
- def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1339
+ def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1233
1340
  """
1234
1341
  The country of generated certificates
1235
1342
  """
1236
1343
  return pulumi.get(self, "countries")
1237
1344
 
1238
1345
  @countries.setter
1239
- def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1346
+ def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1240
1347
  pulumi.set(self, "countries", value)
1241
1348
 
1242
1349
  @property
1243
1350
  @pulumi.getter(name="emailProtectionFlag")
1244
- def email_protection_flag(self) -> Optional[pulumi.Input[bool]]:
1351
+ def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
1245
1352
  """
1246
1353
  Flag to specify certificates for email protection use
1247
1354
  """
1248
1355
  return pulumi.get(self, "email_protection_flag")
1249
1356
 
1250
1357
  @email_protection_flag.setter
1251
- def email_protection_flag(self, value: Optional[pulumi.Input[bool]]):
1358
+ def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
1252
1359
  pulumi.set(self, "email_protection_flag", value)
1253
1360
 
1254
1361
  @property
1255
1362
  @pulumi.getter(name="enforceHostnames")
1256
- def enforce_hostnames(self) -> Optional[pulumi.Input[bool]]:
1363
+ def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
1257
1364
  """
1258
1365
  Flag to allow only valid host names
1259
1366
  """
1260
1367
  return pulumi.get(self, "enforce_hostnames")
1261
1368
 
1262
1369
  @enforce_hostnames.setter
1263
- def enforce_hostnames(self, value: Optional[pulumi.Input[bool]]):
1370
+ def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
1264
1371
  pulumi.set(self, "enforce_hostnames", value)
1265
1372
 
1266
1373
  @property
1267
1374
  @pulumi.getter(name="extKeyUsageOids")
1268
- def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1375
+ def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1269
1376
  """
1270
1377
  Specify the allowed extended key usage OIDs constraint on issued certificates
1271
1378
  """
1272
1379
  return pulumi.get(self, "ext_key_usage_oids")
1273
1380
 
1274
1381
  @ext_key_usage_oids.setter
1275
- def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1382
+ def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1276
1383
  pulumi.set(self, "ext_key_usage_oids", value)
1277
1384
 
1278
1385
  @property
1279
1386
  @pulumi.getter(name="extKeyUsages")
1280
- def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1387
+ def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1281
1388
  """
1282
1389
  Specify the allowed extended key usage constraint on issued certificates
1283
1390
  """
1284
1391
  return pulumi.get(self, "ext_key_usages")
1285
1392
 
1286
1393
  @ext_key_usages.setter
1287
- def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1394
+ def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1288
1395
  pulumi.set(self, "ext_key_usages", value)
1289
1396
 
1290
1397
  @property
1291
1398
  @pulumi.getter(name="generateLease")
1292
- def generate_lease(self) -> Optional[pulumi.Input[bool]]:
1399
+ def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
1293
1400
  """
1294
1401
  Flag to generate leases with certificates
1295
1402
  """
1296
1403
  return pulumi.get(self, "generate_lease")
1297
1404
 
1298
1405
  @generate_lease.setter
1299
- def generate_lease(self, value: Optional[pulumi.Input[bool]]):
1406
+ def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
1300
1407
  pulumi.set(self, "generate_lease", value)
1301
1408
 
1302
1409
  @property
1303
1410
  @pulumi.getter(name="issuerRef")
1304
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
1411
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
1305
1412
  """
1306
1413
  Specifies the default issuer of this request. May
1307
1414
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -1311,24 +1418,24 @@ class _SecretBackendRoleState:
1311
1418
  return pulumi.get(self, "issuer_ref")
1312
1419
 
1313
1420
  @issuer_ref.setter
1314
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
1421
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
1315
1422
  pulumi.set(self, "issuer_ref", value)
1316
1423
 
1317
1424
  @property
1318
1425
  @pulumi.getter(name="keyBits")
1319
- def key_bits(self) -> Optional[pulumi.Input[int]]:
1426
+ def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
1320
1427
  """
1321
1428
  The number of bits of generated keys
1322
1429
  """
1323
1430
  return pulumi.get(self, "key_bits")
1324
1431
 
1325
1432
  @key_bits.setter
1326
- def key_bits(self, value: Optional[pulumi.Input[int]]):
1433
+ def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
1327
1434
  pulumi.set(self, "key_bits", value)
1328
1435
 
1329
1436
  @property
1330
1437
  @pulumi.getter(name="keyType")
1331
- def key_type(self) -> Optional[pulumi.Input[str]]:
1438
+ def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
1332
1439
  """
1333
1440
  The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
1334
1441
  Defaults to `rsa`
@@ -1336,12 +1443,12 @@ class _SecretBackendRoleState:
1336
1443
  return pulumi.get(self, "key_type")
1337
1444
 
1338
1445
  @key_type.setter
1339
- def key_type(self, value: Optional[pulumi.Input[str]]):
1446
+ def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
1340
1447
  pulumi.set(self, "key_type", value)
1341
1448
 
1342
1449
  @property
1343
1450
  @pulumi.getter(name="keyUsages")
1344
- def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1451
+ def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1345
1452
  """
1346
1453
  Specify the allowed key usage constraint on issued
1347
1454
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
@@ -1350,48 +1457,48 @@ class _SecretBackendRoleState:
1350
1457
  return pulumi.get(self, "key_usages")
1351
1458
 
1352
1459
  @key_usages.setter
1353
- def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1460
+ def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1354
1461
  pulumi.set(self, "key_usages", value)
1355
1462
 
1356
1463
  @property
1357
1464
  @pulumi.getter
1358
- def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1465
+ def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1359
1466
  """
1360
1467
  The locality of generated certificates
1361
1468
  """
1362
1469
  return pulumi.get(self, "localities")
1363
1470
 
1364
1471
  @localities.setter
1365
- def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1472
+ def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1366
1473
  pulumi.set(self, "localities", value)
1367
1474
 
1368
1475
  @property
1369
1476
  @pulumi.getter(name="maxTtl")
1370
- def max_ttl(self) -> Optional[pulumi.Input[str]]:
1477
+ def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
1371
1478
  """
1372
1479
  The maximum lease TTL, in seconds, for the role.
1373
1480
  """
1374
1481
  return pulumi.get(self, "max_ttl")
1375
1482
 
1376
1483
  @max_ttl.setter
1377
- def max_ttl(self, value: Optional[pulumi.Input[str]]):
1484
+ def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
1378
1485
  pulumi.set(self, "max_ttl", value)
1379
1486
 
1380
1487
  @property
1381
1488
  @pulumi.getter
1382
- def name(self) -> Optional[pulumi.Input[str]]:
1489
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
1383
1490
  """
1384
1491
  The name to identify this role within the backend. Must be unique within the backend.
1385
1492
  """
1386
1493
  return pulumi.get(self, "name")
1387
1494
 
1388
1495
  @name.setter
1389
- def name(self, value: Optional[pulumi.Input[str]]):
1496
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
1390
1497
  pulumi.set(self, "name", value)
1391
1498
 
