pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,73 +20,91 @@ __all__ = ['SecretBackendRootCertArgs', 'SecretBackendRootCert']
19
20
  @pulumi.input_type
20
21
  class SecretBackendRootCertArgs:
21
22
  def __init__(__self__, *,
22
- backend: pulumi.Input[str],
23
- common_name: pulumi.Input[str],
24
- type: pulumi.Input[str],
25
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
- country: Optional[pulumi.Input[str]] = None,
27
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
28
- format: Optional[pulumi.Input[str]] = None,
29
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
- issuer_name: Optional[pulumi.Input[str]] = None,
31
- key_bits: Optional[pulumi.Input[int]] = None,
32
- key_name: Optional[pulumi.Input[str]] = None,
33
- key_ref: Optional[pulumi.Input[str]] = None,
34
- key_type: Optional[pulumi.Input[str]] = None,
35
- locality: Optional[pulumi.Input[str]] = None,
36
- managed_key_id: Optional[pulumi.Input[str]] = None,
37
- managed_key_name: Optional[pulumi.Input[str]] = None,
38
- max_path_length: Optional[pulumi.Input[int]] = None,
39
- namespace: Optional[pulumi.Input[str]] = None,
40
- organization: Optional[pulumi.Input[str]] = None,
41
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
42
- ou: Optional[pulumi.Input[str]] = None,
43
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
44
- postal_code: Optional[pulumi.Input[str]] = None,
45
- private_key_format: Optional[pulumi.Input[str]] = None,
46
- province: Optional[pulumi.Input[str]] = None,
47
- street_address: Optional[pulumi.Input[str]] = None,
48
- ttl: Optional[pulumi.Input[str]] = None,
49
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
23
+ backend: pulumi.Input[builtins.str],
24
+ common_name: pulumi.Input[builtins.str],
25
+ type: pulumi.Input[builtins.str],
26
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
27
+ country: Optional[pulumi.Input[builtins.str]] = None,
28
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
29
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
30
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
31
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
32
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
33
+ format: Optional[pulumi.Input[builtins.str]] = None,
34
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
35
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
36
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
37
+ key_name: Optional[pulumi.Input[builtins.str]] = None,
38
+ key_ref: Optional[pulumi.Input[builtins.str]] = None,
39
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
40
+ locality: Optional[pulumi.Input[builtins.str]] = None,
41
+ managed_key_id: Optional[pulumi.Input[builtins.str]] = None,
42
+ managed_key_name: Optional[pulumi.Input[builtins.str]] = None,
43
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
44
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
45
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
46
+ organization: Optional[pulumi.Input[builtins.str]] = None,
47
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
48
+ ou: Optional[pulumi.Input[builtins.str]] = None,
49
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
50
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
51
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
52
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
53
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
54
+ private_key_format: Optional[pulumi.Input[builtins.str]] = None,
55
+ province: Optional[pulumi.Input[builtins.str]] = None,
56
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
57
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
58
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
59
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
50
60
  """
51
61
  The set of arguments for constructing a SecretBackendRootCert resource.
52
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
53
- :param pulumi.Input[str] common_name: CN of intermediate to create
54
- :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
62
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
63
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
64
+ :param pulumi.Input[builtins.str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
55
65
  or \\"kms\\"
56
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
57
- :param pulumi.Input[str] country: The country
58
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
59
- :param pulumi.Input[str] format: The format of data
60
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
61
- :param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
66
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
67
+ :param pulumi.Input[builtins.str] country: The country
68
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
69
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
70
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
71
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
72
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
73
+ :param pulumi.Input[builtins.str] format: The format of data
74
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
75
+ :param pulumi.Input[builtins.str] issuer_name: Provides a name to the specified issuer. The name must be unique
62
76
  across all issuers and not be the reserved value `default`
63
- :param pulumi.Input[int] key_bits: The number of bits to use
64
- :param pulumi.Input[str] key_name: When a new key is created with this request, optionally specifies
77
+ :param pulumi.Input[builtins.int] key_bits: The number of bits to use
78
+ :param pulumi.Input[builtins.str] key_name: When a new key is created with this request, optionally specifies
65
79
  the name for this. The global ref `default` may not be used as a name.
66
- :param pulumi.Input[str] key_ref: Specifies the key (either default, by name, or by identifier) to use
80
+ :param pulumi.Input[builtins.str] key_ref: Specifies the key (either default, by name, or by identifier) to use
67
81
  for generating this request. Only suitable for `type=existing` requests.
68
- :param pulumi.Input[str] key_type: The desired key type
69
- :param pulumi.Input[str] locality: The locality
70
- :param pulumi.Input[str] managed_key_id: The ID of the previously configured managed key. This field is
82
+ :param pulumi.Input[builtins.str] key_type: The desired key type
83
+ :param pulumi.Input[builtins.str] locality: The locality
84
+ :param pulumi.Input[builtins.str] managed_key_id: The ID of the previously configured managed key. This field is
71
85
  required if `type` is `kms` and it conflicts with `managed_key_name`
72
- :param pulumi.Input[str] managed_key_name: The name of the previously configured managed key. This field is
86
+ :param pulumi.Input[builtins.str] managed_key_name: The name of the previously configured managed key. This field is
73
87
  required if `type` is `kms` and it conflicts with `managed_key_id`
74
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
75
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
88
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
89
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
76
90
  The value should not contain leading or trailing forward slashes.
77
91
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
78
92
  *Available only for Vault Enterprise*.
79
- :param pulumi.Input[str] organization: The organization
80
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
81
- :param pulumi.Input[str] ou: The organization unit
82
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
83
- :param pulumi.Input[str] postal_code: The postal code
84
- :param pulumi.Input[str] private_key_format: The private key format
85
- :param pulumi.Input[str] province: The province
86
- :param pulumi.Input[str] street_address: The street address
87
- :param pulumi.Input[str] ttl: Time to live
88
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
93
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
94
+ :param pulumi.Input[builtins.str] organization: The organization
95
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
96
+ :param pulumi.Input[builtins.str] ou: The organization unit
97
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
98
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
99
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
100
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
101
+ :param pulumi.Input[builtins.str] postal_code: The postal code
102
+ :param pulumi.Input[builtins.str] private_key_format: The private key format
103
+ :param pulumi.Input[builtins.str] province: The province
104
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
105
+ :param pulumi.Input[builtins.str] street_address: The street address
106
+ :param pulumi.Input[builtins.str] ttl: Time to live
107
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
89
108
  """
90
109
  pulumi.set(__self__, "backend", backend)
91
110
  pulumi.set(__self__, "common_name", common_name)
@@ -96,6 +115,14 @@ class SecretBackendRootCertArgs:
96
115
  pulumi.set(__self__, "country", country)
97
116
  if exclude_cn_from_sans is not None:
98
117
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
118
+ if excluded_dns_domains is not None:
119
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
120
+ if excluded_email_addresses is not None:
121
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
122
+ if excluded_ip_ranges is not None:
123
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
124
+ if excluded_uri_domains is not None:
125
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
99
126
  if format is not None:
100
127
  pulumi.set(__self__, "format", format)
101
128
  if ip_sans is not None:
@@ -120,6 +147,8 @@ class SecretBackendRootCertArgs:
120
147
  pulumi.set(__self__, "max_path_length", max_path_length)
121
148
  if namespace is not None:
122
149
  pulumi.set(__self__, "namespace", namespace)
150
+ if not_after is not None:
151
+ pulumi.set(__self__, "not_after", not_after)
123
152
  if organization is not None:
124
153
  pulumi.set(__self__, "organization", organization)
125
154
  if other_sans is not None:
@@ -128,12 +157,20 @@ class SecretBackendRootCertArgs:
128
157
  pulumi.set(__self__, "ou", ou)
129
158
  if permitted_dns_domains is not None:
130
159
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
160
+ if permitted_email_addresses is not None:
161
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
162
+ if permitted_ip_ranges is not None:
163
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
164
+ if permitted_uri_domains is not None:
165
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
131
166
  if postal_code is not None:
132
167
  pulumi.set(__self__, "postal_code", postal_code)
133
168
  if private_key_format is not None:
134
169
  pulumi.set(__self__, "private_key_format", private_key_format)
135
170
  if province is not None:
136
171
  pulumi.set(__self__, "province", province)
172
+ if signature_bits is not None:
173
+ pulumi.set(__self__, "signature_bits", signature_bits)
137
174
  if street_address is not None:
138
175
  pulumi.set(__self__, "street_address", street_address)
139
176
  if ttl is not None:
@@ -143,31 +180,31 @@ class SecretBackendRootCertArgs:
143
180
 
