pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,111 +22,123 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class SecretBackendRoleArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
backend: pulumi.Input[str],
|
25
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
26
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
27
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
28
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
29
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
30
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
31
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
32
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
33
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
34
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
36
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
37
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
38
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
39
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
40
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
41
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
42
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
43
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
44
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
45
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
46
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
47
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
48
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
49
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
50
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
51
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
52
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
53
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
54
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
55
|
-
name: Optional[pulumi.Input[str]] = None,
|
56
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
57
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
58
|
-
|
59
|
-
|
60
|
-
|
25
|
+
backend: pulumi.Input[builtins.str],
|
26
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
28
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
34
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
35
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
36
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
37
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
38
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
39
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
40
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
42
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
43
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
44
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
45
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
46
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
47
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
48
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
49
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
50
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
51
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
52
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
53
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
54
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
55
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
56
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
57
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
58
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
59
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
60
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
61
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
62
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
63
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
61
64
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
|
62
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
63
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
64
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
65
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
65
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
66
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
67
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
68
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
69
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
70
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
71
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
72
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
73
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
74
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
75
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
76
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None):
|
71
77
|
"""
|
72
78
|
The set of arguments for constructing a SecretBackendRole resource.
|
73
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
74
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
75
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
76
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
77
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
78
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
79
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
80
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
81
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
82
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
83
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
84
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
85
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
86
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
87
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
88
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
89
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
90
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
91
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
92
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
93
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
94
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
95
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
96
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
97
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
98
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
79
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
80
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
81
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
82
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
83
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
84
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
85
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
86
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
87
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
88
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
89
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
90
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
91
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
92
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
93
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
94
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
95
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
96
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
97
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
98
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
99
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
100
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
101
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
102
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
103
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
104
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
99
105
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
100
106
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
101
107
|
overriding the role's `issuer_ref` value.
|
102
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
103
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
108
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
109
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
104
110
|
Defaults to `rsa`
|
105
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
111
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
106
112
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
107
113
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
108
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
109
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
110
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
111
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
114
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
115
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
116
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
117
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
112
118
|
The value should not contain leading or trailing forward slashes.
|
113
119
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
114
120
|
*Available only for Vault Enterprise*.
|
115
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
116
|
-
:param pulumi.Input[
|
117
|
-
:param pulumi.Input[
|
118
|
-
:param pulumi.Input[
|
121
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
122
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
123
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
124
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
125
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
126
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
119
127
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
120
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
121
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
122
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
123
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
124
|
-
:param pulumi.Input[
|
125
|
-
|
126
|
-
|
127
|
-
:param pulumi.Input[bool]
|
128
|
-
:param pulumi.Input[
|
128
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
129
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
130
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
131
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
132
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
133
|
+
|
134
|
+
Example usage:
|
135
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
136
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
137
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
138
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
139
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
140
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
141
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
129
142
|
"""
|
130
143
|
pulumi.set(__self__, "backend", backend)
|
131
144
|
if allow_any_name is not None:
|
@@ -194,6 +207,10 @@ class SecretBackendRoleArgs:
|
|
194
207
|
pulumi.set(__self__, "namespace", namespace)
|
195
208
|
if no_store is not None:
|
196
209
|
pulumi.set(__self__, "no_store", no_store)
|
210
|
+
if no_store_metadata is not None:
|
211
|
+
pulumi.set(__self__, "no_store_metadata", no_store_metadata)
|
212
|
+
if not_after is not None:
|
213
|
+
pulumi.set(__self__, "not_after", not_after)
|
197
214
|
if not_before_duration is not None:
|
198
215
|
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
199
216
|
if organization_unit is not None:
|
@@ -210,8 +227,12 @@ class SecretBackendRoleArgs:
|
|
210
227
|
pulumi.set(__self__, "provinces", provinces)
|
211
228
|
if require_cn is not None:
|
212
229
|
pulumi.set(__self__, "require_cn", require_cn)
|
230
|
+
if serial_number_source is not None:
|
231
|
+
pulumi.set(__self__, "serial_number_source", serial_number_source)
|
213
232
|
if server_flag is not None:
|
214
233
|
pulumi.set(__self__, "server_flag", server_flag)
|
234
|
+
if signature_bits is not None:
|
235
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
215
236
|
if street_addresses is not None:
|
216
237
|
pulumi.set(__self__, "street_addresses", street_addresses)
|
217
238
|
if ttl is not None:
|
@@ -220,310 +241,312 @@ class SecretBackendRoleArgs:
|
|
220
241
|
pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
|
221
242
|
if use_csr_sans is not None:
|
222
243
|
pulumi.set(__self__, "use_csr_sans", use_csr_sans)
|
244
|
+
if use_pss is not None:
|
245
|
+
pulumi.set(__self__, "use_pss", use_pss)
|
223
246
|
|
224
247
|
@property
|
225
248
|
@pulumi.getter
|
226
|
-
def backend(self) -> pulumi.Input[str]:
|
249
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
227
250
|
"""
|
228
251
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
229
252
|
"""
|
230
253
|
return pulumi.get(self, "backend")
|
231
254
|
|
232
255
|
@backend.setter
|
233
|
-
def backend(self, value: pulumi.Input[str]):
|
256
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
234
257
|
pulumi.set(self, "backend", value)
|
235
258
|
|
236
259
|
@property
|
237
260
|
@pulumi.getter(name="allowAnyName")
|
238
|
-
def allow_any_name(self) -> Optional[pulumi.Input[bool]]:
|
261
|
+
def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
239
262
|
"""
|
240
263
|
Flag to allow any name
|
241
264
|
"""
|
242
265
|
return pulumi.get(self, "allow_any_name")
|
243
266
|
|
244
267
|
@allow_any_name.setter
|
245
|
-
def allow_any_name(self, value: Optional[pulumi.Input[bool]]):
|
268
|
+
def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
246
269
|
pulumi.set(self, "allow_any_name", value)
|
247
270
|
|
248
271
|
@property
|
249
272
|
@pulumi.getter(name="allowBareDomains")
|
250
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
|
273
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
251
274
|
"""
|
252
275
|
Flag to allow certificates matching the actual domain
|
253
276
|
"""
|
254
277
|
return pulumi.get(self, "allow_bare_domains")
|
255
278
|
|
256
279
|
@allow_bare_domains.setter
|
257
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
280
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
258
281
|
pulumi.set(self, "allow_bare_domains", value)
|
259
282
|
|
260
283
|
@property
|
261
284
|
@pulumi.getter(name="allowGlobDomains")
|
262
|
-
def allow_glob_domains(self) -> Optional[pulumi.Input[bool]]:
|
285
|
+
def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
263
286
|
"""
|
264
287
|
Flag to allow names containing glob patterns.
|
265
288
|
"""
|
266
289
|
return pulumi.get(self, "allow_glob_domains")
|
267
290
|
|
268
291
|
@allow_glob_domains.setter
|
269
|
-
def allow_glob_domains(self, value: Optional[pulumi.Input[bool]]):
|
292
|
+
def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
270
293
|
pulumi.set(self, "allow_glob_domains", value)
|
271
294
|
|
272
295
|
@property
|
273
296
|
@pulumi.getter(name="allowIpSans")
|
274
|
-
def allow_ip_sans(self) -> Optional[pulumi.Input[bool]]:
|
297
|
+
def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
275
298
|
"""
|
276
299
|
Flag to allow IP SANs
|
277
300
|
"""
|
278
301
|
return pulumi.get(self, "allow_ip_sans")
|
279
302
|
|
280
303
|
@allow_ip_sans.setter
|
281
|
-
def allow_ip_sans(self, value: Optional[pulumi.Input[bool]]):
|
304
|
+
def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
282
305
|
pulumi.set(self, "allow_ip_sans", value)
|
283
306
|
|
284
307
|
@property
|
285
308
|
@pulumi.getter(name="allowLocalhost")
|
286
|
-
def allow_localhost(self) -> Optional[pulumi.Input[bool]]:
|
309
|
+
def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
|
287
310
|
"""
|
288
311
|
Flag to allow certificates for localhost
|
289
312
|
"""
|
290
313
|
return pulumi.get(self, "allow_localhost")
|
291
314
|
|
292
315
|
@allow_localhost.setter
|
293
|
-
def allow_localhost(self, value: Optional[pulumi.Input[bool]]):
|
316
|
+
def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
|
294
317
|
pulumi.set(self, "allow_localhost", value)
|
295
318
|
|
296
319
|
@property
|
297
320
|
@pulumi.getter(name="allowSubdomains")
|
298
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
|
321
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
299
322
|
"""
|
300
323
|
Flag to allow certificates matching subdomains
|
301
324
|
"""
|
302
325
|
return pulumi.get(self, "allow_subdomains")
|
303
326
|
|
304
327
|
@allow_subdomains.setter
|
305
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
|
328
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
306
329
|
pulumi.set(self, "allow_subdomains", value)
|
307
330
|
|
308
331
|
@property
|
309
332
|
@pulumi.getter(name="allowWildcardCertificates")
|
310
|
-
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[bool]]:
|
333
|
+
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
311
334
|
"""
|
312
335
|
Flag to allow wildcard certificates.