1392
1499
  @property
1393
1500
  @pulumi.getter
1394
- def namespace(self) -> Optional[pulumi.Input[str]]:
1501
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
1395
1502
  """
1396
1503
  The namespace to provision the resource in.
1397
1504
  The value should not contain leading or trailing forward slashes.
@@ -1401,55 +1508,79 @@ class _SecretBackendRoleState:
1401
1508
  return pulumi.get(self, "namespace")
1402
1509
 
1403
1510
  @namespace.setter
1404
- def namespace(self, value: Optional[pulumi.Input[str]]):
1511
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
1405
1512
  pulumi.set(self, "namespace", value)
1406
1513
 
1407
1514
  @property
1408
1515
  @pulumi.getter(name="noStore")
1409
- def no_store(self) -> Optional[pulumi.Input[bool]]:
1516
+ def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
1410
1517
  """
1411
1518
  Flag to not store certificates in the storage backend
1412
1519
  """
1413
1520
  return pulumi.get(self, "no_store")
1414
1521
 
1415
1522
  @no_store.setter
1416
- def no_store(self, value: Optional[pulumi.Input[bool]]):
1523
+ def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
1417
1524
  pulumi.set(self, "no_store", value)
1418
1525
 
1526
+ @property
1527
+ @pulumi.getter(name="noStoreMetadata")
1528
+ def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
1529
+ """
1530
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
1531
+ """
1532
+ return pulumi.get(self, "no_store_metadata")
1533
+
1534
+ @no_store_metadata.setter
1535
+ def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
1536
+ pulumi.set(self, "no_store_metadata", value)
1537
+
1538
+ @property
1539
+ @pulumi.getter(name="notAfter")
1540
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
1541
+ """
1542
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1543
+ """
1544
+ return pulumi.get(self, "not_after")
1545
+
1546
+ @not_after.setter
1547
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
1548
+ pulumi.set(self, "not_after", value)
1549
+
1419
1550
  @property
1420
1551
  @pulumi.getter(name="notBeforeDuration")
1421
- def not_before_duration(self) -> Optional[pulumi.Input[str]]:
1552
+ def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
1422
1553
  """
1423
1554
  Specifies the duration by which to backdate the NotBefore property.
1424
1555
  """
1425
1556
  return pulumi.get(self, "not_before_duration")
1426
1557
 
1427
1558
  @not_before_duration.setter
1428
- def not_before_duration(self, value: Optional[pulumi.Input[str]]):
1559
+ def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
1429
1560
  pulumi.set(self, "not_before_duration", value)
1430
1561
 
1431
1562
  @property
1432
1563
  @pulumi.getter(name="organizationUnit")
1433
- def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1564
+ def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1434
1565
  """
1435
1566
  The organization unit of generated certificates
1436
1567
  """
1437
1568
  return pulumi.get(self, "organization_unit")
1438
1569
 
1439
1570
  @organization_unit.setter
1440
- def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1571
+ def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1441
1572
  pulumi.set(self, "organization_unit", value)
1442
1573
 
1443
1574
  @property
1444
1575
  @pulumi.getter
1445
- def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1576
+ def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1446
1577
  """
1447
1578
  The organization of generated certificates
1448
1579
  """
1449
1580
  return pulumi.get(self, "organizations")
1450
1581
 
1451
1582
  @organizations.setter
1452
- def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1583
+ def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1453
1584
  pulumi.set(self, "organizations", value)
1454
1585
 
1455
1586
  @property
@@ -1466,165 +1597,208 @@ class _SecretBackendRoleState:
1466
1597
 
1467
1598
  @property
1468
1599
  @pulumi.getter(name="policyIdentifiers")
1469
- def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1600
+ def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1470
1601
  """
1471
1602
  Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
1472
1603
  """
1473
1604
  return pulumi.get(self, "policy_identifiers")
1474
1605
 
1475
1606
  @policy_identifiers.setter
1476
- def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1607
+ def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1477
1608
  pulumi.set(self, "policy_identifiers", value)
1478
1609
 
1479
1610
  @property
1480
1611
  @pulumi.getter(name="postalCodes")
1481
- def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1612
+ def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1482
1613
  """
1483
1614
  The postal code of generated certificates
1484
1615
  """
1485
1616
  return pulumi.get(self, "postal_codes")
1486
1617
 
1487
1618
  @postal_codes.setter
1488
- def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1619
+ def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1489
1620
  pulumi.set(self, "postal_codes", value)
1490
1621
 
1491
1622
  @property
1492
1623
  @pulumi.getter
1493
- def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1624
+ def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1494
1625
  """
1495
1626
  The province of generated certificates
1496
1627
  """
1497
1628
  return pulumi.get(self, "provinces")
1498
1629
 
1499
1630
  @provinces.setter
1500
- def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1631
+ def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1501
1632
  pulumi.set(self, "provinces", value)
1502
1633
 
1503
1634
  @property
1504
1635
  @pulumi.getter(name="requireCn")
1505
- def require_cn(self) -> Optional[pulumi.Input[bool]]:
1636
+ def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
1506
1637
  """
1507
1638
  Flag to force CN usage
1508
1639
  """
1509
1640
  return pulumi.get(self, "require_cn")
1510
1641
 
1511
1642
  @require_cn.setter
1512
- def require_cn(self, value: Optional[pulumi.Input[bool]]):
1643
+ def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
1513
1644
  pulumi.set(self, "require_cn", value)
1514
1645
 
1646
+ @property
1647
+ @pulumi.getter(name="serialNumberSource")
1648
+ def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
1649
+ """
1650
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
1651
+
1652
+ Example usage:
1653
+ """
1654
+ return pulumi.get(self, "serial_number_source")
1655
+
1656
+ @serial_number_source.setter
1657
+ def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
1658
+ pulumi.set(self, "serial_number_source", value)
1659
+
1515
1660
  @property
1516
1661
  @pulumi.getter(name="serverFlag")
1517
- def server_flag(self) -> Optional[pulumi.Input[bool]]:
1662
+ def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
1518
1663
  """
1519
1664
  Flag to specify certificates for server use
1520
1665
  """
1521
1666
  return pulumi.get(self, "server_flag")
1522
1667
 
1523
1668
  @server_flag.setter
1524
- def server_flag(self, value: Optional[pulumi.Input[bool]]):
1669
+ def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
1525
1670
  pulumi.set(self, "server_flag", value)
1526
1671
 
1672
+ @property
1673
+ @pulumi.getter(name="signatureBits")
1674
+ def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
1675
+ """
1676
+ The number of bits to use in the signature algorithm
1677
+ """
1678
+ return pulumi.get(self, "signature_bits")
1679
+
1680
+ @signature_bits.setter
1681
+ def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
1682
+ pulumi.set(self, "signature_bits", value)
1683
+
1527
1684
  @property
1528
1685
  @pulumi.getter(name="streetAddresses")
1529
- def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1686
+ def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1530
1687
  """
1531
1688
  The street address of generated certificates
1532
1689
  """
1533
1690
  return pulumi.get(self, "street_addresses")
1534
1691
 
1535
1692
  @street_addresses.setter
1536
- def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1693
+ def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1537
1694
  pulumi.set(self, "street_addresses", value)
1538
1695
 