144
181
  @property
145
182
  @pulumi.getter
146
- def backend(self) -> pulumi.Input[str]:
183
+ def backend(self) -> pulumi.Input[builtins.str]:
147
184
  """
148
185
  The PKI secret backend the resource belongs to.
149
186
  """
150
187
  return pulumi.get(self, "backend")
151
188
 
152
189
  @backend.setter
153
- def backend(self, value: pulumi.Input[str]):
190
+ def backend(self, value: pulumi.Input[builtins.str]):
154
191
  pulumi.set(self, "backend", value)
155
192
 
156
193
  @property
157
194
  @pulumi.getter(name="commonName")
158
- def common_name(self) -> pulumi.Input[str]:
195
+ def common_name(self) -> pulumi.Input[builtins.str]:
159
196
  """
160
197
  CN of intermediate to create
161
198
  """
162
199
  return pulumi.get(self, "common_name")
163
200
 
164
201
  @common_name.setter
165
- def common_name(self, value: pulumi.Input[str]):
202
+ def common_name(self, value: pulumi.Input[builtins.str]):
166
203
  pulumi.set(self, "common_name", value)
167
204
 
168
205
  @property
169
206
  @pulumi.getter
170
- def type(self) -> pulumi.Input[str]:
207
+ def type(self) -> pulumi.Input[builtins.str]:
171
208
  """
172
209
  Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
173
210
  or \\"kms\\"
@@ -175,72 +212,120 @@ class SecretBackendRootCertArgs:
175
212
  return pulumi.get(self, "type")
176
213
 
177
214
  @type.setter
178
- def type(self, value: pulumi.Input[str]):
215
+ def type(self, value: pulumi.Input[builtins.str]):
179
216
  pulumi.set(self, "type", value)
180
217
 
181
218
  @property
182
219
  @pulumi.getter(name="altNames")
183
- def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
220
+ def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
184
221
  """
185
222
  List of alternative names
186
223
  """
187
224
  return pulumi.get(self, "alt_names")
188
225
 
189
226
  @alt_names.setter
190
- def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
227
+ def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
191
228
  pulumi.set(self, "alt_names", value)
192
229
 
193
230
  @property
194
231
  @pulumi.getter
195
- def country(self) -> Optional[pulumi.Input[str]]:
232
+ def country(self) -> Optional[pulumi.Input[builtins.str]]:
196
233
  """
197
234
  The country
198
235
  """
199
236
  return pulumi.get(self, "country")
200
237
 
201
238
  @country.setter
202
- def country(self, value: Optional[pulumi.Input[str]]):
239
+ def country(self, value: Optional[pulumi.Input[builtins.str]]):
203
240
  pulumi.set(self, "country", value)
204
241
 
205
242
  @property
206
243
  @pulumi.getter(name="excludeCnFromSans")
207
- def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
244
+ def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
208
245
  """
209
246
  Flag to exclude CN from SANs
210
247
  """
211
248
  return pulumi.get(self, "exclude_cn_from_sans")
212
249
 
213
250
  @exclude_cn_from_sans.setter
214
- def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
251
+ def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
215
252
  pulumi.set(self, "exclude_cn_from_sans", value)
216
253
 