|
313
336
|
"""
|
314
337
|
return pulumi.get(self, "allow_wildcard_certificates")
|
315
338
|
|
316
339
|
@allow_wildcard_certificates.setter
|
317
|
-
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[bool]]):
|
340
|
+
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
318
341
|
pulumi.set(self, "allow_wildcard_certificates", value)
|
319
342
|
|
320
343
|
@property
|
321
344
|
@pulumi.getter(name="allowedDomains")
|
322
|
-
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
345
|
+
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
323
346
|
"""
|
324
347
|
List of allowed domains for certificates
|
325
348
|
"""
|
326
349
|
return pulumi.get(self, "allowed_domains")
|
327
350
|
|
328
351
|
@allowed_domains.setter
|
329
|
-
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
352
|
+
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
330
353
|
pulumi.set(self, "allowed_domains", value)
|
331
354
|
|
332
355
|
@property
|
333
356
|
@pulumi.getter(name="allowedDomainsTemplate")
|
334
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
|
357
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
335
358
|
"""
|
336
359
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
337
360
|
"""
|
338
361
|
return pulumi.get(self, "allowed_domains_template")
|
339
362
|
|
340
363
|
@allowed_domains_template.setter
|
341
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
|
364
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
342
365
|
pulumi.set(self, "allowed_domains_template", value)
|
343
366
|
|
344
367
|
@property
|
345
368
|
@pulumi.getter(name="allowedOtherSans")
|
346
|
-
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
369
|
+
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
347
370
|
"""
|
348
371
|
Defines allowed custom SANs
|
349
372
|
"""
|
350
373
|
return pulumi.get(self, "allowed_other_sans")
|
351
374
|
|
352
375
|
@allowed_other_sans.setter
|
353
|
-
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
376
|
+
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
354
377
|
pulumi.set(self, "allowed_other_sans", value)
|
355
378
|
|
356
379
|
@property
|
357
380
|
@pulumi.getter(name="allowedSerialNumbers")
|
358
|
-
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
381
|
+
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
359
382
|
"""
|
360
383
|
An array of allowed serial numbers to put in Subject
|
361
384
|
"""
|
362
385
|
return pulumi.get(self, "allowed_serial_numbers")
|
363
386
|
|
364
387
|
@allowed_serial_numbers.setter
|
365
|
-
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
388
|
+
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
366
389
|
pulumi.set(self, "allowed_serial_numbers", value)
|
367
390
|
|
368
391
|
@property
|
369
392
|
@pulumi.getter(name="allowedUriSans")
|
370
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
393
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
371
394
|
"""
|
372
395
|
Defines allowed URI SANs
|
373
396
|
"""
|
374
397
|
return pulumi.get(self, "allowed_uri_sans")
|
375
398
|
|
376
399
|
@allowed_uri_sans.setter
|
377
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
400
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
378
401
|
pulumi.set(self, "allowed_uri_sans", value)
|
379
402
|
|
380
403
|
@property
|
381
404
|
@pulumi.getter(name="allowedUriSansTemplate")
|
382
|
-
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[bool]]:
|
405
|
+
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
383
406
|
"""
|
384
407
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
385
408
|
"""
|
386
409
|
return pulumi.get(self, "allowed_uri_sans_template")
|
387
410
|
|
388
411
|
@allowed_uri_sans_template.setter
|
389
|
-
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[bool]]):
|
412
|
+
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
390
413
|
pulumi.set(self, "allowed_uri_sans_template", value)
|
391
414
|
|
392
415
|
@property
|
393
416
|
@pulumi.getter(name="allowedUserIds")
|
394
|
-
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
417
|
+
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
395
418
|
"""
|
396
419
|
Defines allowed User IDs
|
397
420
|
"""
|
398
421
|
return pulumi.get(self, "allowed_user_ids")
|
399
422
|
|
400
423
|
@allowed_user_ids.setter
|
401
|
-
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
424
|
+
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
402
425
|
pulumi.set(self, "allowed_user_ids", value)
|
403
426
|
|
404
427
|
@property
|
405
428
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
406
|
-
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[bool]]:
|
429
|
+
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
|
407
430
|
"""
|
408
431
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
409
432
|
"""
|
410
433
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
411
434
|
|
412
435
|
@basic_constraints_valid_for_non_ca.setter
|
413
|
-
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[bool]]):
|
436
|
+
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
|
414
437
|
pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
|
415
438
|
|
416
439
|
@property
|
417
440
|
@pulumi.getter(name="clientFlag")
|
418
|
-
def client_flag(self) -> Optional[pulumi.Input[bool]]:
|
441
|
+
def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
419
442
|
"""
|
420
443
|
Flag to specify certificates for client use
|
421
444
|
"""
|
422
445
|
return pulumi.get(self, "client_flag")
|
423
446
|
|
424
447
|
@client_flag.setter
|
425
|
-
def client_flag(self, value: Optional[pulumi.Input[bool]]):
|
448
|
+
def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
426
449
|
pulumi.set(self, "client_flag", value)
|
427
450
|
|
428
451
|
@property
|
429
452
|
@pulumi.getter(name="cnValidations")
|
430
|
-
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
453
|
+
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
431
454
|
"""
|
432
455
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
433
456
|
"""
|
434
457
|
return pulumi.get(self, "cn_validations")
|
435
458
|
|
436
459
|
@cn_validations.setter
|
437
|
-
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
460
|
+
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
438
461
|
pulumi.set(self, "cn_validations", value)
|
439
462
|
|
440
463
|
@property
|
441
464
|
@pulumi.getter(name="codeSigningFlag")
|
442
|
-
def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
|
465
|
+
def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
443
466
|
"""
|
444
467
|
Flag to specify certificates for code signing use
|
445
468
|
"""
|
446
469
|
return pulumi.get(self, "code_signing_flag")
|
447
470
|
|
448
471
|
@code_signing_flag.setter
|
449
|
-
def code_signing_flag(self, value: Optional[pulumi.Input[bool]]):
|
472
|
+
def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
450
473
|
pulumi.set(self, "code_signing_flag", value)
|
451
474
|
|
452
475
|
@property
|
453
476
|
@pulumi.getter
|
454
|
-
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
477
|
+
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
455
478
|
"""
|
456
479
|
The country of generated certificates
|
457
480
|
"""
|
458
481
|
return pulumi.get(self, "countries")
|
459
482
|
|
460
483
|
@countries.setter
|
461
|
-
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
484
|
+
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
462
485
|
pulumi.set(self, "countries", value)
|
463
486
|
|
464
487
|
@property
|
465
488
|
@pulumi.getter(name="emailProtectionFlag")
|
466
|
-
def email_protection_flag(self) -> Optional[pulumi.Input[bool]]:
|
489
|
+
def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
467
490
|
"""
|
468
491
|
Flag to specify certificates for email protection use
|
469
492
|
"""
|
470
493
|
return pulumi.get(self, "email_protection_flag")
|
471
494
|
|
472
495
|
@email_protection_flag.setter
|
473
|
-
def email_protection_flag(self, value: Optional[pulumi.Input[bool]]):
|
496
|
+
def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
474
497
|
pulumi.set(self, "email_protection_flag", value)
|
475
498
|
|
476
499
|
@property
|
477
500
|
@pulumi.getter(name="enforceHostnames")
|
478
|
-
def enforce_hostnames(self) -> Optional[pulumi.Input[bool]]:
|
501
|
+
def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
|
479
502
|
"""
|
480
503
|
Flag to allow only valid host names
|
481
504
|
"""
|
482
505
|
return pulumi.get(self, "enforce_hostnames")
|
483
506
|
|
484
507
|
@enforce_hostnames.setter
|
485
|
-
def enforce_hostnames(self, value: Optional[pulumi.Input[bool]]):
|
508
|
+
def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
|
486
509
|
pulumi.set(self, "enforce_hostnames", value)
|
487
510
|
|
488
511
|
@property
|
489
512
|
@pulumi.getter(name="extKeyUsageOids")
|
490
|
-
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
513
|
+
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
491
514
|
"""
|
492
515
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
493
516
|
"""
|
494
517
|
return pulumi.get(self, "ext_key_usage_oids")
|
495
518
|
|
496
519
|
@ext_key_usage_oids.setter
|
497
|
-
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
520
|
+
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
498
521
|
pulumi.set(self, "ext_key_usage_oids", value)
|
499
522
|
|
500
523
|
@property
|
501
524
|
@pulumi.getter(name="extKeyUsages")
|
502
|
-
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
525
|
+
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
503
526
|
"""
|
504
527
|
Specify the allowed extended key usage constraint on issued certificates
|
505
528
|
"""
|
506
529
|
return pulumi.get(self, "ext_key_usages")
|
507
530
|
|
508
531
|
@ext_key_usages.setter
|
509
|
-
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
532
|
+
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
510
533
|
pulumi.set(self, "ext_key_usages", value)
|
511
534
|
|
512
535
|
@property
|
513
536
|
@pulumi.getter(name="generateLease")
|
514
|
-
def generate_lease(self) -> Optional[pulumi.Input[bool]]:
|
537
|
+
def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
|
515
538
|
"""
|
516
539
|
Flag to generate leases with certificates
|
517
540
|
"""
|
518
541
|
return pulumi.get(self, "generate_lease")
|
519
542
|
|
520
543
|
@generate_lease.setter
|
521
|
-
def generate_lease(self, value: Optional[pulumi.Input[bool]]):
|
544
|
+
def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
|
522
545
|
pulumi.set(self, "generate_lease", value)
|
523
546
|
|
524
547
|
@property
|
525
548
|
@pulumi.getter(name="issuerRef")
|
526
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
549
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
527
550
|
"""
|
528
551
|
Specifies the default issuer of this request. May
|
529
552
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -533,24 +556,24 @@ class SecretBackendRoleArgs:
|
|
533
556
|
return pulumi.get(self, "issuer_ref")
|
534
557
|
|
535
558
|
@issuer_ref.setter
|
536
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
559
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
537
560
|
pulumi.set(self, "issuer_ref", value)
|
538
561
|
|
539
562
|
@property
|
540
563
|
@pulumi.getter(name="keyBits")
|
541
|
-
def key_bits(self) -> Optional[pulumi.Input[int]]:
|
564
|
+
def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
542
565
|
"""
|
543
566
|
The number of bits of generated keys
|
544
567
|
"""
|
545
568
|
return pulumi.get(self, "key_bits")
|
546
569
|
|
547
570
|
@key_bits.setter
|
548
|
-
def key_bits(self, value: Optional[pulumi.Input[int]]):
|
571
|
+
def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
549
572
|
pulumi.set(self, "key_bits", value)
|
550
573
|
|
551
574
|
@property
|
552
575
|
@pulumi.getter(name="keyType")
|
553
|
-
def key_type(self) -> Optional[pulumi.Input[str]]:
|
576
|
+
def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
554
577
|
"""
|
555
578
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
556
579
|
Defaults to `rsa`
|
@@ -558,12 +581,12 @@ class SecretBackendRoleArgs:
|
|
558
581
|
return pulumi.get(self, "key_type")
|
559
582
|
|
560
583
|
@key_type.setter
|
561
|
-
def key_type(self, value: Optional[pulumi.Input[str]]):
|
584
|
+
def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
562
585
|
pulumi.set(self, "key_type", value)
|
563
586
|
|
564
587
|
@property
|
565
588
|
@pulumi.getter(name="keyUsages")
|
566
|
-
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
589
|
+
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
567
590
|
"""
|
568
591
|
Specify the allowed key usage constraint on issued
|
569
592
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
@@ -572,48 +595,48 @@ class SecretBackendRoleArgs:
|
|
572
595
|
return pulumi.get(self, "key_usages")
|
573
596
|
|
574
597
|
@key_usages.setter
|
575
|
-
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
598
|
+
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
576
599
|
pulumi.set(self, "key_usages", value)
|
577
600
|
|
578
601
|
@property
|
579
602
|
@pulumi.getter
|
580
|
-
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
603
|
+
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
581
604
|
"""
|
582
605
|
The locality of generated certificates
|
583
606
|
"""
|
584
607
|
return pulumi.get(self, "localities")
|
585
608
|
|
586
609
|
@localities.setter
|
587
|
-
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
610
|
+
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
588
611
|
pulumi.set(self, "localities", value)
|
589
612
|
|
590
613
|
@property
|
591
614
|
@pulumi.getter(name="maxTtl")
|
592
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
615
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
593
616
|
"""
|
594
617
|
The maximum lease TTL, in seconds, for the role.
|
595
618
|
"""
|
596
619
|
return pulumi.get(self, "max_ttl")
|
597
620
|
|
598
621
|
@max_ttl.setter
|
599
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
622
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
600
623
|
pulumi.set(self, "max_ttl", value)
|
601
624
|
|
602
625
|
@property
|
603
626
|
@pulumi.getter
|
604
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
627
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
605
628
|
"""
|
606
629
|
The name to identify this role within the backend. Must be unique within the backend.
|
607
630
|
"""
|
608
631
|
return pulumi.get(self, "name")
|
609
632
|
|
610
633
|
@name.setter
|
611
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
634
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
612
635
|
pulumi.set(self, "name", value)
|
613
636
|
|
614
637
|
@property
|
615
638
|
@pulumi.getter
|
616
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
639
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
617
640
|
"""
|
618
641
|
The namespace to provision the resource in.
|
619
642
|
The value should not contain leading or trailing forward slashes.
|
@@ -623,55 +646,79 @@ class SecretBackendRoleArgs:
|
|
623
646
|
return pulumi.get(self, "namespace")
|
624
647
|
|
625
648
|
@namespace.setter
|
626
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
649
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
627
650
|
pulumi.set(self, "namespace", value)
|
628
651
|
|
629
652
|
@property
|
630
653
|
@pulumi.getter(name="noStore")
|
631
|
-
def no_store(self) -> Optional[pulumi.Input[bool]]:
|
654
|
+
def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
632
655
|
"""
|
633
656
|
Flag to not store certificates in the storage backend
|
634
657
|
"""
|
635
658
|
return pulumi.get(self, "no_store")
|
636
659
|
|
637
660
|
@no_store.setter
|
638
|
-
def no_store(self, value: Optional[pulumi.Input[bool]]):
|
661
|
+
def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
639
662
|
pulumi.set(self, "no_store", value)
|
640
663
|
|
664
|
+
@property
|
665
|
+
@pulumi.getter(name="noStoreMetadata")
|
666
|
+
def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
667
|
+
"""
|
668
|
+
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
669
|
+
"""
|
670
|
+
return pulumi.get(self, "no_store_metadata")
|
671
|
+
|
672
|
+
@no_store_metadata.setter
|
673
|
+
def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
674
|
+
pulumi.set(self, "no_store_metadata", value)
|
675
|
+
|
676
|
+
@property
|
677
|
+
@pulumi.getter(name="notAfter")
|
678
|
+
def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
|
679
|
+
"""
|
680
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
681
|
+
"""
|
682
|
+
return pulumi.get(self, "not_after")
|
683
|
+
|
684
|
+
@not_after.setter
|
685
|
+
def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
|
686
|
+
pulumi.set(self, "not_after", value)
|
687
|
+
|
641
688
|
@property
|
642
689
|
@pulumi.getter(name="notBeforeDuration")
|
643
|
-
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
690
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
644
691
|
"""
|
645
692
|
Specifies the duration by which to backdate the NotBefore property.