1539
1696
  @property
1540
1697
  @pulumi.getter
1541
- def ttl(self) -> Optional[pulumi.Input[str]]:
1698
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
1542
1699
  """
1543
1700
  The TTL, in seconds, for any certificate issued against this role.
1544
1701
  """
1545
1702
  return pulumi.get(self, "ttl")
1546
1703
 
1547
1704
  @ttl.setter
1548
- def ttl(self, value: Optional[pulumi.Input[str]]):
1705
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
1549
1706
  pulumi.set(self, "ttl", value)
1550
1707
 
1551
1708
  @property
1552
1709
  @pulumi.getter(name="useCsrCommonName")
1553
- def use_csr_common_name(self) -> Optional[pulumi.Input[bool]]:
1710
+ def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
1554
1711
  """
1555
1712
  Flag to use the CN in the CSR
1556
1713
  """
1557
1714
  return pulumi.get(self, "use_csr_common_name")
1558
1715
 
1559
1716
  @use_csr_common_name.setter
1560
- def use_csr_common_name(self, value: Optional[pulumi.Input[bool]]):
1717
+ def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
1561
1718
  pulumi.set(self, "use_csr_common_name", value)
1562
1719
 
1563
1720
  @property
1564
1721
  @pulumi.getter(name="useCsrSans")
1565
- def use_csr_sans(self) -> Optional[pulumi.Input[bool]]:
1722
+ def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
1566
1723
  """
1567
1724
  Flag to use the SANs in the CSR
1568
1725
  """
1569
1726
  return pulumi.get(self, "use_csr_sans")
1570
1727
 
1571
1728
  @use_csr_sans.setter
1572
- def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
1729
+ def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
1573
1730
  pulumi.set(self, "use_csr_sans", value)
1574
1731
 
1732
+ @property
1733
+ @pulumi.getter(name="usePss")
1734
+ def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
1735
+ """
1736
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1737
+ """
1738
+ return pulumi.get(self, "use_pss")
1739
+
1740
+ @use_pss.setter
1741
+ def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
1742
+ pulumi.set(self, "use_pss", value)
1743
+
1575
1744
 
1576
1745
  class SecretBackendRole(pulumi.CustomResource):
1577
1746
  @overload
1578
1747
  def __init__(__self__,
1579
1748
  resource_name: str,
1580
1749
  opts: Optional[pulumi.ResourceOptions] = None,
1581
- allow_any_name: Optional[pulumi.Input[bool]] = None,
1582
- allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1583
- allow_glob_domains: Optional[pulumi.Input[bool]] = None,
1584
- allow_ip_sans: Optional[pulumi.Input[bool]] = None,
1585
- allow_localhost: Optional[pulumi.Input[bool]] = None,
1586
- allow_subdomains: Optional[pulumi.Input[bool]] = None,
1587
- allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
1588
- allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1589
- allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1590
- allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1591
- allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1592
- allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1593
- allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
1594
- allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1595
- backend: Optional[pulumi.Input[str]] = None,
1596
- basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
1597
- client_flag: Optional[pulumi.Input[bool]] = None,
1598
- cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1599
- code_signing_flag: Optional[pulumi.Input[bool]] = None,
1600
- countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1601
- email_protection_flag: Optional[pulumi.Input[bool]] = None,
1602
- enforce_hostnames: Optional[pulumi.Input[bool]] = None,
1603
- ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1604
- ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1605
- generate_lease: Optional[pulumi.Input[bool]] = None,
1606
- issuer_ref: Optional[pulumi.Input[str]] = None,
1607
- key_bits: Optional[pulumi.Input[int]] = None,
1608
- key_type: Optional[pulumi.Input[str]] = None,
1609
- key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1610
- localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1611
- max_ttl: Optional[pulumi.Input[str]] = None,
1612
- name: Optional[pulumi.Input[str]] = None,
1613
- namespace: Optional[pulumi.Input[str]] = None,
1614
- no_store: Optional[pulumi.Input[bool]] = None,
1615
- not_before_duration: Optional[pulumi.Input[str]] = None,
1616
- organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1617
- organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1750
+ allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
1751
+ allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
1752
+ allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
1753
+ allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
1754
+ allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
1755
+ allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
1756
+ allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
1757
+ allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1758
+ allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
1759
+ allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1760
+ allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1761
+ allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1762
+ allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
1763
+ allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1764
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1765
+ basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
1766
+ client_flag: Optional[pulumi.Input[builtins.bool]] = None,
1767
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1768
+ code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
1769
+ countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1770
+ email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
1771
+ enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
1772
+ ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1773
+ ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1774
+ generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
1775
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
1776
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
1777
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
1778
+ key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1779
+ localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1780
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
1781
+ name: Optional[pulumi.Input[builtins.str]] = None,
1782
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1783
+ no_store: Optional[pulumi.Input[builtins.bool]] = None,
1784
+ no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
1785
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1786
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
1787
+ organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1788
+ organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1618
1789
  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
1619
- policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1620
- postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1621
- provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1622
- require_cn: Optional[pulumi.Input[bool]] = None,
1623
- server_flag: Optional[pulumi.Input[bool]] = None,
1624
- street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1625
- ttl: Optional[pulumi.Input[str]] = None,
1626
- use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1627
- use_csr_sans: Optional[pulumi.Input[bool]] = None,
1790
+ policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1791
+ postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1792
+ provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1793
+ require_cn: Optional[pulumi.Input[builtins.bool]] = None,
1794
+ serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
1795
+ server_flag: Optional[pulumi.Input[builtins.bool]] = None,
1796
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1797
+ street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1798
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1799
+ use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
1800
+ use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
1801
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None,
1628
1802
  __props__=None):
1629
1803
  """
1630
1804
  Creates a role on an PKI Secret Backend for Vault.
@@ -1664,62 +1838,69 @@ class SecretBackendRole(pulumi.CustomResource):
1664
1838
 