254
+ @property
255
+ @pulumi.getter(name="excludedDnsDomains")
256
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
257
+ """
258
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
259
+ """
260
+ return pulumi.get(self, "excluded_dns_domains")
261
+
262
+ @excluded_dns_domains.setter
263
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
264
+ pulumi.set(self, "excluded_dns_domains", value)
265
+
266
+ @property
267
+ @pulumi.getter(name="excludedEmailAddresses")
268
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
269
+ """
270
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
271
+ """
272
+ return pulumi.get(self, "excluded_email_addresses")
273
+
274
+ @excluded_email_addresses.setter
275
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
276
+ pulumi.set(self, "excluded_email_addresses", value)
277
+
278
+ @property
279
+ @pulumi.getter(name="excludedIpRanges")
280
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
281
+ """
282
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
283
+ """
284
+ return pulumi.get(self, "excluded_ip_ranges")
285
+
286
+ @excluded_ip_ranges.setter
287
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
288
+ pulumi.set(self, "excluded_ip_ranges", value)
289
+
290
+ @property
291
+ @pulumi.getter(name="excludedUriDomains")
292
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
293
+ """
294
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
295
+ """
296
+ return pulumi.get(self, "excluded_uri_domains")
297
+
298
+ @excluded_uri_domains.setter
299
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
300
+ pulumi.set(self, "excluded_uri_domains", value)
301
+
217
302
  @property
218
303
  @pulumi.getter
219
- def format(self) -> Optional[pulumi.Input[str]]:
304
+ def format(self) -> Optional[pulumi.Input[builtins.str]]:
220
305
  """
221
306
  The format of data
222
307
  """
223
308
  return pulumi.get(self, "format")
224
309
 
225
310
  @format.setter
226
- def format(self, value: Optional[pulumi.Input[str]]):
311
+ def format(self, value: Optional[pulumi.Input[builtins.str]]):
227
312
  pulumi.set(self, "format", value)
228
313
 
229
314
  @property
230
315
  @pulumi.getter(name="ipSans")
231
- def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
316
+ def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
232
317
  """
233
318
  List of alternative IPs
234
319
  """
235
320
  return pulumi.get(self, "ip_sans")
236
321
 
237
322
  @ip_sans.setter
238
- def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
323
+ def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
239
324
  pulumi.set(self, "ip_sans", value)
240
325
 
241
326
  @property
242
327
  @pulumi.getter(name="issuerName")
243
- def issuer_name(self) -> Optional[pulumi.Input[str]]:
328
+ def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
244
329
  """
245
330
  Provides a name to the specified issuer. The name must be unique
246
331
  across all issuers and not be the reserved value `default`
@@ -248,24 +333,24 @@ class SecretBackendRootCertArgs:
248
333
  return pulumi.get(self, "issuer_name")
249
334
 
250
335
  @issuer_name.setter
251
- def issuer_name(self, value: Optional[pulumi.Input[str]]):
336
+ def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
252
337
  pulumi.set(self, "issuer_name", value)
253
338
 
254
339
  @property
255
340
  @pulumi.getter(name="keyBits")
256
- def key_bits(self) -> Optional[pulumi.Input[int]]:
341
+ def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
257
342
  """
258
343
  The number of bits to use
259
344
  """
260
345
  return pulumi.get(self, "key_bits")
261
346
 
262
347
  @key_bits.setter
263
- def key_bits(self, value: Optional[pulumi.Input[int]]):
348
+ def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
264
349
  pulumi.set(self, "key_bits", value)
265
350
 
266
351
  @property
267
352
  @pulumi.getter(name="keyName")
268
- def key_name(self) -> Optional[pulumi.Input[str]]:
353
+ def key_name(self) -> Optional[pulumi.Input[builtins.str]]:
269
354
  """
270
355
  When a new key is created with this request, optionally specifies
271
356
  the name for this. The global ref `default` may not be used as a name.
@@ -273,12 +358,12 @@ class SecretBackendRootCertArgs:
273
358
  return pulumi.get(self, "key_name")
274
359
 
275
360
  @key_name.setter
276
- def key_name(self, value: Optional[pulumi.Input[str]]):
361
+ def key_name(self, value: Optional[pulumi.Input[builtins.str]]):
277
362
  pulumi.set(self, "key_name", value)
278
363
 
279
364
  @property
280
365
  @pulumi.getter(name="keyRef")
281
- def key_ref(self) -> Optional[pulumi.Input[str]]:
366
+ def key_ref(self) -> Optional[pulumi.Input[builtins.str]]:
282
367
  """
283
368
  Specifies the key (either default, by name, or by identifier) to use
284
369
  for generating this request. Only suitable for `type=existing` requests.
@@ -286,36 +371,36 @@ class SecretBackendRootCertArgs:
286
371
  return pulumi.get(self, "key_ref")
287
372
 
288
373
  @key_ref.setter
289
- def key_ref(self, value: Optional[pulumi.Input[str]]):
374
+ def key_ref(self, value: Optional[pulumi.Input[builtins.str]]):
290
375
  pulumi.set(self, "key_ref", value)
291
376
 
292
377
  @property
293
378
  @pulumi.getter(name="keyType")
294
- def key_type(self) -> Optional[pulumi.Input[str]]:
379
+ def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
295
380
  """
296
381
  The desired key type
297
382
  """
298
383
  return pulumi.get(self, "key_type")
299
384
 
300
385
  @key_type.setter
301
- def key_type(self, value: Optional[pulumi.Input[str]]):
386
+ def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
302
387
  pulumi.set(self, "key_type", value)
303
388
 
304
389
  @property
305
390
  @pulumi.getter
306
- def locality(self) -> Optional[pulumi.Input[str]]:
391
+ def locality(self) -> Optional[pulumi.Input[builtins.str]]:
307
392
  """
308
393
  The locality
309
394
  """
310
395
  return pulumi.get(self, "locality")
311
396
 
312
397
  @locality.setter
313
- def locality(self, value: Optional[pulumi.Input[str]]):
398
+ def locality(self, value: Optional[pulumi.Input[builtins.str]]):
314
399
  pulumi.set(self, "locality", value)
315
400
 
316
401
  @property
317
402
  @pulumi.getter(name="managedKeyId")
318
- def managed_key_id(self) -> Optional[pulumi.Input[str]]:
403
+ def managed_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
319
404
  """
320
405
  The ID of the previously configured managed key. This field is
321
406
  required if `type` is `kms` and it conflicts with `managed_key_name`
@@ -323,12 +408,12 @@ class SecretBackendRootCertArgs:
323
408
  return pulumi.get(self, "managed_key_id")
324
409
 
325
410
  @managed_key_id.setter
326
- def managed_key_id(self, value: Optional[pulumi.Input[str]]):
411
+ def managed_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
327
412
  pulumi.set(self, "managed_key_id", value)
328
413
 