|
646
693
|
"""
|
647
694
|
return pulumi.get(self, "not_before_duration")
|
648
695
|
|
649
696
|
@not_before_duration.setter
|
650
|
-
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
697
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
651
698
|
pulumi.set(self, "not_before_duration", value)
|
652
699
|
|
653
700
|
@property
|
654
701
|
@pulumi.getter(name="organizationUnit")
|
655
|
-
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
702
|
+
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
656
703
|
"""
|
657
704
|
The organization unit of generated certificates
|
658
705
|
"""
|
659
706
|
return pulumi.get(self, "organization_unit")
|
660
707
|
|
661
708
|
@organization_unit.setter
|
662
|
-
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
709
|
+
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
663
710
|
pulumi.set(self, "organization_unit", value)
|
664
711
|
|
665
712
|
@property
|
666
713
|
@pulumi.getter
|
667
|
-
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
714
|
+
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
668
715
|
"""
|
669
716
|
The organization of generated certificates
|
670
717
|
"""
|
671
718
|
return pulumi.get(self, "organizations")
|
672
719
|
|
673
720
|
@organizations.setter
|
674
|
-
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
721
|
+
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
675
722
|
pulumi.set(self, "organizations", value)
|
676
723
|
|
677
724
|
@property
|
@@ -688,221 +735,271 @@ class SecretBackendRoleArgs:
|
|
688
735
|
|
689
736
|
@property
|
690
737
|
@pulumi.getter(name="policyIdentifiers")
|
691
|
-
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
738
|
+
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
692
739
|
"""
|
693
740
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
694
741
|
"""
|
695
742
|
return pulumi.get(self, "policy_identifiers")
|
696
743
|
|
697
744
|
@policy_identifiers.setter
|
698
|
-
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
745
|
+
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
699
746
|
pulumi.set(self, "policy_identifiers", value)
|
700
747
|
|
701
748
|
@property
|
702
749
|
@pulumi.getter(name="postalCodes")
|
703
|
-
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
750
|
+
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
704
751
|
"""
|
705
752
|
The postal code of generated certificates
|
706
753
|
"""
|
707
754
|
return pulumi.get(self, "postal_codes")
|
708
755
|
|
709
756
|
@postal_codes.setter
|
710
|
-
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
757
|
+
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
711
758
|
pulumi.set(self, "postal_codes", value)
|
712
759
|
|
713
760
|
@property
|
714
761
|
@pulumi.getter
|
715
|
-
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
762
|
+
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
716
763
|
"""
|
717
764
|
The province of generated certificates
|
718
765
|
"""
|
719
766
|
return pulumi.get(self, "provinces")
|
720
767
|
|
721
768
|
@provinces.setter
|
722
|
-
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
769
|
+
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
723
770
|
pulumi.set(self, "provinces", value)
|
724
771
|
|
725
772
|
@property
|
726
773
|
@pulumi.getter(name="requireCn")
|
727
|
-
def require_cn(self) -> Optional[pulumi.Input[bool]]:
|
774
|
+
def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
728
775
|
"""
|
729
776
|
Flag to force CN usage
|
730
777
|
"""
|
731
778
|
return pulumi.get(self, "require_cn")
|
732
779
|
|
733
780
|
@require_cn.setter
|
734
|
-
def require_cn(self, value: Optional[pulumi.Input[bool]]):
|
781
|
+
def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
735
782
|
pulumi.set(self, "require_cn", value)
|
736
783
|
|
784
|
+
@property
|
785
|
+
@pulumi.getter(name="serialNumberSource")
|
786
|
+
def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
|
787
|
+
"""
|
788
|
+
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
789
|
+
|
790
|
+
Example usage:
|
791
|
+
"""
|
792
|
+
return pulumi.get(self, "serial_number_source")
|
793
|
+
|
794
|
+
@serial_number_source.setter
|
795
|
+
def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
|
796
|
+
pulumi.set(self, "serial_number_source", value)
|
797
|
+
|
737
798
|
@property
|
738
799
|
@pulumi.getter(name="serverFlag")
|
739
|
-
def server_flag(self) -> Optional[pulumi.Input[bool]]:
|
800
|
+
def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
740
801
|
"""
|
741
802
|
Flag to specify certificates for server use
|
742
803
|
"""
|
743
804
|
return pulumi.get(self, "server_flag")
|
744
805
|
|
745
806
|
@server_flag.setter
|
746
|
-
def server_flag(self, value: Optional[pulumi.Input[bool]]):
|
807
|
+
def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
747
808
|
pulumi.set(self, "server_flag", value)
|
748
809
|
|
810
|
+
@property
|
811
|
+
@pulumi.getter(name="signatureBits")
|
812
|
+
def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
813
|
+
"""
|
814
|
+
The number of bits to use in the signature algorithm
|
815
|
+
"""
|
816
|
+
return pulumi.get(self, "signature_bits")
|
817
|
+
|
818
|
+
@signature_bits.setter
|
819
|
+
def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
820
|
+
pulumi.set(self, "signature_bits", value)
|
821
|
+
|
749
822
|
@property
|
750
823
|
@pulumi.getter(name="streetAddresses")
|
751
|
-
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
824
|
+
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
752
825
|
"""
|
753
826
|
The street address of generated certificates
|
754
827
|
"""
|
755
828
|
return pulumi.get(self, "street_addresses")
|
756
829
|
|
757
830
|
@street_addresses.setter
|
758
|
-
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
831
|
+
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
759
832
|
pulumi.set(self, "street_addresses", value)
|
760
833
|
|
761
834
|
@property
|
762
835
|
@pulumi.getter
|
763
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
836
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
764
837
|
"""
|
765
838
|
The TTL, in seconds, for any certificate issued against this role.
|
766
839
|
"""
|
767
840
|
return pulumi.get(self, "ttl")
|
768
841
|
|
769
842
|
@ttl.setter
|
770
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
843
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
771
844
|
pulumi.set(self, "ttl", value)
|
772
845
|
|
773
846
|
@property
|
774
847
|
@pulumi.getter(name="useCsrCommonName")
|
775
|
-
def use_csr_common_name(self) -> Optional[pulumi.Input[bool]]:
|
848
|
+
def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
776
849
|
"""
|
777
850
|
Flag to use the CN in the CSR
|
778
851
|
"""
|
779
852
|
return pulumi.get(self, "use_csr_common_name")
|
780
853
|
|
781
854
|
@use_csr_common_name.setter
|
782
|
-
def use_csr_common_name(self, value: Optional[pulumi.Input[bool]]):
|
855
|
+
def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
783
856
|
pulumi.set(self, "use_csr_common_name", value)
|
784
857
|
|
785
858
|
@property
|
786
859
|
@pulumi.getter(name="useCsrSans")
|
787
|
-
def use_csr_sans(self) -> Optional[pulumi.Input[bool]]:
|
860
|
+
def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
788
861
|
"""
|
789
862
|
Flag to use the SANs in the CSR
|
790
863
|
"""
|
791
864
|
return pulumi.get(self, "use_csr_sans")
|
792
865
|
|
793
866
|
@use_csr_sans.setter
|
794
|
-
def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
|
867
|
+
def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
795
868
|
pulumi.set(self, "use_csr_sans", value)
|
796
869
|
|
870
|
+
@property
|
871
|
+
@pulumi.getter(name="usePss")
|
872
|
+
def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
|
873
|
+
"""
|
874
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
875
|
+
"""
|
876
|
+
return pulumi.get(self, "use_pss")
|
877
|
+
|
878
|
+
@use_pss.setter
|
879
|
+
def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
|
880
|
+
pulumi.set(self, "use_pss", value)
|
881
|
+
|
797
882
|
|
798
883
|
@pulumi.input_type
|
799
884
|
class _SecretBackendRoleState:
|
800
885
|
def __init__(__self__, *,
|
801
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
802
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
803
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
804
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
805
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
806
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
807
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
808
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
809
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
810
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
811
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
812
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
813
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
814
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
815
|
-
backend: Optional[pulumi.Input[str]] = None,
|
816
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
817
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
818
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
819
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
820
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
821
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
822
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
823
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
824
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
825
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
826
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
827
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
828
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
829
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
830
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
831
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
832
|
-
name: Optional[pulumi.Input[str]] = None,
|
833
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
834
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
835
|
-
|
836
|
-
|
837
|
-
|
886
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
887
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
888
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
889
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
890
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
891
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
892
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
893
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
894
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
895
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
896
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
897
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
898
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
899
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
900
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
901
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
902
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
903
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
904
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
905
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
906
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
907
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
908
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
909
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
910
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
911
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
912
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
913
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
914
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
915
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
916
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
917
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
918
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
919
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
920
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
921
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
922
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
923
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
924
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
838
925
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
|
839
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
840
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
841
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
842
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
843
|
-
|
844
|
-
|
845
|
-
|
846
|
-
|
847
|
-
|
926
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
927
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
928
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
929
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
930
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
931
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
932
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
933
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
934
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
936
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
937
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None):
|
848
938
|
"""
|
849
939
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
850
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
851
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
852
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
853
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
854
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
855
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
856
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
857
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
858
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
859
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
860
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
861
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
862
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
863
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
864
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
865
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
866
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
867
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
868
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
869
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
870
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
871
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
872
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
873
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
874
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
875
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
940
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
941
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
942
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
943
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
944
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
945
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
946
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
947
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
948
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
949
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
950
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
951
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
952
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
953
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
954
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
955
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
956
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
957
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
958
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
959
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
960
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
961
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
962
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
963
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
964
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
965
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
876
966
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
877
967
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
878
968
|
overriding the role's `issuer_ref` value.
|
879
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
880
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
969
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
970
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
881
971
|
Defaults to `rsa`
|
882
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
972
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
883
973
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
884
974
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
885
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
886
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
887
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
888
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
975
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
976
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
977
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
978
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
889
979
|
The value should not contain leading or trailing forward slashes.
|
890
980
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
891
981
|
*Available only for Vault Enterprise*.
|
892
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
893
|
-
:param pulumi.Input[
|
894
|
-
:param pulumi.Input[
|
895
|
-
:param pulumi.Input[
|
982
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
983
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
984
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
985
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
986
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
987
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
896
988
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
897
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
898
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
899
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
900
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
901
|
-
:param pulumi.Input[
|
902
|
-
|
903
|
-
|
904
|
-
:param pulumi.Input[bool]
|
905
|
-
:param pulumi.Input[
|
989
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
990
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
991
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
992
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
993
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
994
|
+
|
995
|
+
Example usage:
|
996
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
997
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
998
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
999
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
1000
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
1001
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
1002
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
906
1003
|
"""
|
907
1004
|
if allow_any_name is not None:
|
908
1005
|
pulumi.set(__self__, "allow_any_name", allow_any_name)
|
@@ -972,6 +1069,10 @@ class _SecretBackendRoleState:
|
|
972
1069
|
pulumi.set(__self__, "namespace", namespace)
|
973
1070
|
if no_store is not None:
|
974
1071
|
pulumi.set(__self__, "no_store", no_store)
|
1072
|
+
if no_store_metadata is not None:
|
1073
|
+
pulumi.set(__self__, "no_store_metadata", no_store_metadata)
|
1074
|
+
if not_after is not None:
|
1075
|
+
pulumi.set(__self__, "not_after", not_after)
|
975
1076
|
if not_before_duration is not None:
|
976
1077
|
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
977
1078
|
if organization_unit is not None:
|
@@ -988,8 +1089,12 @@ class _SecretBackendRoleState:
|
|
988
1089
|
pulumi.set(__self__, "provinces", provinces)
|
989
1090
|
if require_cn is not None:
|
990
1091
|
pulumi.set(__self__, "require_cn", require_cn)
|
1092
|
+
if serial_number_source is not None:
|
1093
|
+
pulumi.set(__self__, "serial_number_source", serial_number_source)
|
991
1094
|
if server_flag is not None:
|
992
1095
|
pulumi.set(__self__, "server_flag", server_flag)
|
1096
|
+
if signature_bits is not None:
|
1097
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
993
1098
|
if street_addresses is not None:
|
994
1099
|
pulumi.set(__self__, "street_addresses", street_addresses)
|
995
1100
|
if ttl is not None:
|
@@ -998,310 +1103,312 @@ class _SecretBackendRoleState:
|
|
998
1103
|
pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
|
999
1104
|
if use_csr_sans is not None:
|
1000
1105
|
pulumi.set(__self__, "use_csr_sans", use_csr_sans)
|
1106
|
+
if use_pss is not None:
|
1107
|
+
pulumi.set(__self__, "use_pss", use_pss)
|
1001
1108
|
|
1002
1109
|
@property
|
1003
1110
|
@pulumi.getter(name="allowAnyName")
|
1004
|
-
def allow_any_name(self) -> Optional[pulumi.Input[bool]]:
|
1111
|
+
def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1005
1112
|
"""
|
1006
1113
|
Flag to allow any name
|
1007
1114
|
"""
|
1008
1115
|
return pulumi.get(self, "allow_any_name")
|
1009
1116
|
|
1010
1117
|
@allow_any_name.setter
|
1011
|
-
def allow_any_name(self, value: Optional[pulumi.Input[bool]]):
|
1118
|
+
def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1012
1119
|
pulumi.set(self, "allow_any_name", value)
|
1013
1120
|
|
1014
1121
|
@property
|
1015
1122
|
@pulumi.getter(name="allowBareDomains")
|
1016
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
|
1123
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1017
1124
|
"""
|
1018
1125
|
Flag to allow certificates matching the actual domain
|
1019
1126
|
"""
|
1020
1127
|
return pulumi.get(self, "allow_bare_domains")
|
1021
1128
|
|
1022
1129
|
@allow_bare_domains.setter
|
1023
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
1130
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1024
1131
|
pulumi.set(self, "allow_bare_domains", value)
|
1025
1132
|
|
1026
1133
|
@property
|
1027
1134
|
@pulumi.getter(name="allowGlobDomains")
|
1028
|
-
def allow_glob_domains(self) -> Optional[pulumi.Input[bool]]:
|
1135
|
+
def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1029
1136
|
"""
|
1030
1137
|
Flag to allow names containing glob patterns.