1665
1839
  :param str resource_name: The name of the resource.
1666
1840
  :param pulumi.ResourceOptions opts: Options for the resource.
1667
- :param pulumi.Input[bool] allow_any_name: Flag to allow any name
1668
- :param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
1669
- :param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
1670
- :param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
1671
- :param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
1672
- :param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
1673
- :param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
1674
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
1675
- :param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1676
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
1677
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
1678
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
1679
- :param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1680
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
1681
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
1682
- :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
1683
- :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
1684
- :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1685
- :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
1686
- :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
1687
- :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
1688
- :param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
1689
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
1690
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
1691
- :param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
1692
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
1841
+ :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
1842
+ :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
1843
+ :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
1844
+ :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
1845
+ :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
1846
+ :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
1847
+ :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
1848
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
1849
+ :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1850
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
1851
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
1852
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
1853
+ :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1854
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
1855
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
1856
+ :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
1857
+ :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
1858
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1859
+ :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
1860
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
1861
+ :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
1862
+ :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
1863
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
1864
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
1865
+ :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
1866
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
1693
1867
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
1694
1868
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
1695
1869
  overriding the role's `issuer_ref` value.
1696
- :param pulumi.Input[int] key_bits: The number of bits of generated keys
1697
- :param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
1870
+ :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
1871
+ :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
1698
1872
  Defaults to `rsa`
1699
- :param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
1873
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
1700
1874
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
1701
1875
  To specify no default key usage constraints, set this to an empty list `[]`.
1702
- :param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
1703
- :param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
1704
- :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
1705
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1876
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
1877
+ :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
1878
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
1879
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1706
1880
  The value should not contain leading or trailing forward slashes.
1707
1881
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1708
1882
  *Available only for Vault Enterprise*.
1709
- :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
1710
- :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1711
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
1712
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
1883
+ :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
1884
+ :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
1885
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1886
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1887
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
1888
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
1713
1889
  :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
1714
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
1715
- :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
1716
- :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
1717
- :param pulumi.Input[bool] require_cn: Flag to force CN usage
1718
- :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
1719
- :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
1720
- :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
1721
- :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
1722
- :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
1890
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
1891
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
1892
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
1893
+ :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
1894
+ :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
1895
+
1896
+ Example usage:
1897
+ :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
1898
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
1899
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
1900
+ :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
1901
+ :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
1902
+ :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
1903
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1723
1904
  """
1724
1905
  ...
1725
1906
  @overload
@@ -1778,53 +1959,58 @@ class SecretBackendRole(pulumi.CustomResource):
1778
1959
  def _internal_init(__self__,
1779
1960
  resource_name: str,
1780
1961
  opts: Optional[pulumi.ResourceOptions] = None,
1781
- allow_any_name: Optional[pulumi.Input[bool]] = None,
1782
- allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1783
- allow_glob_domains: Optional[pulumi.Input[bool]] = None,
1784
- allow_ip_sans: Optional[pulumi.Input[bool]] = None,
1785
- allow_localhost: Optional[pulumi.Input[bool]] = None,
1786
- allow_subdomains: Optional[pulumi.Input[bool]] = None,
1787
- allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
1788
- allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1789
- allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1790
- allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1791
- allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1792
- allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1793
- allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
1794
- allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1795
- backend: Optional[pulumi.Input[str]] = None,
1796
- basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
1797
- client_flag: Optional[pulumi.Input[bool]] = None,
1798
- cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1799
- code_signing_flag: Optional[pulumi.Input[bool]] = None,
1800
- countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1801
- email_protection_flag: Optional[pulumi.Input[bool]] = None,
1802
- enforce_hostnames: Optional[pulumi.Input[bool]] = None,
1803
- ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1804
- ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1805
- generate_lease: Optional[pulumi.Input[bool]] = None,
1806
- issuer_ref: Optional[pulumi.Input[str]] = None,
1807
- key_bits: Optional[pulumi.Input[int]] = None,
1808
- key_type: Optional[pulumi.Input[str]] = None,
1809
- key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1810
- localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1811
- max_ttl: Optional[pulumi.Input[str]] = None,
1812
- name: Optional[pulumi.Input[str]] = None,
1813
- namespace: Optional[pulumi.Input[str]] = None,
1814
- no_store: Optional[pulumi.Input[bool]] = None,
1815
- not_before_duration: Optional[pulumi.Input[str]] = None,
1816
- organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1817
- organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1962
+ allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
1963
+ allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
1964
+ allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
1965
+ allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
1966
+ allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
1967
+ allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
1968
+ allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
1969
+ allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1970
+ allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
1971
+ allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1972
+ allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1973
+ allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1974
+ allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
1975
+ allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1976
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1977
+ basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
1978
+ client_flag: Optional[pulumi.Input[builtins.bool]] = None,
1979
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1980
+ code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
1981
+ countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1982
+ email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
1983
+ enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
1984
+ ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1985
+ ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1986
+ generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
1987
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
1988
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
1989
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
1990
+ key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1991
+ localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1992
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
1993
+ name: Optional[pulumi.Input[builtins.str]] = None,
1994
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1995
+ no_store: Optional[pulumi.Input[builtins.bool]] = None,
1996
+ no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
1997
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1998
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
1999
+ organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2000
+ organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1818
2001
  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
1819
- policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1820
- postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1821
- provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1822
- require_cn: Optional[pulumi.Input[bool]] = None,
1823
- server_flag: Optional[pulumi.Input[bool]] = None,
1824
- street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1825
- ttl: Optional[pulumi.Input[str]] = None,
1826
- use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1827
- use_csr_sans: Optional[pulumi.Input[bool]] = None,
2002
+ policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2003
+ postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2004
+ provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2005
+ require_cn: Optional[pulumi.Input[builtins.bool]] = None,
2006
+ serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
2007
+ server_flag: Optional[pulumi.Input[builtins.bool]] = None,
2008
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
2009
+ street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2010
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
2011
+ use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
2012
+ use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
2013
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None,
1828
2014
  __props__=None):
1829
2015
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1830
2016
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1870,6 +2056,8 @@ class SecretBackendRole(pulumi.CustomResource):
1870
2056
  __props__.__dict__["name"] = name
1871
2057
  __props__.__dict__["namespace"] = namespace
1872
2058
  __props__.__dict__["no_store"] = no_store
2059
+ __props__.__dict__["no_store_metadata"] = no_store_metadata
2060
+ __props__.__dict__["not_after"] = not_after
1873
2061
  __props__.__dict__["not_before_duration"] = not_before_duration
1874
2062
  __props__.__dict__["organization_unit"] = organization_unit
1875
2063
  __props__.__dict__["organizations"] = organizations
@@ -1878,11 +2066,14 @@ class SecretBackendRole(pulumi.CustomResource):
1878
2066
  __props__.__dict__["postal_codes"] = postal_codes
1879
2067
  __props__.__dict__["provinces"] = provinces
1880
2068
  __props__.__dict__["require_cn"] = require_cn
2069
+ __props__.__dict__["serial_number_source"] = serial_number_source
1881
2070
  __props__.__dict__["server_flag"] = server_flag
2071
+ __props__.__dict__["signature_bits"] = signature_bits
1882
2072
  __props__.__dict__["street_addresses"] = street_addresses
1883
2073
  __props__.__dict__["ttl"] = ttl
1884
2074
  __props__.__dict__["use_csr_common_name"] = use_csr_common_name
1885
2075
  __props__.__dict__["use_csr_sans"] = use_csr_sans
2076
+ __props__.__dict__["use_pss"] = use_pss
1886
2077
  super(SecretBackendRole, __self__).__init__(
1887
2078
  'vault:pkiSecret/secretBackendRole:SecretBackendRole',
1888
2079
  resource_name,
@@ -1893,53 +2084,58 @@ class SecretBackendRole(pulumi.CustomResource):
1893
2084
  def get(resource_name: str,
1894
2085
  id: pulumi.Input[str],
1895
2086
  opts: Optional[pulumi.ResourceOptions] = None,
1896
- allow_any_name: Optional[pulumi.Input[bool]] = None,
1897
- allow_bare_domains: Optional[pulumi.Input[bool]] = None,
1898
- allow_glob_domains: Optional[pulumi.Input[bool]] = None,
1899
- allow_ip_sans: Optional[pulumi.Input[bool]] = None,
1900
- allow_localhost: Optional[pulumi.Input[bool]] = None,
1901
- allow_subdomains: Optional[pulumi.Input[bool]] = None,
1902
- allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
1903
- allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1904
- allowed_domains_template: Optional[pulumi.Input[bool]] = None,
1905
- allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1906
- allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1907
- allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1908
- allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
1909
- allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1910
- backend: Optional[pulumi.Input[str]] = None,
1911
- basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
1912
- client_flag: Optional[pulumi.Input[bool]] = None,
1913
- cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1914
- code_signing_flag: Optional[pulumi.Input[bool]] = None,
1915
- countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1916
- email_protection_flag: Optional[pulumi.Input[bool]] = None,
1917
- enforce_hostnames: Optional[pulumi.Input[bool]] = None,
1918
- ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1919
- ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1920
- generate_lease: Optional[pulumi.Input[bool]] = None,
1921
- issuer_ref: Optional[pulumi.Input[str]] = None,
1922
- key_bits: Optional[pulumi.Input[int]] = None,
1923
- key_type: Optional[pulumi.Input[str]] = None,
1924
- key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1925
- localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1926
- max_ttl: Optional[pulumi.Input[str]] = None,
1927
- name: Optional[pulumi.Input[str]] = None,
1928
- namespace: Optional[pulumi.Input[str]] = None,
1929
- no_store: Optional[pulumi.Input[bool]] = None,
1930
- not_before_duration: Optional[pulumi.Input[str]] = None,
1931
- organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1932
- organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
2087
+ allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
2088
+ allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
2089
+ allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
2090
+ allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
2091
+ allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
2092
+ allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
2093
+ allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
2094
+ allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2095
+ allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
2096
+ allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2097
+ allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2098
+ allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2099
+ allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
2100
+ allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2101
+ backend: Optional[pulumi.Input[builtins.str]] = None,
2102
+ basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
2103
+ client_flag: Optional[pulumi.Input[builtins.bool]] = None,
2104
+ cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2105
+ code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
2106
+ countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2107
+ email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
2108
+ enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
2109
+ ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2110
+ ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2111
+ generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
2112
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
2113
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
2114
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
2115
+ key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2116
+ localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2117
+ max_ttl: Optional[pulumi.Input[builtins.str]] = None,
2118
+ name: Optional[pulumi.Input[builtins.str]] = None,
2119
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
2120
+ no_store: Optional[pulumi.Input[builtins.bool]] = None,
2121
+ no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
2122
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
2123
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
2124
+ organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2125
+ organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1933
2126
  policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
1934
- policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1935
- postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1936
- provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1937
- require_cn: Optional[pulumi.Input[bool]] = None,
1938
- server_flag: Optional[pulumi.Input[bool]] = None,
1939
- street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1940
- ttl: Optional[pulumi.Input[str]] = None,
1941
- use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1942
- use_csr_sans: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRole':
2127
+ policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2128
+ postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2129
+ provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2130
+ require_cn: Optional[pulumi.Input[builtins.bool]] = None,
2131
+ serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
2132
+ server_flag: Optional[pulumi.Input[builtins.bool]] = None,
2133
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
2134
+ street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
2135
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
2136
+ use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
2137
+ use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
2138
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendRole':
1943
2139
  """
1944
2140
  Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
1945
2141
  properties used to qualify the lookup.
@@ -1947,62 +2143,69 @@ class SecretBackendRole(pulumi.CustomResource):
1947
2143
  :param str resource_name: The unique name of the resulting resource.
1948
2144
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1949
2145
  :param pulumi.ResourceOptions opts: Options for the resource.
1950
- :param pulumi.Input[bool] allow_any_name: Flag to allow any name
1951
- :param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
1952
- :param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
1953
- :param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
1954
- :param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
1955
- :param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
1956
- :param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
1957
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
1958
- :param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1959
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
1960
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
1961
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
1962
- :param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
1963
- :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
1964
- :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
1965
- :param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
1966
- :param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
1967
- :param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
1968
- :param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
1969
- :param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
1970
- :param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
1971
- :param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
1972
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
1973
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
1974
- :param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
1975
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
2146
+ :param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
2147
+ :param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
2148
+ :param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
2149
+ :param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
2150
+ :param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
2151
+ :param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
2152
+ :param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
2153
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
2154
+ :param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
2155
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
2156
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
2157
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
2158
+ :param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
2159
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
2160
+ :param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
2161
+ :param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
2162
+ :param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
2163
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
2164
+ :param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
2165
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
2166
+ :param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
2167
+ :param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
2168
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
2169
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
2170
+ :param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
2171
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
1976
2172
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
1977
2173
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
1978
2174
  overriding the role's `issuer_ref` value.
1979
- :param pulumi.Input[int] key_bits: The number of bits of generated keys
1980
- :param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
2175
+ :param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
2176
+ :param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
1981
2177
  Defaults to `rsa`
1982
- :param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
2178
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
1983
2179
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
1984
2180
  To specify no default key usage constraints, set this to an empty list `[]`.
1985
- :param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
1986
- :param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
1987
- :param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
1988
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
2181
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
2182
+ :param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
2183
+ :param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
2184
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1989
2185
  The value should not contain leading or trailing forward slashes.
1990
2186
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1991
2187
  *Available only for Vault Enterprise*.
1992
- :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
1993
- :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1994
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
1995
- :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
2188
+ :param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
2189
+ :param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
2190
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
2191
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
2192
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
2193
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
1996
2194
  :param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
1997
- :param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
1998
- :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
1999
- :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
2000
- :param pulumi.Input[bool] require_cn: Flag to force CN usage
2001
- :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
2002
- :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
2003
- :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
2004
- :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
2005
- :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
2195
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
2196
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
2197
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
2198
+ :param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
2199
+ :param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
2200
+
2201
+ Example usage:
2202
+ :param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
2203
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
2204
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
2205
+ :param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
2206
+ :param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
2207
+ :param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
2208
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
2006
2209
  """
2007
2210
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
2008
2211
 