329
414
  @property
330
415
  @pulumi.getter(name="managedKeyName")
331
- def managed_key_name(self) -> Optional[pulumi.Input[str]]:
416
+ def managed_key_name(self) -> Optional[pulumi.Input[builtins.str]]:
332
417
  """
333
418
  The name of the previously configured managed key. This field is
334
419
  required if `type` is `kms` and it conflicts with `managed_key_id`
@@ -336,24 +421,24 @@ class SecretBackendRootCertArgs:
336
421
  return pulumi.get(self, "managed_key_name")
337
422
 
338
423
  @managed_key_name.setter
339
- def managed_key_name(self, value: Optional[pulumi.Input[str]]):
424
+ def managed_key_name(self, value: Optional[pulumi.Input[builtins.str]]):
340
425
  pulumi.set(self, "managed_key_name", value)
341
426
 
342
427
  @property
343
428
  @pulumi.getter(name="maxPathLength")
344
- def max_path_length(self) -> Optional[pulumi.Input[int]]:
429
+ def max_path_length(self) -> Optional[pulumi.Input[builtins.int]]:
345
430
  """
346
431
  The maximum path length to encode in the generated certificate
347
432
  """
348
433
  return pulumi.get(self, "max_path_length")
349
434
 
350
435
  @max_path_length.setter
351
- def max_path_length(self, value: Optional[pulumi.Input[int]]):
436
+ def max_path_length(self, value: Optional[pulumi.Input[builtins.int]]):
352
437
  pulumi.set(self, "max_path_length", value)
353
438
 
354
439
  @property
355
440
  @pulumi.getter
356
- def namespace(self) -> Optional[pulumi.Input[str]]:
441
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
357
442
  """
358
443
  The namespace to provision the resource in.
359
444
  The value should not contain leading or trailing forward slashes.
@@ -363,210 +448,288 @@ class SecretBackendRootCertArgs:
363
448
  return pulumi.get(self, "namespace")
364
449
 
365
450
  @namespace.setter
366
- def namespace(self, value: Optional[pulumi.Input[str]]):
451
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
367
452
  pulumi.set(self, "namespace", value)
368
453
 
454
+ @property
455
+ @pulumi.getter(name="notAfter")
456
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
457
+ """
458
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
459
+ """
460
+ return pulumi.get(self, "not_after")
461
+
462
+ @not_after.setter
463
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
464
+ pulumi.set(self, "not_after", value)
465
+
369
466
  @property
370
467
  @pulumi.getter
371
- def organization(self) -> Optional[pulumi.Input[str]]:
468
+ def organization(self) -> Optional[pulumi.Input[builtins.str]]:
372
469
  """
373
470
  The organization
374
471
  """
375
472
  return pulumi.get(self, "organization")
376
473
 
377
474
  @organization.setter
378
- def organization(self, value: Optional[pulumi.Input[str]]):
475
+ def organization(self, value: Optional[pulumi.Input[builtins.str]]):
379
476
  pulumi.set(self, "organization", value)
380
477
 
381
478
  @property
382
479
  @pulumi.getter(name="otherSans")
383
- def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
480
+ def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
384
481
  """
385
482
  List of other SANs
386
483
  """
387
484
  return pulumi.get(self, "other_sans")
388
485
 
389
486
  @other_sans.setter
390
- def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
487
+ def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
391
488
  pulumi.set(self, "other_sans", value)
392
489
 
393
490
  @property
394
491
  @pulumi.getter
395
- def ou(self) -> Optional[pulumi.Input[str]]:
492
+ def ou(self) -> Optional[pulumi.Input[builtins.str]]:
396
493
  """
397
494
  The organization unit
398
495
  """
399
496
  return pulumi.get(self, "ou")
400
497
 
401
498
  @ou.setter
402
- def ou(self, value: Optional[pulumi.Input[str]]):
499
+ def ou(self, value: Optional[pulumi.Input[builtins.str]]):
403
500
  pulumi.set(self, "ou", value)
404
501
 
405
502
  @property
406
503
  @pulumi.getter(name="permittedDnsDomains")
407
- def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
504
+ def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
408
505
  """
409
506
  List of domains for which certificates are allowed to be issued
410
507
  """
411
508
  return pulumi.get(self, "permitted_dns_domains")
412
509
 
413
510
  @permitted_dns_domains.setter
414
- def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
511
+ def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
415
512
  pulumi.set(self, "permitted_dns_domains", value)
416
513
 
514
+ @property
515
+ @pulumi.getter(name="permittedEmailAddresses")
516
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
517
+ """
518
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
519
+ """
520
+ return pulumi.get(self, "permitted_email_addresses")
521
+
522
+ @permitted_email_addresses.setter
523
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
524
+ pulumi.set(self, "permitted_email_addresses", value)
525
+
526
+ @property
527
+ @pulumi.getter(name="permittedIpRanges")
528
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
529
+ """
530
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
531
+ """
532
+ return pulumi.get(self, "permitted_ip_ranges")
533
+
534
+ @permitted_ip_ranges.setter
535
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
536
+ pulumi.set(self, "permitted_ip_ranges", value)
537
+
538
+ @property
539
+ @pulumi.getter(name="permittedUriDomains")
540
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
541
+ """
542
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
543
+ """
544
+ return pulumi.get(self, "permitted_uri_domains")
545
+
546
+ @permitted_uri_domains.setter
547
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
548
+ pulumi.set(self, "permitted_uri_domains", value)
549
+
417
550
  @property
418
551
  @pulumi.getter(name="postalCode")
419
- def postal_code(self) -> Optional[pulumi.Input[str]]:
552
+ def postal_code(self) -> Optional[pulumi.Input[builtins.str]]:
420
553
  """
421
554
  The postal code
422
555
  """
423
556
  return pulumi.get(self, "postal_code")
424
557
 
425
558
  @postal_code.setter
426
- def postal_code(self, value: Optional[pulumi.Input[str]]):
559
+ def postal_code(self, value: Optional[pulumi.Input[builtins.str]]):
427
560
  pulumi.set(self, "postal_code", value)
428
561
 