|
1031
1138
|
"""
|
1032
1139
|
return pulumi.get(self, "allow_glob_domains")
|
1033
1140
|
|
1034
1141
|
@allow_glob_domains.setter
|
1035
|
-
def allow_glob_domains(self, value: Optional[pulumi.Input[bool]]):
|
1142
|
+
def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1036
1143
|
pulumi.set(self, "allow_glob_domains", value)
|
1037
1144
|
|
1038
1145
|
@property
|
1039
1146
|
@pulumi.getter(name="allowIpSans")
|
1040
|
-
def allow_ip_sans(self) -> Optional[pulumi.Input[bool]]:
|
1147
|
+
def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1041
1148
|
"""
|
1042
1149
|
Flag to allow IP SANs
|
1043
1150
|
"""
|
1044
1151
|
return pulumi.get(self, "allow_ip_sans")
|
1045
1152
|
|
1046
1153
|
@allow_ip_sans.setter
|
1047
|
-
def allow_ip_sans(self, value: Optional[pulumi.Input[bool]]):
|
1154
|
+
def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1048
1155
|
pulumi.set(self, "allow_ip_sans", value)
|
1049
1156
|
|
1050
1157
|
@property
|
1051
1158
|
@pulumi.getter(name="allowLocalhost")
|
1052
|
-
def allow_localhost(self) -> Optional[pulumi.Input[bool]]:
|
1159
|
+
def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1053
1160
|
"""
|
1054
1161
|
Flag to allow certificates for localhost
|
1055
1162
|
"""
|
1056
1163
|
return pulumi.get(self, "allow_localhost")
|
1057
1164
|
|
1058
1165
|
@allow_localhost.setter
|
1059
|
-
def allow_localhost(self, value: Optional[pulumi.Input[bool]]):
|
1166
|
+
def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1060
1167
|
pulumi.set(self, "allow_localhost", value)
|
1061
1168
|
|
1062
1169
|
@property
|
1063
1170
|
@pulumi.getter(name="allowSubdomains")
|
1064
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
|
1171
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1065
1172
|
"""
|
1066
1173
|
Flag to allow certificates matching subdomains
|
1067
1174
|
"""
|
1068
1175
|
return pulumi.get(self, "allow_subdomains")
|
1069
1176
|
|
1070
1177
|
@allow_subdomains.setter
|
1071
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
|
1178
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1072
1179
|
pulumi.set(self, "allow_subdomains", value)
|
1073
1180
|
|
1074
1181
|
@property
|
1075
1182
|
@pulumi.getter(name="allowWildcardCertificates")
|
1076
|
-
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[bool]]:
|
1183
|
+
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1077
1184
|
"""
|
1078
1185
|
Flag to allow wildcard certificates.
|
1079
1186
|
"""
|
1080
1187
|
return pulumi.get(self, "allow_wildcard_certificates")
|
1081
1188
|
|
1082
1189
|
@allow_wildcard_certificates.setter
|
1083
|
-
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[bool]]):
|
1190
|
+
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1084
1191
|
pulumi.set(self, "allow_wildcard_certificates", value)
|
1085
1192
|
|
1086
1193
|
@property
|
1087
1194
|
@pulumi.getter(name="allowedDomains")
|
1088
|
-
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1195
|
+
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1089
1196
|
"""
|
1090
1197
|
List of allowed domains for certificates
|
1091
1198
|
"""
|
1092
1199
|
return pulumi.get(self, "allowed_domains")
|
1093
1200
|
|
1094
1201
|
@allowed_domains.setter
|
1095
|
-
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1202
|
+
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1096
1203
|
pulumi.set(self, "allowed_domains", value)
|
1097
1204
|
|
1098
1205
|
@property
|
1099
1206
|
@pulumi.getter(name="allowedDomainsTemplate")
|
1100
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
|
1207
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1101
1208
|
"""
|
1102
1209
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1103
1210
|
"""
|
1104
1211
|
return pulumi.get(self, "allowed_domains_template")
|
1105
1212
|
|
1106
1213
|
@allowed_domains_template.setter
|
1107
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
|
1214
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1108
1215
|
pulumi.set(self, "allowed_domains_template", value)
|
1109
1216
|
|
1110
1217
|
@property
|
1111
1218
|
@pulumi.getter(name="allowedOtherSans")
|
1112
|
-
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1219
|
+
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1113
1220
|
"""
|
1114
1221
|
Defines allowed custom SANs
|
1115
1222
|
"""
|
1116
1223
|
return pulumi.get(self, "allowed_other_sans")
|
1117
1224
|
|
1118
1225
|
@allowed_other_sans.setter
|
1119
|
-
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1226
|
+
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1120
1227
|
pulumi.set(self, "allowed_other_sans", value)
|
1121
1228
|
|
1122
1229
|
@property
|
1123
1230
|
@pulumi.getter(name="allowedSerialNumbers")
|
1124
|
-
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1231
|
+
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1125
1232
|
"""
|
1126
1233
|
An array of allowed serial numbers to put in Subject
|
1127
1234
|
"""
|
1128
1235
|
return pulumi.get(self, "allowed_serial_numbers")
|
1129
1236
|
|
1130
1237
|
@allowed_serial_numbers.setter
|
1131
|
-
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1238
|
+
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1132
1239
|
pulumi.set(self, "allowed_serial_numbers", value)
|
1133
1240
|
|
1134
1241
|
@property
|
1135
1242
|
@pulumi.getter(name="allowedUriSans")
|
1136
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1243
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1137
1244
|
"""
|
1138
1245
|
Defines allowed URI SANs
|
1139
1246
|
"""
|
1140
1247
|
return pulumi.get(self, "allowed_uri_sans")
|
1141
1248
|
|
1142
1249
|
@allowed_uri_sans.setter
|
1143
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1250
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1144
1251
|
pulumi.set(self, "allowed_uri_sans", value)
|
1145
1252
|
|
1146
1253
|
@property
|
1147
1254
|
@pulumi.getter(name="allowedUriSansTemplate")
|
1148
|
-
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[bool]]:
|
1255
|
+
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1149
1256
|
"""
|
1150
1257
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1151
1258
|
"""
|
1152
1259
|
return pulumi.get(self, "allowed_uri_sans_template")
|
1153
1260
|
|
1154
1261
|
@allowed_uri_sans_template.setter
|
1155
|
-
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[bool]]):
|
1262
|
+
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1156
1263
|
pulumi.set(self, "allowed_uri_sans_template", value)
|
1157
1264
|
|
1158
1265
|
@property
|
1159
1266
|
@pulumi.getter(name="allowedUserIds")
|
1160
|
-
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1267
|
+
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1161
1268
|
"""
|
1162
1269
|
Defines allowed User IDs
|
1163
1270
|
"""
|
1164
1271
|
return pulumi.get(self, "allowed_user_ids")
|
1165
1272
|
|
1166
1273
|
@allowed_user_ids.setter
|
1167
|
-
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1274
|
+
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1168
1275
|
pulumi.set(self, "allowed_user_ids", value)
|
1169
1276
|
|
1170
1277
|
@property
|
1171
1278
|
@pulumi.getter
|
1172
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
1279
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
1173
1280
|
"""
|
1174
1281
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1175
1282
|
"""
|
1176
1283
|
return pulumi.get(self, "backend")
|
1177
1284
|
|
1178
1285
|
@backend.setter
|
1179
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
1286
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
1180
1287
|
pulumi.set(self, "backend", value)
|
1181
1288
|
|
1182
1289
|
@property
|
1183
1290
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
1184
|
-
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[bool]]:
|
1291
|
+
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1185
1292
|
"""
|
1186
1293
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
1187
1294
|
"""
|
1188
1295
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
1189
1296
|
|
1190
1297
|
@basic_constraints_valid_for_non_ca.setter
|
1191
|
-
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[bool]]):
|
1298
|
+
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1192
1299
|
pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
|
1193
1300
|
|
1194
1301
|
@property
|
1195
1302
|
@pulumi.getter(name="clientFlag")
|
1196
|
-
def client_flag(self) -> Optional[pulumi.Input[bool]]:
|
1303
|
+
def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1197
1304
|
"""
|
1198
1305
|
Flag to specify certificates for client use
|
1199
1306
|
"""
|
1200
1307
|
return pulumi.get(self, "client_flag")
|
1201
1308
|
|
1202
1309
|
@client_flag.setter
|
1203
|
-
def client_flag(self, value: Optional[pulumi.Input[bool]]):
|
1310
|
+
def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1204
1311
|
pulumi.set(self, "client_flag", value)
|
1205
1312
|
|
1206
1313
|
@property
|
1207
1314
|
@pulumi.getter(name="cnValidations")
|
1208
|
-
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1315
|
+
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1209
1316
|
"""
|
1210
1317
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1211
1318
|
"""
|
1212
1319
|
return pulumi.get(self, "cn_validations")
|
1213
1320
|
|
1214
1321
|
@cn_validations.setter
|
1215
|
-
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1322
|
+
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1216
1323
|
pulumi.set(self, "cn_validations", value)
|
1217
1324
|
|
1218
1325
|
@property
|
1219
1326
|
@pulumi.getter(name="codeSigningFlag")
|
1220
|
-
def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
|
1327
|
+
def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1221
1328
|
"""
|
1222
1329
|
Flag to specify certificates for code signing use
|
1223
1330
|
"""
|
1224
1331
|
return pulumi.get(self, "code_signing_flag")
|
1225
1332
|
|
1226
1333
|
@code_signing_flag.setter
|
1227
|
-
def code_signing_flag(self, value: Optional[pulumi.Input[bool]]):
|
1334
|
+
def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1228
1335
|
pulumi.set(self, "code_signing_flag", value)
|
1229
1336
|
|
1230
1337
|
@property
|
1231
1338
|
@pulumi.getter
|
1232
|
-
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1339
|
+