@@ -2042,6 +2245,8 @@ class SecretBackendRole(pulumi.CustomResource):
2042
2245
  __props__.__dict__["name"] = name
2043
2246
  __props__.__dict__["namespace"] = namespace
2044
2247
  __props__.__dict__["no_store"] = no_store
2248
+ __props__.__dict__["no_store_metadata"] = no_store_metadata
2249
+ __props__.__dict__["not_after"] = not_after
2045
2250
  __props__.__dict__["not_before_duration"] = not_before_duration
2046
2251
  __props__.__dict__["organization_unit"] = organization_unit
2047
2252
  __props__.__dict__["organizations"] = organizations
@@ -2050,16 +2255,19 @@ class SecretBackendRole(pulumi.CustomResource):
2050
2255
  __props__.__dict__["postal_codes"] = postal_codes
2051
2256
  __props__.__dict__["provinces"] = provinces
2052
2257
  __props__.__dict__["require_cn"] = require_cn
2258
+ __props__.__dict__["serial_number_source"] = serial_number_source
2053
2259
  __props__.__dict__["server_flag"] = server_flag
2260
+ __props__.__dict__["signature_bits"] = signature_bits
2054
2261
  __props__.__dict__["street_addresses"] = street_addresses
2055
2262
  __props__.__dict__["ttl"] = ttl
2056
2263
  __props__.__dict__["use_csr_common_name"] = use_csr_common_name
2057
2264
  __props__.__dict__["use_csr_sans"] = use_csr_sans
2265
+ __props__.__dict__["use_pss"] = use_pss
2058
2266
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
2059
2267
 