429
562
  @property
430
563
  @pulumi.getter(name="privateKeyFormat")
431
- def private_key_format(self) -> Optional[pulumi.Input[str]]:
564
+ def private_key_format(self) -> Optional[pulumi.Input[builtins.str]]:
432
565
  """
433
566
  The private key format
434
567
  """
435
568
  return pulumi.get(self, "private_key_format")
436
569
 
437
570
  @private_key_format.setter
438
- def private_key_format(self, value: Optional[pulumi.Input[str]]):
571
+ def private_key_format(self, value: Optional[pulumi.Input[builtins.str]]):
439
572
  pulumi.set(self, "private_key_format", value)
440
573
 
441
574
  @property
442
575
  @pulumi.getter
443
- def province(self) -> Optional[pulumi.Input[str]]:
576
+ def province(self) -> Optional[pulumi.Input[builtins.str]]:
444
577
  """
445
578
  The province
446
579
  """
447
580
  return pulumi.get(self, "province")
448
581
 
449
582
  @province.setter
450
- def province(self, value: Optional[pulumi.Input[str]]):
583
+ def province(self, value: Optional[pulumi.Input[builtins.str]]):
451
584
  pulumi.set(self, "province", value)
452
585
 
586
+ @property
587
+ @pulumi.getter(name="signatureBits")
588
+ def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
589
+ """
590
+ The number of bits to use in the signature algorithm
591
+ """
592
+ return pulumi.get(self, "signature_bits")
593
+
594
+ @signature_bits.setter
595
+ def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
596
+ pulumi.set(self, "signature_bits", value)
597
+
453
598
  @property
454
599
  @pulumi.getter(name="streetAddress")
455
- def street_address(self) -> Optional[pulumi.Input[str]]:
600
+ def street_address(self) -> Optional[pulumi.Input[builtins.str]]:
456
601
  """
457
602
  The street address
458
603
  """
459
604
  return pulumi.get(self, "street_address")
460
605
 
461
606
  @street_address.setter
462
- def street_address(self, value: Optional[pulumi.Input[str]]):
607
+ def street_address(self, value: Optional[pulumi.Input[builtins.str]]):
463
608
  pulumi.set(self, "street_address", value)
464
609
 
465
610
  @property
466
611
  @pulumi.getter
467
- def ttl(self) -> Optional[pulumi.Input[str]]:
612
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
468
613
  """
469
614
  Time to live
470
615
  """
471
616
  return pulumi.get(self, "ttl")
472
617
 
473
618
  @ttl.setter
474
- def ttl(self, value: Optional[pulumi.Input[str]]):
619
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
475
620
  pulumi.set(self, "ttl", value)
476
621
 
477
622
  @property
478
623
  @pulumi.getter(name="uriSans")
479
- def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
624
+ def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
480
625
  """
481
626
  List of alternative URIs
482
627
  """
483
628
  return pulumi.get(self, "uri_sans")
484
629
 
485
630
  @uri_sans.setter
486
- def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
631
+ def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
487
632
  pulumi.set(self, "uri_sans", value)
488
633
 