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1233
1340
|
"""
|
1234
1341
|
The country of generated certificates
|
1235
1342
|
"""
|
1236
1343
|
return pulumi.get(self, "countries")
|
1237
1344
|
|
1238
1345
|
@countries.setter
|
1239
|
-
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1346
|
+
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1240
1347
|
pulumi.set(self, "countries", value)
|
1241
1348
|
|
1242
1349
|
@property
|
1243
1350
|
@pulumi.getter(name="emailProtectionFlag")
|
1244
|
-
def email_protection_flag(self) -> Optional[pulumi.Input[bool]]:
|
1351
|
+
def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1245
1352
|
"""
|
1246
1353
|
Flag to specify certificates for email protection use
|
1247
1354
|
"""
|
1248
1355
|
return pulumi.get(self, "email_protection_flag")
|
1249
1356
|
|
1250
1357
|
@email_protection_flag.setter
|
1251
|
-
def email_protection_flag(self, value: Optional[pulumi.Input[bool]]):
|
1358
|
+
def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1252
1359
|
pulumi.set(self, "email_protection_flag", value)
|
1253
1360
|
|
1254
1361
|
@property
|
1255
1362
|
@pulumi.getter(name="enforceHostnames")
|
1256
|
-
def enforce_hostnames(self) -> Optional[pulumi.Input[bool]]:
|
1363
|
+
def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1257
1364
|
"""
|
1258
1365
|
Flag to allow only valid host names
|
1259
1366
|
"""
|
1260
1367
|
return pulumi.get(self, "enforce_hostnames")
|
1261
1368
|
|
1262
1369
|
@enforce_hostnames.setter
|
1263
|
-
def enforce_hostnames(self, value: Optional[pulumi.Input[bool]]):
|
1370
|
+
def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1264
1371
|
pulumi.set(self, "enforce_hostnames", value)
|
1265
1372
|
|
1266
1373
|
@property
|
1267
1374
|
@pulumi.getter(name="extKeyUsageOids")
|
1268
|
-
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1375
|
+
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1269
1376
|
"""
|
1270
1377
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
1271
1378
|
"""
|
1272
1379
|
return pulumi.get(self, "ext_key_usage_oids")
|
1273
1380
|
|
1274
1381
|
@ext_key_usage_oids.setter
|
1275
|
-
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1382
|
+
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1276
1383
|
pulumi.set(self, "ext_key_usage_oids", value)
|
1277
1384
|
|
1278
1385
|
@property
|
1279
1386
|
@pulumi.getter(name="extKeyUsages")
|
1280
|
-
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1387
|
+
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1281
1388
|
"""
|
1282
1389
|
Specify the allowed extended key usage constraint on issued certificates
|
1283
1390
|
"""
|
1284
1391
|
return pulumi.get(self, "ext_key_usages")
|
1285
1392
|
|
1286
1393
|
@ext_key_usages.setter
|
1287
|
-
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1394
|
+
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1288
1395
|
pulumi.set(self, "ext_key_usages", value)
|
1289
1396
|
|
1290
1397
|
@property
|
1291
1398
|
@pulumi.getter(name="generateLease")
|
1292
|
-
def generate_lease(self) -> Optional[pulumi.Input[bool]]:
|
1399
|
+
def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1293
1400
|
"""
|
1294
1401
|
Flag to generate leases with certificates
|
1295
1402
|
"""
|
1296
1403
|
return pulumi.get(self, "generate_lease")
|
1297
1404
|
|
1298
1405
|
@generate_lease.setter
|
1299
|
-
def generate_lease(self, value: Optional[pulumi.Input[bool]]):
|
1406
|
+
def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1300
1407
|
pulumi.set(self, "generate_lease", value)
|
1301
1408
|
|
1302
1409
|
@property
|
1303
1410
|
@pulumi.getter(name="issuerRef")
|
1304
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
1411
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
1305
1412
|
"""
|
1306
1413
|
Specifies the default issuer of this request. May
|
1307
1414
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -1311,24 +1418,24 @@ class _SecretBackendRoleState:
|
|
1311
1418
|
return pulumi.get(self, "issuer_ref")
|
1312
1419
|
|
1313
1420
|
@issuer_ref.setter
|
1314
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
1421
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
1315
1422
|
pulumi.set(self, "issuer_ref", value)
|
1316
1423
|
|
1317
1424
|
@property
|
1318
1425
|
@pulumi.getter(name="keyBits")
|
1319
|
-
def key_bits(self) -> Optional[pulumi.Input[int]]:
|
1426
|
+
def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
1320
1427
|
"""
|
1321
1428
|
The number of bits of generated keys
|
1322
1429
|
"""
|
1323
1430
|
return pulumi.get(self, "key_bits")
|
1324
1431
|
|
1325
1432
|
@key_bits.setter
|
1326
|
-
def key_bits(self, value: Optional[pulumi.Input[int]]):
|
1433
|
+
def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
1327
1434
|
pulumi.set(self, "key_bits", value)
|
1328
1435
|
|
1329
1436
|
@property
|
1330
1437
|
@pulumi.getter(name="keyType")
|
1331
|
-
def key_type(self) -> Optional[pulumi.Input[str]]:
|
1438
|
+
def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
1332
1439
|
"""
|
1333
1440
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1334
1441
|
Defaults to `rsa`
|
@@ -1336,12 +1443,12 @@ class _SecretBackendRoleState:
|
|
1336
1443
|
return pulumi.get(self, "key_type")
|
1337
1444
|
|
1338
1445
|
@key_type.setter
|
1339
|
-
def key_type(self, value: Optional[pulumi.Input[str]]):
|
1446
|
+
def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
1340
1447
|
pulumi.set(self, "key_type", value)
|
1341
1448
|
|
1342
1449
|
@property
|
1343
1450
|
@pulumi.getter(name="keyUsages")
|
1344
|
-
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1451
|
+
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1345
1452
|
"""
|
1346
1453
|
Specify the allowed key usage constraint on issued
|
1347
1454
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
@@ -1350,48 +1457,48 @@ class _SecretBackendRoleState:
|
|
1350
1457
|
return pulumi.get(self, "key_usages")
|
1351
1458
|
|
1352
1459
|
@key_usages.setter
|
1353
|
-
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1460
|
+
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1354
1461
|
pulumi.set(self, "key_usages", value)
|
1355
1462
|
|
1356
1463
|
@property
|
1357
1464
|
@pulumi.getter
|
1358
|
-
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1465
|
+
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1359
1466
|
"""
|
1360
1467
|
The locality of generated certificates
|
1361
1468
|
"""
|
1362
1469
|
return pulumi.get(self, "localities")
|
1363
1470
|
|
1364
1471
|
@localities.setter
|
1365
|
-
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1472
|
+
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1366
1473
|
pulumi.set(self, "localities", value)
|
1367
1474
|
|
1368
1475
|
@property
|
1369
1476
|
@pulumi.getter(name="maxTtl")
|
1370
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
1477
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
1371
1478
|
"""
|
1372
1479
|
The maximum lease TTL, in seconds, for the role.
|
1373
1480
|
"""
|
1374
1481
|
return pulumi.get(self, "max_ttl")
|
1375
1482
|
|
1376
1483
|
@max_ttl.setter
|
1377
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
1484
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
1378
1485
|
pulumi.set(self, "max_ttl", value)
|
1379
1486
|
|
1380
1487
|
@property
|
1381
1488
|
@pulumi.getter
|
1382
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
1489
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
1383
1490
|
"""
|
1384
1491
|
The name to identify this role within the backend. Must be unique within the backend.
|
1385
1492
|
"""
|
1386
1493
|
return pulumi.get(self, "name")
|
1387
1494
|
|
1388
1495
|
@name.setter
|
1389
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
1496
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
1390
1497
|
pulumi.set(self, "name", value)
|
1391
1498
|
|
1392
1499
|
@property
|
1393
1500
|
@pulumi.getter
|
1394
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1501
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
1395
1502
|
"""
|
1396
1503
|
The namespace to provision the resource in.
|
1397
1504
|
The value should not contain leading or trailing forward slashes.
|
@@ -1401,55 +1508,79 @@ class _SecretBackendRoleState:
|
|
1401
1508
|
return pulumi.get(self, "namespace")
|
1402
1509
|
|
1403
1510
|
@namespace.setter
|
1404
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1511
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
1405
1512
|
pulumi.set(self, "namespace", value)
|
1406
1513
|
|
1407
1514
|
@property
|
1408
1515
|
@pulumi.getter(name="noStore")
|
1409
|
-
def no_store(self) -> Optional[pulumi.Input[bool]]:
|
1516
|
+
def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1410
1517
|
"""
|
1411
1518
|
Flag to not store certificates in the storage backend
|
1412
1519
|
"""
|
1413
1520
|
return pulumi.get(self, "no_store")
|
1414
1521
|
|
1415
1522
|
@no_store.setter
|
1416
|
-
def no_store(self, value: Optional[pulumi.Input[bool]]):
|
1523
|
+
def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1417
1524
|
pulumi.set(self, "no_store", value)
|
1418
1525
|
|
1526
|
+
@property
|
1527
|
+
@pulumi.getter(name="noStoreMetadata")
|
1528
|
+
def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1529
|
+
"""
|
1530
|
+
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
1531
|
+
"""
|
1532
|
+
return pulumi.get(self, "no_store_metadata")
|
1533
|
+
|
1534
|
+
@no_store_metadata.setter
|
1535
|
+
def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1536
|
+
pulumi.set(self, "no_store_metadata", value)
|
1537
|
+
|
1538
|
+
@property
|
1539
|
+
@pulumi.getter(name="notAfter")
|
1540
|
+
def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
|
1541
|
+
"""
|
1542
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1543
|
+
"""
|
1544
|
+
return pulumi.get(self, "not_after")
|
1545
|
+
|
1546
|
+
@not_after.setter
|
1547
|
+
def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
|
1548
|
+
pulumi.set(self, "not_after", value)
|
1549
|
+
|
1419
1550
|
@property
|
1420
1551
|
@pulumi.getter(name="notBeforeDuration")
|
1421
|
-
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
1552
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
1422
1553
|
"""
|
1423
1554
|
Specifies the duration by which to backdate the NotBefore property.