2060
2268
  @property
2061
2269
  @pulumi.getter(name="allowAnyName")
2062
- def allow_any_name(self) -> pulumi.Output[Optional[bool]]:
2270
+ def allow_any_name(self) -> pulumi.Output[Optional[builtins.bool]]:
2063
2271
  """
2064
2272
  Flag to allow any name
2065
2273
  """
@@ -2067,7 +2275,7 @@ class SecretBackendRole(pulumi.CustomResource):
2067
2275
 
2068
2276
  @property
2069
2277
  @pulumi.getter(name="allowBareDomains")
2070
- def allow_bare_domains(self) -> pulumi.Output[Optional[bool]]:
2278
+ def allow_bare_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
2071
2279
  """
2072
2280
  Flag to allow certificates matching the actual domain
2073
2281
  """
@@ -2075,7 +2283,7 @@ class SecretBackendRole(pulumi.CustomResource):
2075
2283
 
2076
2284
  @property
2077
2285
  @pulumi.getter(name="allowGlobDomains")
2078
- def allow_glob_domains(self) -> pulumi.Output[Optional[bool]]:
2286
+ def allow_glob_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
2079
2287
  """
2080
2288
  Flag to allow names containing glob patterns.
2081
2289
  """
@@ -2083,7 +2291,7 @@ class SecretBackendRole(pulumi.CustomResource):
2083
2291
 
2084
2292
  @property
2085
2293
  @pulumi.getter(name="allowIpSans")
2086
- def allow_ip_sans(self) -> pulumi.Output[Optional[bool]]:
2294
+ def allow_ip_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
2087
2295
  """
2088
2296
  Flag to allow IP SANs
2089
2297
  """
@@ -2091,7 +2299,7 @@ class SecretBackendRole(pulumi.CustomResource):
2091
2299
 
2092
2300
  @property
2093
2301
  @pulumi.getter(name="allowLocalhost")
2094
- def allow_localhost(self) -> pulumi.Output[Optional[bool]]:
2302
+ def allow_localhost(self) -> pulumi.Output[Optional[builtins.bool]]:
2095
2303
  """
2096
2304
  Flag to allow certificates for localhost
2097
2305
  """
@@ -2099,7 +2307,7 @@ class SecretBackendRole(pulumi.CustomResource):
2099
2307
 
2100
2308
  @property
2101
2309
  @pulumi.getter(name="allowSubdomains")
2102
- def allow_subdomains(self) -> pulumi.Output[Optional[bool]]:
2310
+ def allow_subdomains(self) -> pulumi.Output[Optional[builtins.bool]]:
2103
2311
  """
2104
2312
  Flag to allow certificates matching subdomains
2105
2313
  """
@@ -2107,7 +2315,7 @@ class SecretBackendRole(pulumi.CustomResource):
2107
2315
 
2108
2316
  @property
2109
2317
  @pulumi.getter(name="allowWildcardCertificates")
2110
- def allow_wildcard_certificates(self) -> pulumi.Output[Optional[bool]]:
2318
+ def allow_wildcard_certificates(self) -> pulumi.Output[Optional[builtins.bool]]:
2111
2319
  """
2112
2320
  Flag to allow wildcard certificates.
2113
2321
  """
@@ -2115,7 +2323,7 @@ class SecretBackendRole(pulumi.CustomResource):
2115
2323
 
2116
2324
  @property
2117
2325
  @pulumi.getter(name="allowedDomains")
2118
- def allowed_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
2326
+ def allowed_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2119
2327
  """
2120
2328
  List of allowed domains for certificates
2121
2329
  """
@@ -2123,7 +2331,7 @@ class SecretBackendRole(pulumi.CustomResource):
2123
2331
 
2124
2332
  @property
2125
2333
  @pulumi.getter(name="allowedDomainsTemplate")
2126
- def allowed_domains_template(self) -> pulumi.Output[Optional[bool]]:
2334
+ def allowed_domains_template(self) -> pulumi.Output[Optional[builtins.bool]]:
2127
2335
  """
2128
2336
  Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
2129
2337
  """
@@ -2131,7 +2339,7 @@ class SecretBackendRole(pulumi.CustomResource):
2131
2339
 
2132
2340
  @property
2133
2341
  @pulumi.getter(name="allowedOtherSans")
2134
- def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
2342
+ def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2135
2343
  """
2136
2344
  Defines allowed custom SANs
2137
2345
  """
@@ -2139,7 +2347,7 @@ class SecretBackendRole(pulumi.CustomResource):
2139
2347
 
2140
2348
  @property
2141
2349
  @pulumi.getter(name="allowedSerialNumbers")
2142
- def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[str]]]:
2350
+ def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2143
2351
  """
2144
2352
  An array of allowed serial numbers to put in Subject
2145
2353
  """
@@ -2147,7 +2355,7 @@ class SecretBackendRole(pulumi.CustomResource):
2147
2355
 
2148
2356
  @property
2149
2357
  @pulumi.getter(name="allowedUriSans")
2150
- def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
2358
+ def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2151
2359
  """
2152
2360
  Defines allowed URI SANs
2153
2361
  """
@@ -2155,7 +2363,7 @@ class SecretBackendRole(pulumi.CustomResource):
2155
2363
 
2156
2364
  @property
2157
2365
  @pulumi.getter(name="allowedUriSansTemplate")
2158
- def allowed_uri_sans_template(self) -> pulumi.Output[bool]:
2366
+ def allowed_uri_sans_template(self) -> pulumi.Output[builtins.bool]:
2159
2367
  """
2160
2368
  Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
2161
2369
  """
@@ -2163,7 +2371,7 @@ class SecretBackendRole(pulumi.CustomResource):
2163
2371
 
2164
2372
  @property
2165
2373
  @pulumi.getter(name="allowedUserIds")
2166
- def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
2374
+ def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2167
2375
  """
2168
2376
  Defines allowed User IDs
2169
2377
  """
@@ -2171,7 +2379,7 @@ class SecretBackendRole(pulumi.CustomResource):
2171
2379
 
2172
2380
  @property
2173
2381
  @pulumi.getter
2174
- def backend(self) -> pulumi.Output[str]:
2382
+ def backend(self) -> pulumi.Output[builtins.str]:
2175
2383
  """
2176
2384
  The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
2177
2385
  """
@@ -2179,7 +2387,7 @@ class SecretBackendRole(pulumi.CustomResource):
2179
2387
 
2180
2388
  @property
2181
2389
  @pulumi.getter(name="basicConstraintsValidForNonCa")
2182
- def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[bool]]:
2390
+ def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[builtins.bool]]:
2183
2391
  """
2184
2392
  Flag to mark basic constraints valid when issuing non-CA certificates
2185
2393
  """
@@ -2187,7 +2395,7 @@ class SecretBackendRole(pulumi.CustomResource):
2187
2395
 