489
634
 
490
635
  @pulumi.input_type
491
636
  class _SecretBackendRootCertState:
492
637
  def __init__(__self__, *,
493
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
494
- backend: Optional[pulumi.Input[str]] = None,
495
- certificate: Optional[pulumi.Input[str]] = None,
496
- common_name: Optional[pulumi.Input[str]] = None,
497
- country: Optional[pulumi.Input[str]] = None,
498
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
499
- format: Optional[pulumi.Input[str]] = None,
500
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
501
- issuer_id: Optional[pulumi.Input[str]] = None,
502
- issuer_name: Optional[pulumi.Input[str]] = None,
503
- issuing_ca: Optional[pulumi.Input[str]] = None,
504
- key_bits: Optional[pulumi.Input[int]] = None,
505
- key_id: Optional[pulumi.Input[str]] = None,
506
- key_name: Optional[pulumi.Input[str]] = None,
507
- key_ref: Optional[pulumi.Input[str]] = None,
508
- key_type: Optional[pulumi.Input[str]] = None,
509
- locality: Optional[pulumi.Input[str]] = None,
510
- managed_key_id: Optional[pulumi.Input[str]] = None,
511
- managed_key_name: Optional[pulumi.Input[str]] = None,
512
- max_path_length: Optional[pulumi.Input[int]] = None,
513
- namespace: Optional[pulumi.Input[str]] = None,
514
- organization: Optional[pulumi.Input[str]] = None,
515
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
516
- ou: Optional[pulumi.Input[str]] = None,
517
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
518
- postal_code: Optional[pulumi.Input[str]] = None,
519
- private_key_format: Optional[pulumi.Input[str]] = None,
520
- province: Optional[pulumi.Input[str]] = None,
521
- serial_number: Optional[pulumi.Input[str]] = None,
522
- street_address: Optional[pulumi.Input[str]] = None,
523
- ttl: Optional[pulumi.Input[str]] = None,
524
- type: Optional[pulumi.Input[str]] = None,
525
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
638
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
639
+ backend: Optional[pulumi.Input[builtins.str]] = None,
640
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
641
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
642
+ country: Optional[pulumi.Input[builtins.str]] = None,
643
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
644
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
645
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
646
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
647
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
648
+ format: Optional[pulumi.Input[builtins.str]] = None,
649
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
650
+ issuer_id: Optional[pulumi.Input[builtins.str]] = None,
651
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
652
+ issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
653
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
654
+ key_id: Optional[pulumi.Input[builtins.str]] = None,
655
+ key_name: Optional[pulumi.Input[builtins.str]] = None,
656
+ key_ref: Optional[pulumi.Input[builtins.str]] = None,
657
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
658
+ locality: Optional[pulumi.Input[builtins.str]] = None,
659
+ managed_key_id: Optional[pulumi.Input[builtins.str]] = None,
660
+ managed_key_name: Optional[pulumi.Input[builtins.str]] = None,
661
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
662
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
663
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
664
+ organization: Optional[pulumi.Input[builtins.str]] = None,
665
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
666
+ ou: Optional[pulumi.Input[builtins.str]] = None,
667
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
668
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
669
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
670
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
671
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
672
+ private_key_format: Optional[pulumi.Input[builtins.str]] = None,
673
+ province: Optional[pulumi.Input[builtins.str]] = None,
674
+ serial_number: Optional[pulumi.Input[builtins.str]] = None,
675
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
676
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
677
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
678
+ type: Optional[pulumi.Input[builtins.str]] = None,
679
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
526
680
  """
527
681
  Input properties used for looking up and filtering SecretBackendRootCert resources.
528
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
529
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
530
- :param pulumi.Input[str] certificate: The certificate.
531
- :param pulumi.Input[str] common_name: CN of intermediate to create
532
- :param pulumi.Input[str] country: The country
533
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
534
- :param pulumi.Input[str] format: The format of data
535
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
536
- :param pulumi.Input[str] issuer_id: The ID of the generated issuer.
537
- :param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
682
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
683
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
684
+ :param pulumi.Input[builtins.str] certificate: The certificate.
685
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
686
+ :param pulumi.Input[builtins.str] country: The country
687
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
688
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
689
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
690
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
691
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
692
+ :param pulumi.Input[builtins.str] format: The format of data
693
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
694
+ :param pulumi.Input[builtins.str] issuer_id: The ID of the generated issuer.
695
+ :param pulumi.Input[builtins.str] issuer_name: Provides a name to the specified issuer. The name must be unique
538
696
  across all issuers and not be the reserved value `default`
539
- :param pulumi.Input[str] issuing_ca: The issuing CA certificate.
540
- :param pulumi.Input[int] key_bits: The number of bits to use
541
- :param pulumi.Input[str] key_id: The ID of the generated key.
542
- :param pulumi.Input[str] key_name: When a new key is created with this request, optionally specifies
697
+ :param pulumi.Input[builtins.str] issuing_ca: The issuing CA certificate.
698
+ :param pulumi.Input[builtins.int] key_bits: The number of bits to use
699
+ :param pulumi.Input[builtins.str] key_id: The ID of the generated key.
700
+ :param pulumi.Input[builtins.str] key_name: When a new key is created with this request, optionally specifies
543
701
  the name for this. The global ref `default` may not be used as a name.
544
- :param pulumi.Input[str] key_ref: Specifies the key (either default, by name, or by identifier) to use
702
+ :param pulumi.Input[builtins.str] key_ref: Specifies the key (either default, by name, or by identifier) to use
545
703
  for generating this request. Only suitable for `type=existing` requests.
546
- :param pulumi.Input[str] key_type: The desired key type
547
- :param pulumi.Input[str] locality: The locality
548
- :param pulumi.Input[str] managed_key_id: The ID of the previously configured managed key. This field is
704
+ :param pulumi.Input[builtins.str] key_type: The desired key type
705
+ :param pulumi.Input[builtins.str] locality: The locality
706
+ :param pulumi.Input[builtins.str] managed_key_id: The ID of the previously configured managed key. This field is
549
707
  required if `type` is `kms` and it conflicts with `managed_key_name`
550
- :param pulumi.Input[str] managed_key_name: The name of the previously configured managed key. This field is
708
+ :param pulumi.Input[builtins.str] managed_key_name: The name of the previously configured managed key. This field is
551
709
  required if `type` is `kms` and it conflicts with `managed_key_id`
552
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
553
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
710
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
711
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
554
712
  The value should not contain leading or trailing forward slashes.
555
713
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
556
714
  *Available only for Vault Enterprise*.
557
- :param pulumi.Input[str] organization: The organization
558
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
559
- :param pulumi.Input[str] ou: The organization unit
560
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
561
- :param pulumi.Input[str] postal_code: The postal code
562
- :param pulumi.Input[str] private_key_format: The private key format
563
- :param pulumi.Input[str] province: The province
564
- :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
565
- :param pulumi.Input[str] street_address: The street address
566
- :param pulumi.Input[str] ttl: Time to live
567
- :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
715
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
716
+ :param pulumi.Input[builtins.str] organization: The organization
717
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
718
+ :param pulumi.Input[builtins.str] ou: The organization unit
719
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
720
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
721
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
722
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
723
+ :param pulumi.Input[builtins.str] postal_code: The postal code
724
+ :param pulumi.Input[builtins.str] private_key_format: The private key format
725
+ :param pulumi.Input[builtins.str] province: The province
726
+ :param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
727
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
728
+ :param pulumi.Input[builtins.str] street_address: The street address
729
+ :param pulumi.Input[builtins.str] ttl: Time to live
730
+ :param pulumi.Input[builtins.str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
568
731
  or \\"kms\\"
569
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
732
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
570
733
  """
571
734
  if alt_names is not None:
572
735
  pulumi.set(__self__, "alt_names", alt_names)
@@ -580,6 +743,14 @@ class _SecretBackendRootCertState:
580
743
  pulumi.set(__self__, "country", country)
581
744
  if exclude_cn_from_sans is not None:
582
745
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
746
+ if excluded_dns_domains is not None:
747
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
748
+ if excluded_email_addresses is not None:
749
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
750
+ if excluded_ip_ranges is not None:
751
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
752
+ if excluded_uri_domains is not None:
753
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
583
754
  if format is not None:
584
755
  pulumi.set(__self__, "format", format)
585
756
  if ip_sans is not None:
@@ -610,6 +781,8 @@ class _SecretBackendRootCertState:
610
781
  pulumi.set(__self__, "max_path_length", max_path_length)
611
782
  if namespace is not None:
612
783
  pulumi.set(__self__, "namespace", namespace)
784
+ if not_after is not None:
785
+ pulumi.set(__self__, "not_after", not_after)
613
786
  if organization is not None:
614
787
  pulumi.set(__self__, "organization", organization)
615
788
  if other_sans is not None:
@@ -618,6 +791,12 @@ class _SecretBackendRootCertState:
618
791
  pulumi.set(__self__, "ou", ou)
619
792
  if permitted_dns_domains is not None:
620
793
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
794
+ if permitted_email_addresses is not None:
795
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
796
+ if permitted_ip_ranges is not None:
797
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
798
+ if permitted_uri_domains is not None:
799
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
621
800
  if postal_code is not None:
622
801
  pulumi.set(__self__, "postal_code", postal_code)
623
802
  if private_key_format is not None:
@@ -626,6 +805,8 @@ class _SecretBackendRootCertState:
626
805
  pulumi.set(__self__, "province", province)
627
806
  if serial_number is not None:
628
807
  pulumi.set(__self__, "serial_number", serial_number)
808
+ if signature_bits is not None:
809
+ pulumi.set(__self__, "signature_bits", signature_bits)
629
810
  if street_address is not None:
630
811
  pulumi.set(__self__, "street_address", street_address)
631
812
  if ttl is not None:
@@ -637,115 +818,163 @@ class _SecretBackendRootCertState:
637
818
 