|
1424
1555
|
"""
|
1425
1556
|
return pulumi.get(self, "not_before_duration")
|
1426
1557
|
|
1427
1558
|
@not_before_duration.setter
|
1428
|
-
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
1559
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
1429
1560
|
pulumi.set(self, "not_before_duration", value)
|
1430
1561
|
|
1431
1562
|
@property
|
1432
1563
|
@pulumi.getter(name="organizationUnit")
|
1433
|
-
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1564
|
+
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1434
1565
|
"""
|
1435
1566
|
The organization unit of generated certificates
|
1436
1567
|
"""
|
1437
1568
|
return pulumi.get(self, "organization_unit")
|
1438
1569
|
|
1439
1570
|
@organization_unit.setter
|
1440
|
-
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1571
|
+
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1441
1572
|
pulumi.set(self, "organization_unit", value)
|
1442
1573
|
|
1443
1574
|
@property
|
1444
1575
|
@pulumi.getter
|
1445
|
-
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1576
|
+
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1446
1577
|
"""
|
1447
1578
|
The organization of generated certificates
|
1448
1579
|
"""
|
1449
1580
|
return pulumi.get(self, "organizations")
|
1450
1581
|
|
1451
1582
|
@organizations.setter
|
1452
|
-
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1583
|
+
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1453
1584
|
pulumi.set(self, "organizations", value)
|
1454
1585
|
|
1455
1586
|
@property
|
@@ -1466,165 +1597,208 @@ class _SecretBackendRoleState:
|
|
1466
1597
|
|
1467
1598
|
@property
|
1468
1599
|
@pulumi.getter(name="policyIdentifiers")
|
1469
|
-
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1600
|
+
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1470
1601
|
"""
|
1471
1602
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1472
1603
|
"""
|
1473
1604
|
return pulumi.get(self, "policy_identifiers")
|
1474
1605
|
|
1475
1606
|
@policy_identifiers.setter
|
1476
|
-
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1607
|
+
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1477
1608
|
pulumi.set(self, "policy_identifiers", value)
|
1478
1609
|
|
1479
1610
|
@property
|
1480
1611
|
@pulumi.getter(name="postalCodes")
|
1481
|
-
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1612
|
+
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1482
1613
|
"""
|
1483
1614
|
The postal code of generated certificates
|
1484
1615
|
"""
|
1485
1616
|
return pulumi.get(self, "postal_codes")
|
1486
1617
|
|
1487
1618
|
@postal_codes.setter
|
1488
|
-
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1619
|
+
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1489
1620
|
pulumi.set(self, "postal_codes", value)
|
1490
1621
|
|
1491
1622
|
@property
|
1492
1623
|
@pulumi.getter
|
1493
|
-
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1624
|
+
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1494
1625
|
"""
|
1495
1626
|
The province of generated certificates
|
1496
1627
|
"""
|
1497
1628
|
return pulumi.get(self, "provinces")
|
1498
1629
|
|
1499
1630
|
@provinces.setter
|
1500
|
-
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1631
|
+
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1501
1632
|
pulumi.set(self, "provinces", value)
|
1502
1633
|
|
1503
1634
|
@property
|
1504
1635
|
@pulumi.getter(name="requireCn")
|
1505
|
-
def require_cn(self) -> Optional[pulumi.Input[bool]]:
|
1636
|
+
def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1506
1637
|
"""
|
1507
1638
|
Flag to force CN usage
|
1508
1639
|
"""
|
1509
1640
|
return pulumi.get(self, "require_cn")
|
1510
1641
|
|
1511
1642
|
@require_cn.setter
|
1512
|
-
def require_cn(self, value: Optional[pulumi.Input[bool]]):
|
1643
|
+
def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1513
1644
|
pulumi.set(self, "require_cn", value)
|
1514
1645
|
|
1646
|
+
@property
|
1647
|
+
@pulumi.getter(name="serialNumberSource")
|
1648
|
+
def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
|
1649
|
+
"""
|
1650
|
+
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
1651
|
+
|
1652
|
+
Example usage:
|
1653
|
+
"""
|
1654
|
+
return pulumi.get(self, "serial_number_source")
|
1655
|
+
|
1656
|
+
@serial_number_source.setter
|
1657
|
+
def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
|
1658
|
+
pulumi.set(self, "serial_number_source", value)
|
1659
|
+
|
1515
1660
|
@property
|
1516
1661
|
@pulumi.getter(name="serverFlag")
|
1517
|
-
def server_flag(self) -> Optional[pulumi.Input[bool]]:
|
1662
|
+
def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1518
1663
|
"""
|
1519
1664
|
Flag to specify certificates for server use
|
1520
1665
|
"""
|
1521
1666
|
return pulumi.get(self, "server_flag")
|
1522
1667
|
|
1523
1668
|
@server_flag.setter
|
1524
|
-
def server_flag(self, value: Optional[pulumi.Input[bool]]):
|
1669
|
+
def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1525
1670
|
pulumi.set(self, "server_flag", value)
|
1526
1671
|
|
1672
|
+
@property
|
1673
|
+
@pulumi.getter(name="signatureBits")
|
1674
|
+
def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
1675
|
+
"""
|
1676
|
+
The number of bits to use in the signature algorithm
|
1677
|
+
"""
|
1678
|
+
return pulumi.get(self, "signature_bits")
|
1679
|
+
|
1680
|
+
@signature_bits.setter
|
1681
|
+
def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
1682
|
+
pulumi.set(self, "signature_bits", value)
|
1683
|
+
|
1527
1684
|
@property
|
1528
1685
|
@pulumi.getter(name="streetAddresses")
|
1529
|
-
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1686
|
+
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1530
1687
|
"""
|
1531
1688
|
The street address of generated certificates
|
1532
1689
|
"""
|
1533
1690
|
return pulumi.get(self, "street_addresses")
|
1534
1691
|
|
1535
1692
|
@street_addresses.setter
|
1536
|
-
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1693
|
+
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1537
1694
|
pulumi.set(self, "street_addresses", value)
|
1538
1695
|
|
1539
1696
|
@property
|
1540
1697
|
@pulumi.getter
|
1541
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
1698
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
1542
1699
|
"""
|
1543
1700
|
The TTL, in seconds, for any certificate issued against this role.
|
1544
1701
|
"""
|
1545
1702
|
return pulumi.get(self, "ttl")
|
1546
1703
|
|
1547
1704
|
@ttl.setter
|
1548
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
1705
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
1549
1706
|
pulumi.set(self, "ttl", value)
|
1550
1707
|
|
1551
1708
|
@property
|
1552
1709
|
@pulumi.getter(name="useCsrCommonName")
|
1553
|
-
def use_csr_common_name(self) -> Optional[pulumi.Input[bool]]:
|
1710
|
+
def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1554
1711
|
"""
|
1555
1712
|
Flag to use the CN in the CSR
|
1556
1713
|
"""
|
1557
1714
|
return pulumi.get(self, "use_csr_common_name")
|
1558
1715
|
|
1559
1716
|
@use_csr_common_name.setter
|
1560
|
-
def use_csr_common_name(self, value: Optional[pulumi.Input[bool]]):
|
1717
|
+
def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1561
1718
|
pulumi.set(self, "use_csr_common_name", value)
|
1562
1719
|
|
1563
1720
|
@property
|
1564
1721
|
@pulumi.getter(name="useCsrSans")
|
1565
|
-
def use_csr_sans(self) -> Optional[pulumi.Input[bool]]:
|
1722
|
+
def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1566
1723
|
"""
|
1567
1724
|
Flag to use the SANs in the CSR
|
1568
1725
|
"""
|
1569
1726
|
return pulumi.get(self, "use_csr_sans")
|
1570
1727
|
|
1571
1728
|
@use_csr_sans.setter
|
1572
|
-
def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
|
1729
|
+
def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1573
1730
|
pulumi.set(self, "use_csr_sans", value)
|
1574
1731
|
|
1732
|
+
@property
|
1733
|
+
@pulumi.getter(name="usePss")
|
1734
|
+
def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1735
|
+
"""
|
1736
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
1737
|
+
"""
|
1738
|
+
return pulumi.get(self, "use_pss")
|
1739
|
+
|
1740
|
+
@use_pss.setter
|
1741
|
+
def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1742
|
+
pulumi.set(self, "use_pss", value)
|
1743
|
+
|
1575
1744
|
|
1576
1745
|
class SecretBackendRole(pulumi.CustomResource):
|
1577
1746
|
@overload
|
1578
1747
|
def __init__(__self__,
|
1579
1748
|
resource_name: str,
|
1580
1749
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1581
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
1582
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1583
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
1584
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
1585
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
1586
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1587
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
1588
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1589
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1590
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1591
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1592
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1593
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
1594
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1595
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1596
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
1597
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
1598
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1599
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
1600
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1601
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
1602
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
1603
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1604
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1605
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
1606
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
1607
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
1608
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1609
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1610
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1611
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1612
|
-
name: Optional[pulumi.Input[str]] = None,
|
1613
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1614
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
1615
|
-
|
1616
|
-
|
1617
|
-
|
1750
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
1751
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1752
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1753
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1754
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
1755
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
1756
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1757
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1758
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1759
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1760
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1761
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1762
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1763
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1764
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1765
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
1766
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1767
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1768
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1769
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1770
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1771
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
1772
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1773
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1774
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
1775
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1776
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1777
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
1778
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1779
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1780
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1781
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1782
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1783
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1784
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1785
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1786
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1787
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1788
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1618
1789
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
1619
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1620
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1621
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1622
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
1623
|
-
|
1624
|
-
|
1625
|
-
|
1626
|
-
|
1627
|
-
|
1790
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1791
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1792
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1793
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
1794
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
1795
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1796
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1797
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1798
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1799
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
1800
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1801
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None,
|
1628
1802
|
__props__=None):
|
1629
1803
|
"""
|
1630
1804
|
Creates a role on an PKI Secret Backend for Vault.
|
@@ -1664,62 +1838,69 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1664
1838
|
|
1665
1839
|
:param str resource_name: The name of the resource.
|
1666
1840
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1667
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
1668
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
1669
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
1670
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
1671
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
1672
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
1673
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
1674
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
1675
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1676
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
1677
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
1678
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
1679
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1680
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
1681
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1682
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
1683
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
1684
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1685
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
1686
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
1687
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
1688
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
1689
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
1690
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
1691
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
1692
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
1841
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
1842
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
1843
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
1844
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
1845
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
1846
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
1847
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
1848
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
1849
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1850
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
1851
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
1852
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
1853
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1854
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
1855
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1856
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
1857
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
1858
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1859
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
1860
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
1861
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
1862
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
1863
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
1864
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
1865
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
1866
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
1693
1867
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
1694
1868
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
1695
1869
|
overriding the role's `issuer_ref` value.
|
1696
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
1697
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1870
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
1871
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1698
1872
|
Defaults to `rsa`
|
1699
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
1873
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
1700
1874
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
1701
1875
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
1702
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
1703
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
1704
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
1705
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1876
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
1877
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
1878
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
1879
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1706
1880
|
The value should not contain leading or trailing forward slashes.
|
1707
1881
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1708
1882
|
*Available only for Vault Enterprise*.
|
1709
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
1710
|
-
:param pulumi.Input[
|
1711
|
-
:param pulumi.Input[
|
1712
|
-
:param pulumi.Input[
|
1883
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
1884
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
1885
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1886
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
1887
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
1888
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
1713
1889
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
1714
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1715
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
1716
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
1717
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
1718
|
-
:param pulumi.Input[
|
1719
|
-
|
1720
|
-
|
1721
|
-
:param pulumi.Input[bool]
|
1722
|
-
:param pulumi.Input[
|
1890
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1891
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
1892
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
1893
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
1894
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
1895
|
+
|
1896
|
+
Example usage:
|
1897
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
1898
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
1899
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
1900
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
1901
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
1902
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
1903
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
1723
1904
|
"""
|
1724
1905
|
...
|
1725
1906
|
@overload
|
@@ -1778,53 +1959,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1778
1959
|
def _internal_init(__self__,
|
1779
1960
|
resource_name: str,
|
1780
1961
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1781
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
1782
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1783
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
1784
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
1785
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
1786
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1787
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
1788
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1789
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1790
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1791
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1792
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1793
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
1794
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1795
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1796
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
1797
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
1798
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1799
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
1800
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1801
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
1802
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
1803
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1804
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1805
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
1806
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
1807
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
1808
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1809
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1810
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1811
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1812
|
-
name: Optional[pulumi.Input[str]] = None,
|
1813
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1814
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
1815
|
-
|
1816
|
-
|
1817
|
-
|
1962
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
1963
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1964
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1965
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1966
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
1967
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
1968
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1969
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1970
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1971
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1972
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1973
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1974
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1975
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1976
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1977
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
1978
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1979
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1980
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1981
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1982
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1983
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
1984
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1985
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1986
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
1987
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1988
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1989
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
1990
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1991
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1992
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1993
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1994
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1995
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1996
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1997
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1998
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1999
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2000
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1818
2001
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
1819
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1820
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1821
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1822
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
1823
|
-
|
1824
|
-
|
1825
|
-
|
1826
|
-
|
1827
|
-
|
2002
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2003
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2004
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2005
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
2006
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
2007
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2008
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
2009
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2010
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
2011
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
2012
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
2013
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None,
|
1828
2014
|
__props__=None):
|
1829
2015
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1830
2016
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1870,6 +2056,8 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1870
2056
|
__props__.__dict__["name"] = name
|
1871
2057
|
__props__.__dict__["namespace"] = namespace
|
1872
2058
|
__props__.__dict__["no_store"] = no_store
|
2059
|
+
__props__.__dict__["no_store_metadata"] = no_store_metadata
|
2060
|
+
__props__.__dict__["not_after"] = not_after
|
1873
2061
|
__props__.__dict__["not_before_duration"] = not_before_duration
|
1874
2062
|
__props__.__dict__["organization_unit"] = organization_unit
|
1875
2063
|
__props__.__dict__["organizations"] = organizations
|
@@ -1878,11 +2066,14 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1878
2066
|
__props__.__dict__["postal_codes"] = postal_codes
|
1879
2067
|
__props__.__dict__["provinces"] = provinces
|
1880
2068
|
__props__.__dict__["require_cn"] = require_cn
|
2069
|
+
__props__.__dict__["serial_number_source"] = serial_number_source
|
1881
2070
|
__props__.__dict__["server_flag"] = server_flag
|
2071
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1882
2072
|
__props__.__dict__["street_addresses"] = street_addresses
|
1883
2073
|
__props__.__dict__["ttl"] = ttl
|
1884
2074
|
__props__.__dict__["use_csr_common_name"] = use_csr_common_name
|
1885
2075
|
__props__.__dict__["use_csr_sans"] = use_csr_sans
|
2076
|
+
__props__.__dict__["use_pss"] = use_pss
|
1886
2077
|
super(SecretBackendRole, __self__).__init__(
|
1887
2078
|
'vault:pkiSecret/secretBackendRole:SecretBackendRole',
|
1888
2079
|
resource_name,
|
@@ -1893,53 +2084,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1893
2084
|
def get(resource_name: str,
|
1894
2085
|
id: pulumi.Input[str],
|
1895
2086
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1896
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
1897
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1898
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
1899
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
1900
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
1901
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1902
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
1903
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1904
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1905
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1906
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1907
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1908
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
1909
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1910
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1911
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
1912
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
1913
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1914
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
1915
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1916
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
1917
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
1918
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1919
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1920
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
1921
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
1922
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
1923
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1924
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1925
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1926
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1927
|
-
name: Optional[pulumi.Input[str]] = None,
|
1928
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1929
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
1930
|
-
|
1931
|
-
|
1932
|
-
|
2087
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
2088
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
2089
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
2090
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
2091
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
2092
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
2093
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
2094
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2095
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
2096
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2097
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2098
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2099
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
2100
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2101
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
2102
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
2103
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2104
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2105
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2106
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2107
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2108
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
2109
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2110
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2111
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
2112
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
2113
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
2114
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
2115
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2116
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2117
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
2118
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
2119
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
2120
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
2121
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
2122
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
2123
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
2124
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2125
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1933
2126
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
1934
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1935
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1936
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1937
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
1938
|
-
|
1939
|
-
|
1940
|
-
|
1941
|
-
|
1942
|
-
|
2127
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2128
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2129
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2130
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
2131
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
2132
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2133
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
2134
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2135
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
2136
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
2137
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
2138
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendRole':
|
1943
2139
|
"""
|
1944
2140
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
1945
2141
|
properties used to qualify the lookup.