2188
2396
  @property
2189
2397
  @pulumi.getter(name="clientFlag")
2190
- def client_flag(self) -> pulumi.Output[Optional[bool]]:
2398
+ def client_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
2191
2399
  """
2192
2400
  Flag to specify certificates for client use
2193
2401
  """
@@ -2195,7 +2403,7 @@ class SecretBackendRole(pulumi.CustomResource):
2195
2403
 
2196
2404
  @property
2197
2405
  @pulumi.getter(name="cnValidations")
2198
- def cn_validations(self) -> pulumi.Output[Sequence[str]]:
2406
+ def cn_validations(self) -> pulumi.Output[Sequence[builtins.str]]:
2199
2407
  """
2200
2408
  Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
2201
2409
  """
@@ -2203,7 +2411,7 @@ class SecretBackendRole(pulumi.CustomResource):
2203
2411
 
2204
2412
  @property
2205
2413
  @pulumi.getter(name="codeSigningFlag")
2206
- def code_signing_flag(self) -> pulumi.Output[Optional[bool]]:
2414
+ def code_signing_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
2207
2415
  """
2208
2416
  Flag to specify certificates for code signing use
2209
2417
  """
@@ -2211,7 +2419,7 @@ class SecretBackendRole(pulumi.CustomResource):
2211
2419
 
2212
2420
  @property
2213
2421
  @pulumi.getter
2214
- def countries(self) -> pulumi.Output[Optional[Sequence[str]]]:
2422
+ def countries(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2215
2423
  """
2216
2424
  The country of generated certificates
2217
2425
  """
@@ -2219,7 +2427,7 @@ class SecretBackendRole(pulumi.CustomResource):
2219
2427
 
2220
2428
  @property
2221
2429
  @pulumi.getter(name="emailProtectionFlag")
2222
- def email_protection_flag(self) -> pulumi.Output[Optional[bool]]:
2430
+ def email_protection_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
2223
2431
  """
2224
2432
  Flag to specify certificates for email protection use
2225
2433
  """
@@ -2227,7 +2435,7 @@ class SecretBackendRole(pulumi.CustomResource):
2227
2435
 
2228
2436
  @property
2229
2437
  @pulumi.getter(name="enforceHostnames")
2230
- def enforce_hostnames(self) -> pulumi.Output[Optional[bool]]:
2438
+ def enforce_hostnames(self) -> pulumi.Output[Optional[builtins.bool]]:
2231
2439
  """
2232
2440
  Flag to allow only valid host names
2233
2441
  """
@@ -2235,7 +2443,7 @@ class SecretBackendRole(pulumi.CustomResource):
2235
2443
 
2236
2444
  @property
2237
2445
  @pulumi.getter(name="extKeyUsageOids")
2238
- def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[str]]]:
2446
+ def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2239
2447
  """
2240
2448
  Specify the allowed extended key usage OIDs constraint on issued certificates
2241
2449
  """
@@ -2243,7 +2451,7 @@ class SecretBackendRole(pulumi.CustomResource):
2243
2451
 
2244
2452
  @property
2245
2453
  @pulumi.getter(name="extKeyUsages")
2246
- def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[str]]]:
2454
+ def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2247
2455
  """
2248
2456
  Specify the allowed extended key usage constraint on issued certificates
2249
2457
  """
@@ -2251,7 +2459,7 @@ class SecretBackendRole(pulumi.CustomResource):
2251
2459
 
2252
2460
  @property
2253
2461
  @pulumi.getter(name="generateLease")
2254
- def generate_lease(self) -> pulumi.Output[Optional[bool]]:
2462
+ def generate_lease(self) -> pulumi.Output[Optional[builtins.bool]]:
2255
2463
  """
2256
2464
  Flag to generate leases with certificates
2257
2465
  """
@@ -2259,7 +2467,7 @@ class SecretBackendRole(pulumi.CustomResource):
2259
2467
 
2260
2468
  @property
2261
2469
  @pulumi.getter(name="issuerRef")
2262
- def issuer_ref(self) -> pulumi.Output[str]:
2470
+ def issuer_ref(self) -> pulumi.Output[builtins.str]:
2263
2471
  """
2264
2472
  Specifies the default issuer of this request. May
2265
2473
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -2270,7 +2478,7 @@ class SecretBackendRole(pulumi.CustomResource):
2270
2478
 
2271
2479
  @property
2272
2480
  @pulumi.getter(name="keyBits")
2273
- def key_bits(self) -> pulumi.Output[Optional[int]]:
2481
+ def key_bits(self) -> pulumi.Output[Optional[builtins.int]]:
2274
2482
  """
2275
2483
  The number of bits of generated keys
2276
2484
  """
@@ -2278,7 +2486,7 @@ class SecretBackendRole(pulumi.CustomResource):
2278
2486
 
2279
2487
  @property
2280
2488
  @pulumi.getter(name="keyType")
2281
- def key_type(self) -> pulumi.Output[Optional[str]]:
2489
+ def key_type(self) -> pulumi.Output[Optional[builtins.str]]:
2282
2490
  """
2283
2491
  The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
2284
2492
  Defaults to `rsa`
@@ -2287,7 +2495,7 @@ class SecretBackendRole(pulumi.CustomResource):
2287
2495
 
2288
2496
  @property
2289
2497
  @pulumi.getter(name="keyUsages")
2290
- def key_usages(self) -> pulumi.Output[Sequence[str]]:
2498
+ def key_usages(self) -> pulumi.Output[Sequence[builtins.str]]:
2291
2499
  """
2292
2500
  Specify the allowed key usage constraint on issued
2293
2501
  certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
@@ -2297,7 +2505,7 @@ class SecretBackendRole(pulumi.CustomResource):
2297
2505
 
2298
2506
  @property
2299
2507
  @pulumi.getter
2300
- def localities(self) -> pulumi.Output[Optional[Sequence[str]]]:
2508
+ def localities(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2301
2509
  """
2302
2510
  The locality of generated certificates
2303
2511
  """
@@ -2305,7 +2513,7 @@ class SecretBackendRole(pulumi.CustomResource):
2305
2513
 
2306
2514
  @property
2307
2515
  @pulumi.getter(name="maxTtl")
2308
- def max_ttl(self) -> pulumi.Output[str]:
2516
+ def max_ttl(self) -> pulumi.Output[builtins.str]:
2309
2517
  """
2310
2518
  The maximum lease TTL, in seconds, for the role.
2311
2519
  """
@@ -2313,7 +2521,7 @@ class SecretBackendRole(pulumi.CustomResource):
2313
2521
 
2314
2522
  @property
2315
2523
  @pulumi.getter
2316
- def name(self) -> pulumi.Output[str]:
2524
+ def name(self) -> pulumi.Output[builtins.str]:
2317
2525
  """
2318
2526
  The name to identify this role within the backend. Must be unique within the backend.
2319
2527
  """
@@ -2321,7 +2529,7 @@ class SecretBackendRole(pulumi.CustomResource):
2321
2529
 