638
819
  @property
639
820
  @pulumi.getter(name="altNames")
640
- def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
821
+ def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
641
822
  """
642
823
  List of alternative names
643
824
  """
644
825
  return pulumi.get(self, "alt_names")
645
826
 
646
827
  @alt_names.setter
647
- def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
828
+ def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
648
829
  pulumi.set(self, "alt_names", value)
649
830
 
650
831
  @property
651
832
  @pulumi.getter
652
- def backend(self) -> Optional[pulumi.Input[str]]:
833
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
653
834
  """
654
835
  The PKI secret backend the resource belongs to.
655
836
  """
656
837
  return pulumi.get(self, "backend")
657
838
 
658
839
  @backend.setter
659
- def backend(self, value: Optional[pulumi.Input[str]]):
840
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
660
841
  pulumi.set(self, "backend", value)
661
842
 
662
843
  @property
663
844
  @pulumi.getter
664
- def certificate(self) -> Optional[pulumi.Input[str]]:
845
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
665
846
  """
666
847
  The certificate.
667
848
  """
668
849
  return pulumi.get(self, "certificate")
669
850
 
670
851
  @certificate.setter
671
- def certificate(self, value: Optional[pulumi.Input[str]]):
852
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
672
853
  pulumi.set(self, "certificate", value)
673
854
 
674
855
  @property
675
856
  @pulumi.getter(name="commonName")
676
- def common_name(self) -> Optional[pulumi.Input[str]]:
857
+ def common_name(self) -> Optional[pulumi.Input[builtins.str]]:
677
858
  """
678
859
  CN of intermediate to create
679
860
  """
680
861
  return pulumi.get(self, "common_name")
681
862
 
682
863
  @common_name.setter
683
- def common_name(self, value: Optional[pulumi.Input[str]]):
864
+ def common_name(self, value: Optional[pulumi.Input[builtins.str]]):
684
865
  pulumi.set(self, "common_name", value)
685
866
 
686
867
  @property
687
868
  @pulumi.getter
688
- def country(self) -> Optional[pulumi.Input[str]]:
869
+ def country(self) -> Optional[pulumi.Input[builtins.str]]:
689
870
  """
690
871
  The country
691
872
  """
692
873
  return pulumi.get(self, "country")
693
874
 
694
875
  @country.setter
695
- def country(self, value: Optional[pulumi.Input[str]]):
876
+ def country(self, value: Optional[pulumi.Input[builtins.str]]):
696
877
  pulumi.set(self, "country", value)
697
878
 
698
879
  @property
699
880
  @pulumi.getter(name="excludeCnFromSans")
700
- def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
881
+ def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
701
882
  """
702
883
  Flag to exclude CN from SANs
703
884
  """
704
885
  return pulumi.get(self, "exclude_cn_from_sans")
705
886
 
706
887
  @exclude_cn_from_sans.setter
707
- def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
888
+ def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
708
889
  pulumi.set(self, "exclude_cn_from_sans", value)
709
890
 
891
+ @property
892
+ @pulumi.getter(name="excludedDnsDomains")
893
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
894
+ """
895
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
896
+ """
897
+ return pulumi.get(self, "excluded_dns_domains")
898
+
899
+ @excluded_dns_domains.setter
900
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
901
+ pulumi.set(self, "excluded_dns_domains", value)
902
+
903
+ @property
904
+ @pulumi.getter(name="excludedEmailAddresses")
905
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
906
+ """
907
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
908
+ """
909
+ return pulumi.get(self, "excluded_email_addresses")
910
+
911
+ @excluded_email_addresses.setter
912
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
913
+ pulumi.set(self, "excluded_email_addresses", value)
914
+
915
+ @property
916
+ @pulumi.getter(name="excludedIpRanges")
917
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
918
+ """
919
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
920
+ """
921
+ return pulumi.get(self, "excluded_ip_ranges")
922
+
923
+ @excluded_ip_ranges.setter
924
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
925
+ pulumi.set(self, "excluded_ip_ranges", value)
926
+
927
+ @property
928
+ @pulumi.getter(name="excludedUriDomains")
929
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
930
+ """
931
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
932
+ """
933
+ return pulumi.get(self, "excluded_uri_domains")
934
+
935
+ @excluded_uri_domains.setter
936
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
937
+ pulumi.set(self, "excluded_uri_domains", value)
938
+
710
939
  @property
711
940
  @pulumi.getter
712
- def format(self) -> Optional[pulumi.Input[str]]:
941
+ def format(self) -> Optional[pulumi.Input[builtins.str]]:
713
942
  """
714
943
  The format of data
715
944
  """
716
945
  return pulumi.get(self, "format")
717
946
 
718
947
  @format.setter
719
- def format(self, value: Optional[pulumi.Input[str]]):
948
+ def format(self, value: Optional[pulumi.Input[builtins.str]]):
720
949
  pulumi.set(self, "format", value)
721
950
 
722
951
  @property
723
952
  @pulumi.getter(name="ipSans")
724
- def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
953
+ def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
725
954
  """
726
955
  List of alternative IPs
727
956
  """
728
957
  return pulumi.get(self, "ip_sans")
729
958
 
730
959
  @ip_sans.setter
731
- def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
960
+ def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
732
961
  pulumi.set(self, "ip_sans", value)
733
962
 
734
963
  @property
735
964
  @pulumi.getter(name="issuerId")
736
- def issuer_id(self) -> Optional[pulumi.Input[str]]:
965
+ def issuer_id(self) -> Optional[pulumi.Input[builtins.str]]:
737
966
  """
738
967
  The ID of the generated issuer.
739
968
  """
740
969
  return pulumi.get(self, "issuer_id")
741
970
 