|
@@ -1947,62 +2143,69 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1947
2143
|
:param str resource_name: The unique name of the resulting resource.
|
1948
2144
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1949
2145
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1950
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
1951
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
1952
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
1953
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
1954
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
1955
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
1956
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
1957
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
1958
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1959
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
1960
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
1961
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
1962
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1963
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
1964
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1965
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
1966
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
1967
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1968
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
1969
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
1970
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
1971
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
1972
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
1973
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
1974
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
1975
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
2146
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
2147
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
2148
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
2149
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
2150
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
2151
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
2152
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
2153
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
2154
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2155
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
2156
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
2157
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
2158
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2159
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
2160
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
2161
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
2162
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
2163
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
2164
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
2165
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
2166
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
2167
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
2168
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
2169
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
2170
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
2171
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
1976
2172
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
1977
2173
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
1978
2174
|
overriding the role's `issuer_ref` value.
|
1979
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
1980
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
2175
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
2176
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1981
2177
|
Defaults to `rsa`
|
1982
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
2178
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
1983
2179
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
1984
2180
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
1985
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
1986
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
1987
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
1988
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
2181
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
2182
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
2183
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
2184
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1989
2185
|
The value should not contain leading or trailing forward slashes.
|
1990
2186
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1991
2187
|
*Available only for Vault Enterprise*.
|
1992
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
1993
|
-
:param pulumi.Input[
|
1994
|
-
:param pulumi.Input[
|
1995
|
-
:param pulumi.Input[
|
2188
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
2189
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
2190
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
2191
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
2192
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
2193
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
1996
2194
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
1997
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1998
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
1999
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
2000
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
2001
|
-
:param pulumi.Input[
|
2002
|
-
|
2003
|
-
|
2004
|
-
:param pulumi.Input[bool]
|
2005
|
-
:param pulumi.Input[
|
2195
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
2196
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
2197
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
2198
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
2199
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
2200
|
+
|
2201
|
+
Example usage:
|
2202
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
2203
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
2204
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
2205
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
2206
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
2207
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
2208
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
2006
2209
|
"""
|
2007
2210
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
2008
2211
|
|
@@ -2042,6 +2245,8 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2042
2245
|
__props__.__dict__["name"] = name
|
2043
2246
|
__props__.__dict__["namespace"] = namespace
|
2044
2247
|
__props__.__dict__["no_store"] = no_store
|
2248
|
+
__props__.__dict__["no_store_metadata"] = no_store_metadata
|
2249
|
+
__props__.__dict__["not_after"] = not_after
|
2045
2250
|
__props__.__dict__["not_before_duration"] = not_before_duration
|
2046
2251
|
__props__.__dict__["organization_unit"] = organization_unit
|
2047
2252
|
__props__.__dict__["organizations"] = organizations
|
@@ -2050,16 +2255,19 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2050
2255
|
__props__.__dict__["postal_codes"] = postal_codes
|
2051
2256
|
__props__.__dict__["provinces"] = provinces
|
2052
2257
|
__props__.__dict__["require_cn"] = require_cn
|
2258
|
+
__props__.__dict__["serial_number_source"] = serial_number_source
|
2053
2259
|
__props__.__dict__["server_flag"] = server_flag
|
2260
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
2054
2261
|
__props__.__dict__["street_addresses"] = street_addresses
|
2055
2262
|
__props__.__dict__["ttl"] = ttl
|
2056
2263
|
__props__.__dict__["use_csr_common_name"] = use_csr_common_name
|
2057
2264
|
__props__.__dict__["use_csr_sans"] = use_csr_sans
|
2265
|
+
__props__.__dict__["use_pss"] = use_pss
|
2058
2266
|
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
2059
2267
|
|
2060
2268
|
@property
|
2061
2269
|
@pulumi.getter(name="allowAnyName")
|
2062
|
-
def allow_any_name(self) -> pulumi.Output[Optional[bool]]:
|
2270
|
+
def allow_any_name(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2063
2271
|
"""
|
2064
2272
|
Flag to allow any name
|
2065
2273
|
"""
|
@@ -2067,7 +2275,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2067
2275
|
|
2068
2276
|
@property
|
2069
2277
|
@pulumi.getter(name="allowBareDomains")
|
2070
|
-
def allow_bare_domains(self) -> pulumi.Output[Optional[bool]]:
|
2278
|
+
def allow_bare_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2071
2279
|
"""
|
2072
2280
|
Flag to allow certificates matching the actual domain
|
2073
2281
|
"""
|
@@ -2075,7 +2283,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2075
2283
|
|
2076
2284
|
@property
|
2077
2285
|
@pulumi.getter(name="allowGlobDomains")
|
2078
|
-
def allow_glob_domains(self) -> pulumi.Output[Optional[bool]]:
|
2286
|
+
def allow_glob_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2079
2287
|
"""
|
2080
2288
|
Flag to allow names containing glob patterns.
|
2081
2289
|
"""
|
@@ -2083,7 +2291,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2083
2291
|
|
2084
2292
|
@property
|
2085
2293
|
@pulumi.getter(name="allowIpSans")
|
2086
|
-
def allow_ip_sans(self) -> pulumi.Output[Optional[bool]]:
|
2294
|
+
def allow_ip_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2087
2295
|
"""
|
2088
2296
|
Flag to allow IP SANs
|
2089
2297
|
"""
|
@@ -2091,7 +2299,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2091
2299
|
|
2092
2300
|
@property
|
2093
2301
|
@pulumi.getter(name="allowLocalhost")
|
2094
|
-
def allow_localhost(self) -> pulumi.Output[Optional[bool]]:
|
2302
|
+
def allow_localhost(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2095
2303
|
"""
|
2096
2304
|
Flag to allow certificates for localhost
|
2097
2305
|
"""
|
@@ -2099,7 +2307,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2099
2307
|
|
2100
2308
|
@property
|
2101
2309
|
@pulumi.getter(name="allowSubdomains")
|
2102
|
-
def allow_subdomains(self) -> pulumi.Output[Optional[bool]]:
|
2310
|
+
def allow_subdomains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2103
2311
|
"""
|
2104
2312
|
Flag to allow certificates matching subdomains
|
2105
2313
|
"""
|
@@ -2107,7 +2315,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2107
2315
|
|
2108
2316
|
@property
|
2109
2317
|
@pulumi.getter(name="allowWildcardCertificates")
|
2110
|
-
def allow_wildcard_certificates(self) -> pulumi.Output[Optional[bool]]:
|
2318
|
+
def allow_wildcard_certificates(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2111
2319
|
"""
|
2112
2320
|
Flag to allow wildcard certificates.
|
2113
2321
|
"""
|
@@ -2115,7 +2323,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2115
2323
|
|
2116
2324
|
@property
|
2117
2325
|
@pulumi.getter(name="allowedDomains")
|
2118
|
-
def allowed_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2326
|
+
def allowed_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2119
2327
|
"""
|
2120
2328
|
List of allowed domains for certificates
|
2121
2329
|
"""
|
@@ -2123,7 +2331,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2123
2331
|
|
2124
2332
|
@property
|
2125
2333
|
@pulumi.getter(name="allowedDomainsTemplate")
|
2126
|
-
def allowed_domains_template(self) -> pulumi.Output[Optional[bool]]:
|
2334
|
+
def allowed_domains_template(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2127
2335
|
"""
|
2128
2336
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2129
2337
|
"""
|
@@ -2131,7 +2339,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2131
2339
|
|
2132
2340
|
@property
|
2133
2341
|
@pulumi.getter(name="allowedOtherSans")
|
2134
|
-
def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2342
|
+
def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2135
2343
|
"""
|
2136
2344
|
Defines allowed custom SANs
|
2137
2345
|
"""
|
@@ -2139,7 +2347,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2139
2347
|
|
2140
2348
|
@property
|
2141
2349
|
@pulumi.getter(name="allowedSerialNumbers")
|
2142
|
-
def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2350
|
+
def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2143
2351
|
"""
|
2144
2352
|
An array of allowed serial numbers to put in Subject
|
2145
2353
|
"""
|
@@ -2147,7 +2355,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2147
2355
|
|
2148
2356
|
@property
|
2149
2357
|
@pulumi.getter(name="allowedUriSans")
|
2150
|
-
def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2358
|
+
def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2151
2359
|
"""
|
2152
2360
|
Defines allowed URI SANs
|
2153
2361
|
"""
|
@@ -2155,7 +2363,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2155
2363
|
|
2156
2364
|
@property
|
2157
2365
|
@pulumi.getter(name="allowedUriSansTemplate")
|
2158
|
-
def allowed_uri_sans_template(self) -> pulumi.Output[bool]:
|
2366
|
+
def allowed_uri_sans_template(self) -> pulumi.Output[builtins.bool]:
|
2159
2367
|
"""
|
2160
2368
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2161
2369
|
"""
|
@@ -2163,7 +2371,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2163
2371
|
|
2164
2372
|
@property
|
2165
2373
|
@pulumi.getter(name="allowedUserIds")
|
2166
|
-
def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2374
|
+
def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2167
2375
|
"""
|
2168
2376
|
Defines allowed User IDs
|
2169
2377
|
"""
|
@@ -2171,7 +2379,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2171
2379
|
|
2172
2380
|
@property
|
2173
2381
|
@pulumi.getter
|
2174
|
-
def backend(self) -> pulumi.Output[str]:
|
2382
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
2175
2383
|
"""
|
2176
2384
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
2177
2385
|
"""
|
@@ -2179,7 +2387,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2179