2322
2530
  @property
2323
2531
  @pulumi.getter
2324
- def namespace(self) -> pulumi.Output[Optional[str]]:
2532
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
2325
2533
  """
2326
2534
  The namespace to provision the resource in.
2327
2535
  The value should not contain leading or trailing forward slashes.
@@ -2332,15 +2540,31 @@ class SecretBackendRole(pulumi.CustomResource):
2332
2540
 
2333
2541
  @property
2334
2542
  @pulumi.getter(name="noStore")
2335
- def no_store(self) -> pulumi.Output[Optional[bool]]:
2543
+ def no_store(self) -> pulumi.Output[Optional[builtins.bool]]:
2336
2544
  """
2337
2545
  Flag to not store certificates in the storage backend
2338
2546
  """
2339
2547
  return pulumi.get(self, "no_store")
2340
2548
 
2549
+ @property
2550
+ @pulumi.getter(name="noStoreMetadata")
2551
+ def no_store_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
2552
+ """
2553
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
2554
+ """
2555
+ return pulumi.get(self, "no_store_metadata")
2556
+
2557
+ @property
2558
+ @pulumi.getter(name="notAfter")
2559
+ def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
2560
+ """
2561
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
2562
+ """
2563
+ return pulumi.get(self, "not_after")
2564
+
2341
2565
  @property
2342
2566
  @pulumi.getter(name="notBeforeDuration")
2343
- def not_before_duration(self) -> pulumi.Output[str]:
2567
+ def not_before_duration(self) -> pulumi.Output[builtins.str]:
2344
2568
  """
2345
2569
  Specifies the duration by which to backdate the NotBefore property.
2346
2570
  """
@@ -2348,7 +2572,7 @@ class SecretBackendRole(pulumi.CustomResource):
2348
2572
 
2349
2573
  @property
2350
2574
  @pulumi.getter(name="organizationUnit")
2351
- def organization_unit(self) -> pulumi.Output[Optional[Sequence[str]]]:
2575
+ def organization_unit(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2352
2576
  """
2353
2577
  The organization unit of generated certificates
2354
2578
  """
@@ -2356,7 +2580,7 @@ class SecretBackendRole(pulumi.CustomResource):
2356
2580
 
2357
2581
  @property
2358
2582
  @pulumi.getter
2359
- def organizations(self) -> pulumi.Output[Optional[Sequence[str]]]:
2583
+ def organizations(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2360
2584
  """
2361
2585
  The organization of generated certificates
2362
2586
  """
@@ -2372,7 +2596,7 @@ class SecretBackendRole(pulumi.CustomResource):
2372
2596
 
2373
2597
  @property
2374
2598
  @pulumi.getter(name="policyIdentifiers")
2375
- def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[str]]]:
2599
+ def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2376
2600
  """
2377
2601
  Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
2378
2602
  """
@@ -2380,7 +2604,7 @@ class SecretBackendRole(pulumi.CustomResource):
2380
2604
 
2381
2605
  @property
2382
2606
  @pulumi.getter(name="postalCodes")
2383
- def postal_codes(self) -> pulumi.Output[Optional[Sequence[str]]]:
2607
+ def postal_codes(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2384
2608
  """
2385
2609
  The postal code of generated certificates
2386
2610
  """
@@ -2388,7 +2612,7 @@ class SecretBackendRole(pulumi.CustomResource):
2388
2612
 
2389
2613
  @property
2390
2614
  @pulumi.getter
2391
- def provinces(self) -> pulumi.Output[Optional[Sequence[str]]]:
2615
+ def provinces(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2392
2616
  """
2393
2617
  The province of generated certificates
2394
2618
  """
@@ -2396,23 +2620,41 @@ class SecretBackendRole(pulumi.CustomResource):
2396
2620
 
2397
2621
  @property
2398
2622
  @pulumi.getter(name="requireCn")
2399
- def require_cn(self) -> pulumi.Output[Optional[bool]]:
2623
+ def require_cn(self) -> pulumi.Output[Optional[builtins.bool]]:
2400
2624
  """
2401
2625
  Flag to force CN usage
2402
2626
  """
2403
2627
  return pulumi.get(self, "require_cn")
2404
2628
 
2629
+ @property
2630
+ @pulumi.getter(name="serialNumberSource")
2631
+ def serial_number_source(self) -> pulumi.Output[builtins.str]:
2632
+ """
2633
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
2634
+
2635
+ Example usage:
2636
+ """
2637
+ return pulumi.get(self, "serial_number_source")
2638
+
2405
2639
  @property
2406
2640
  @pulumi.getter(name="serverFlag")
2407
- def server_flag(self) -> pulumi.Output[Optional[bool]]:
2641
+ def server_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
2408
2642
  """
2409
2643
  Flag to specify certificates for server use
2410
2644
  """
2411
2645
  return pulumi.get(self, "server_flag")
2412
2646
 
2647
+ @property
2648
+ @pulumi.getter(name="signatureBits")
2649
+ def signature_bits(self) -> pulumi.Output[builtins.int]:
2650
+ """
2651
+ The number of bits to use in the signature algorithm
2652
+ """
2653
+ return pulumi.get(self, "signature_bits")
2654
+
2413
2655
  @property
2414
2656
  @pulumi.getter(name="streetAddresses")
2415
- def street_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
2657
+ def street_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2416
2658
  """
2417
2659
  The street address of generated certificates
2418
2660
  """
@@ -2420,7 +2662,7 @@ class SecretBackendRole(pulumi.CustomResource):
2420
2662
 
2421
2663
  @property
2422
2664
  @pulumi.getter
2423
- def ttl(self) -> pulumi.Output[str]:
2665
+ def ttl(self) -> pulumi.Output[builtins.str]:
2424
2666
  """
2425
2667
  The TTL, in seconds, for any certificate issued against this role.
2426
2668
  """
@@ -2428,7 +2670,7 @@ class SecretBackendRole(pulumi.CustomResource):
2428
2670
 
2429
2671
  @property
2430
2672
  @pulumi.getter(name="useCsrCommonName")
2431
- def use_csr_common_name(self) -> pulumi.Output[Optional[bool]]:
2673
+ def use_csr_common_name(self) -> pulumi.Output[Optional[builtins.bool]]:
2432
2674
  """
2433
2675
  Flag to use the CN in the CSR
2434
2676
  """
@@ -2436,9 +2678,17 @@ class SecretBackendRole(pulumi.CustomResource):
2436
2678
 
2437
2679
  @property
2438
2680
  @pulumi.getter(name="useCsrSans")
2439
- def use_csr_sans(self) -> pulumi.Output[Optional[bool]]:
2681
+ def use_csr_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
2440
2682
  """
2441
2683
  Flag to use the SANs in the CSR
2442
2684
  """
2443
2685
  return pulumi.get(self, "use_csr_sans")
2444
2686
 
2687
+ @property
2688
+ @pulumi.getter(name="usePss")
2689
+ def use_pss(self) -> pulumi.Output[Optional[builtins.bool]]:
2690
+ """
2691
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
2692
+ """
2693
+ return pulumi.get(self, "use_pss")
2694
+