2387
|
|
2180
2388
|
@property
|
2181
2389
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
2182
|
-
def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[bool]]:
|
2390
|
+
def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2183
2391
|
"""
|
2184
2392
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
2185
2393
|
"""
|
@@ -2187,7 +2395,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2187
2395
|
|
2188
2396
|
@property
|
2189
2397
|
@pulumi.getter(name="clientFlag")
|
2190
|
-
def client_flag(self) -> pulumi.Output[Optional[bool]]:
|
2398
|
+
def client_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2191
2399
|
"""
|
2192
2400
|
Flag to specify certificates for client use
|
2193
2401
|
"""
|
@@ -2195,7 +2403,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2195
2403
|
|
2196
2404
|
@property
|
2197
2405
|
@pulumi.getter(name="cnValidations")
|
2198
|
-
def cn_validations(self) -> pulumi.Output[Sequence[str]]:
|
2406
|
+
def cn_validations(self) -> pulumi.Output[Sequence[builtins.str]]:
|
2199
2407
|
"""
|
2200
2408
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
2201
2409
|
"""
|
@@ -2203,7 +2411,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2203
2411
|
|
2204
2412
|
@property
|
2205
2413
|
@pulumi.getter(name="codeSigningFlag")
|
2206
|
-
def code_signing_flag(self) -> pulumi.Output[Optional[bool]]:
|
2414
|
+
def code_signing_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2207
2415
|
"""
|
2208
2416
|
Flag to specify certificates for code signing use
|
2209
2417
|
"""
|
@@ -2211,7 +2419,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2211
2419
|
|
2212
2420
|
@property
|
2213
2421
|
@pulumi.getter
|
2214
|
-
def countries(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2422
|
+
def countries(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2215
2423
|
"""
|
2216
2424
|
The country of generated certificates
|
2217
2425
|
"""
|
@@ -2219,7 +2427,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2219
2427
|
|
2220
2428
|
@property
|
2221
2429
|
@pulumi.getter(name="emailProtectionFlag")
|
2222
|
-
def email_protection_flag(self) -> pulumi.Output[Optional[bool]]:
|
2430
|
+
def email_protection_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2223
2431
|
"""
|
2224
2432
|
Flag to specify certificates for email protection use
|
2225
2433
|
"""
|
@@ -2227,7 +2435,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2227
2435
|
|
2228
2436
|
@property
|
2229
2437
|
@pulumi.getter(name="enforceHostnames")
|
2230
|
-
def enforce_hostnames(self) -> pulumi.Output[Optional[bool]]:
|
2438
|
+
def enforce_hostnames(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2231
2439
|
"""
|
2232
2440
|
Flag to allow only valid host names
|
2233
2441
|
"""
|
@@ -2235,7 +2443,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2235
2443
|
|
2236
2444
|
@property
|
2237
2445
|
@pulumi.getter(name="extKeyUsageOids")
|
2238
|
-
def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2446
|
+
def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2239
2447
|
"""
|
2240
2448
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
2241
2449
|
"""
|
@@ -2243,7 +2451,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2243
2451
|
|
2244
2452
|
@property
|
2245
2453
|
@pulumi.getter(name="extKeyUsages")
|
2246
|
-
def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2454
|
+
def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2247
2455
|
"""
|
2248
2456
|
Specify the allowed extended key usage constraint on issued certificates
|
2249
2457
|
"""
|
@@ -2251,7 +2459,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2251
2459
|
|
2252
2460
|
@property
|
2253
2461
|
@pulumi.getter(name="generateLease")
|
2254
|
-
def generate_lease(self) -> pulumi.Output[Optional[bool]]:
|
2462
|
+
def generate_lease(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2255
2463
|
"""
|
2256
2464
|
Flag to generate leases with certificates
|
2257
2465
|
"""
|
@@ -2259,7 +2467,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2259
2467
|
|
2260
2468
|
@property
|
2261
2469
|
@pulumi.getter(name="issuerRef")
|
2262
|
-
def issuer_ref(self) -> pulumi.Output[str]:
|
2470
|
+
def issuer_ref(self) -> pulumi.Output[builtins.str]:
|
2263
2471
|
"""
|
2264
2472
|
Specifies the default issuer of this request. May
|
2265
2473
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -2270,7 +2478,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2270
2478
|
|
2271
2479
|
@property
|
2272
2480
|
@pulumi.getter(name="keyBits")
|
2273
|
-
def key_bits(self) -> pulumi.Output[Optional[int]]:
|
2481
|
+
def key_bits(self) -> pulumi.Output[Optional[builtins.int]]:
|
2274
2482
|
"""
|
2275
2483
|
The number of bits of generated keys
|
2276
2484
|
"""
|
@@ -2278,7 +2486,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2278
2486
|
|
2279
2487
|
@property
|
2280
2488
|
@pulumi.getter(name="keyType")
|
2281
|
-
def key_type(self) -> pulumi.Output[Optional[str]]:
|
2489
|
+
def key_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
2282
2490
|
"""
|
2283
2491
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
2284
2492
|
Defaults to `rsa`
|
@@ -2287,7 +2495,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2287
2495
|
|
2288
2496
|
@property
|
2289
2497
|
@pulumi.getter(name="keyUsages")
|
2290
|
-
def key_usages(self) -> pulumi.Output[Sequence[str]]:
|
2498
|
+
def key_usages(self) -> pulumi.Output[Sequence[builtins.str]]:
|
2291
2499
|
"""
|
2292
2500
|
Specify the allowed key usage constraint on issued
|
2293
2501
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
@@ -2297,7 +2505,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2297
2505
|
|
2298
2506
|
@property
|
2299
2507
|
@pulumi.getter
|
2300
|
-
def localities(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2508
|
+
def localities(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2301
2509
|
"""
|
2302
2510
|
The locality of generated certificates
|
2303
2511
|
"""
|
@@ -2305,7 +2513,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2305
2513
|
|
2306
2514
|
@property
|
2307
2515
|
@pulumi.getter(name="maxTtl")
|
2308
|
-
def max_ttl(self) -> pulumi.Output[str]:
|
2516
|
+
def max_ttl(self) -> pulumi.Output[builtins.str]:
|
2309
2517
|
"""
|
2310
2518
|
The maximum lease TTL, in seconds, for the role.
|
2311
2519
|
"""
|
@@ -2313,7 +2521,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2313
2521
|
|
2314
2522
|
@property
|
2315
2523
|
@pulumi.getter
|
2316
|
-
def name(self) -> pulumi.Output[str]:
|
2524
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
2317
2525
|
"""
|
2318
2526
|
The name to identify this role within the backend. Must be unique within the backend.
|
2319
2527
|
"""
|
@@ -2321,7 +2529,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2321
2529
|
|
2322
2530
|
@property
|
2323
2531
|
@pulumi.getter
|
2324
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
2532
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
2325
2533
|
"""
|
2326
2534
|
The namespace to provision the resource in.
|
2327
2535
|
The value should not contain leading or trailing forward slashes.
|
@@ -2332,15 +2540,31 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2332
2540
|
|
2333
2541
|
@property
|
2334
2542
|
@pulumi.getter(name="noStore")
|
2335
|
-
def no_store(self) -> pulumi.Output[Optional[bool]]:
|
2543
|
+
def no_store(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2336
2544
|
"""
|
2337
2545
|
Flag to not store certificates in the storage backend
|
2338
2546
|
"""
|
2339
2547
|
return pulumi.get(self, "no_store")
|
2340
2548
|
|
2549
|
+
@property
|
2550
|
+
@pulumi.getter(name="noStoreMetadata")
|
2551
|
+
def no_store_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2552
|
+
"""
|
2553
|
+
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
2554
|
+
"""
|
2555
|
+
return pulumi.get(self, "no_store_metadata")
|
2556
|
+
|
2557
|
+
@property
|
2558
|
+
@pulumi.getter(name="notAfter")
|
2559
|
+
def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
|
2560
|
+
"""
|
2561
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
2562
|
+
"""
|
2563
|
+
return pulumi.get(self, "not_after")
|
2564
|
+
|
2341
2565
|
@property
|
2342
2566
|
@pulumi.getter(name="notBeforeDuration")
|
2343
|
-
def not_before_duration(self) -> pulumi.Output[str]:
|
2567
|
+
def not_before_duration(self) -> pulumi.Output[builtins.str]:
|
2344
2568
|
"""
|
2345
2569
|
Specifies the duration by which to backdate the NotBefore property.
|
2346
2570
|
"""
|
@@ -2348,7 +2572,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2348
2572
|
|
2349
2573
|
@property
|
2350
2574
|
@pulumi.getter(name="organizationUnit")
|
2351
|
-
def organization_unit(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2575
|
+
def organization_unit(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2352
2576
|
"""
|
2353
2577
|
The organization unit of generated certificates
|
2354
2578
|
"""
|
@@ -2356,7 +2580,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2356
2580
|
|
2357
2581
|
@property
|
2358
2582
|
@pulumi.getter
|
2359
|
-
def organizations(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2583
|
+
def organizations(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2360
2584
|
"""
|
2361
2585
|
The organization of generated certificates
|
2362
2586
|
"""
|
@@ -2372,7 +2596,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2372
2596
|
|
2373
2597
|
@property
|
2374
2598
|
@pulumi.getter(name="policyIdentifiers")
|
2375
|
-
def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2599
|
+
def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2376
2600
|
"""
|
2377
2601
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
2378
2602
|
"""
|
@@ -2380,7 +2604,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2380
2604
|
|
2381
2605
|
@property
|
2382
2606
|
@pulumi.getter(name="postalCodes")
|
2383
|
-
def postal_codes(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2607
|
+
def postal_codes(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2384
2608
|
"""
|
2385
2609
|
The postal code of generated certificates
|
2386
2610
|
"""
|
@@ -2388,7 +2612,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2388
2612
|
|
2389
2613
|
@property
|
2390
2614
|
@pulumi.getter
|
2391
|
-
def provinces(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2615
|
+
def provinces(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2392
2616
|
"""
|
2393
2617
|
The province of generated certificates
|
2394
2618
|
"""
|
@@ -2396,23 +2620,41 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2396
2620
|
|
2397
2621
|
@property
|
2398
2622
|
@pulumi.getter(name="requireCn")
|
2399
|
-
def require_cn(self) -> pulumi.Output[Optional[bool]]:
|
2623
|
+
def require_cn(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2400
2624
|
"""
|
2401
2625
|
Flag to force CN usage
|
2402
2626
|
"""
|
2403
2627
|
return pulumi.get(self, "require_cn")
|
2404
2628
|
|
2629
|
+
@property
|
2630
|
+
@pulumi.getter(name="serialNumberSource")
|
2631
|
+
def serial_number_source(self) -> pulumi.Output[builtins.str]:
|
2632
|
+
"""
|
2633
|
+
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
2634
|
+
|
2635
|
+
Example usage:
|
2636
|
+
"""
|
2637
|
+
return pulumi.get(self, "serial_number_source")
|
2638
|
+
|
2405
2639
|
@property
|
2406
2640
|
@pulumi.getter(name="serverFlag")
|
2407
|
-
def server_flag(self) -> pulumi.Output[Optional[bool]]:
|
2641
|
+
def server_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2408
2642
|
"""
|
2409
2643
|
Flag to specify certificates for server use
|
2410
2644
|
"""
|
2411
2645
|
return pulumi.get(self, "server_flag")
|
2412
2646
|
|
2647
|
+
@property
|
2648
|
+
@pulumi.getter(name="signatureBits")
|
2649
|
+
def signature_bits(self) -> pulumi.Output[builtins.int]:
|
2650
|
+
"""
|
2651
|
+
The number of bits to use in the signature algorithm
|
2652
|
+
"""
|
2653
|
+
return pulumi.get(self, "signature_bits")
|
2654
|
+
|
2413
2655
|
@property
|
2414
2656
|
@pulumi.getter(name="streetAddresses")
|
2415
|
-
def street_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2657
|
+
def street_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2416
2658
|
"""
|
2417
2659
|
The street address of generated certificates
|
2418
2660
|
"""
|
@@ -2420,7 +2662,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2420
2662
|
|
2421
2663
|
@property
|
2422
2664
|
@pulumi.getter
|
2423
|
-
def ttl(self) -> pulumi.Output[str]:
|
2665
|
+
def ttl(self) -> pulumi.Output[builtins.str]:
|
2424
2666
|
"""
|
2425
2667
|
The TTL, in seconds, for any certificate issued against this role.
|
2426
2668
|
"""
|
@@ -2428,7 +2670,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2428
2670
|
|
2429
2671
|
@property
|
2430
2672
|
@pulumi.getter(name="useCsrCommonName")
|
2431
|
-
def use_csr_common_name(self) -> pulumi.Output[Optional[bool]]:
|
2673
|
+
def use_csr_common_name(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2432
2674
|
"""
|
2433
2675
|
Flag to use the CN in the CSR
|
2434
2676
|
"""
|
@@ -2436,9 +2678,17 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2436
2678
|
|
2437
2679
|
@property
|
2438
2680
|
@pulumi.getter(name="useCsrSans")
|
2439
|
-
def use_csr_sans(self) -> pulumi.Output[Optional[bool]]:
|
2681
|
+
def use_csr_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2440
2682
|
"""
|
2441
2683
|
Flag to use the SANs in the CSR
|
2442
2684
|
"""
|
2443
2685
|
return pulumi.get(self, "use_csr_sans")
|
2444
2686
|
|
2687
|
+
@property
|
2688
|
+
@pulumi.getter(name="usePss")
|
2689
|
+
def use_pss(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2690
|
+
"""
|
2691
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
2692
|
+
"""
|
2693
|
+
return pulumi.get(self, "use_pss")
|
2694
|
+
|