742
971
  @issuer_id.setter
743
- def issuer_id(self, value: Optional[pulumi.Input[str]]):
972
+ def issuer_id(self, value: Optional[pulumi.Input[builtins.str]]):
744
973
  pulumi.set(self, "issuer_id", value)
745
974
 
746
975
  @property
747
976
  @pulumi.getter(name="issuerName")
748
- def issuer_name(self) -> Optional[pulumi.Input[str]]:
977
+ def issuer_name(self) -> Optional[pulumi.Input[builtins.str]]:
749
978
  """
750
979
  Provides a name to the specified issuer. The name must be unique
751
980
  across all issuers and not be the reserved value `default`
@@ -753,48 +982,48 @@ class _SecretBackendRootCertState:
753
982
  return pulumi.get(self, "issuer_name")
754
983
 
755
984
  @issuer_name.setter
756
- def issuer_name(self, value: Optional[pulumi.Input[str]]):
985
+ def issuer_name(self, value: Optional[pulumi.Input[builtins.str]]):
757
986
  pulumi.set(self, "issuer_name", value)
758
987
 
759
988
  @property
760
989
  @pulumi.getter(name="issuingCa")
761
- def issuing_ca(self) -> Optional[pulumi.Input[str]]:
990
+ def issuing_ca(self) -> Optional[pulumi.Input[builtins.str]]:
762
991
  """
763
992
  The issuing CA certificate.
764
993
  """
765
994
  return pulumi.get(self, "issuing_ca")
766
995
 
767
996
  @issuing_ca.setter
768
- def issuing_ca(self, value: Optional[pulumi.Input[str]]):
997
+ def issuing_ca(self, value: Optional[pulumi.Input[builtins.str]]):
769
998
  pulumi.set(self, "issuing_ca", value)
770
999
 
771
1000
  @property
772
1001
  @pulumi.getter(name="keyBits")
773
- def key_bits(self) -> Optional[pulumi.Input[int]]:
1002
+ def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
774
1003
  """
775
1004
  The number of bits to use
776
1005
  """
777
1006
  return pulumi.get(self, "key_bits")
778
1007
 
779
1008
  @key_bits.setter
780
- def key_bits(self, value: Optional[pulumi.Input[int]]):
1009
+ def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
781
1010
  pulumi.set(self, "key_bits", value)
782
1011
 
783
1012
  @property
784
1013
  @pulumi.getter(name="keyId")
785
- def key_id(self) -> Optional[pulumi.Input[str]]:
1014
+ def key_id(self) -> Optional[pulumi.Input[builtins.str]]:
786
1015
  """
787
1016
  The ID of the generated key.
788
1017
  """
789
1018
  return pulumi.get(self, "key_id")
790
1019
 
791
1020
  @key_id.setter
792
- def key_id(self, value: Optional[pulumi.Input[str]]):
1021
+ def key_id(self, value: Optional[pulumi.Input[builtins.str]]):
793
1022
  pulumi.set(self, "key_id", value)
794
1023
 
795
1024
  @property
796
1025
  @pulumi.getter(name="keyName")
797
- def key_name(self) -> Optional[pulumi.Input[str]]:
1026
+ def key_name(self) -> Optional[pulumi.Input[builtins.str]]:
798
1027
  """
799
1028
  When a new key is created with this request, optionally specifies
800
1029
  the name for this. The global ref `default` may not be used as a name.
@@ -802,12 +1031,12 @@ class _SecretBackendRootCertState:
802
1031
  return pulumi.get(self, "key_name")
803
1032
 
804
1033
  @key_name.setter
805
- def key_name(self, value: Optional[pulumi.Input[str]]):
1034
+ def key_name(self, value: Optional[pulumi.Input[builtins.str]]):
806
1035
  pulumi.set(self, "key_name", value)
807
1036
 
808
1037
  @property
809
1038
  @pulumi.getter(name="keyRef")
810
- def key_ref(self) -> Optional[pulumi.Input[str]]:
1039
+ def key_ref(self) -> Optional[pulumi.Input[builtins.str]]:
811
1040
  """
812
1041
  Specifies the key (either default, by name, or by identifier) to use
813
1042
  for generating this request. Only suitable for `type=existing` requests.
@@ -815,36 +1044,36 @@ class _SecretBackendRootCertState:
815
1044
  return pulumi.get(self, "key_ref")
816
1045
 
817
1046
  @key_ref.setter
818
- def key_ref(self, value: Optional[pulumi.Input[str]]):
1047
+ def key_ref(self, value: Optional[pulumi.Input[builtins.str]]):
819
1048
  pulumi.set(self, "key_ref", value)
820
1049
 
821
1050
  @property
822
1051
  @pulumi.getter(name="keyType")
823
- def key_type(self) -> Optional[pulumi.Input[str]]:
1052
+ def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
824
1053
  """
825
1054
  The desired key type
826
1055
  """
827
1056
  return pulumi.get(self, "key_type")
828
1057
 
829
1058
  @key_type.setter
830
- def key_type(self, value: Optional[pulumi.Input[str]]):
1059
+ def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
831
1060
  pulumi.set(self, "key_type", value)
832
1061
 
833
1062
  @property
834
1063
  @pulumi.getter
835
- def locality(self) -> Optional[pulumi.Input[str]]:
1064
+ def locality(self) -> Optional[pulumi.Input[builtins.str]]:
836
1065
  """
837
1066
  The locality
838
1067
  """
839
1068
  return pulumi.get(self, "locality")
840
1069
 
841
1070
  @locality.setter
842
- def locality(self, value: Optional[pulumi.Input[str]]):
1071
+ def locality(self, value: Optional[pulumi.Input[builtins.str]]):
843
1072
  pulumi.set(self, "locality", value)
844
1073
 
845
1074
  @property
846
1075
  @pulumi.getter(name="managedKeyId")
847
- def managed_key_id(self) -> Optional[pulumi.Input[str]]:
1076
+ def managed_key_id(self) -> Optional[pulumi.Input[builtins.str]]:
848
1077
  """
849
1078
  The ID of the previously configured managed key. This field is
850
1079
  required if `type` is `kms` and it conflicts with `managed_key_name`
@@ -852,12 +1081,12 @@ class _SecretBackendRootCertState:
852
1081
  return pulumi.get(self, "managed_key_id")
853
1082
 
854
1083
  @managed_key_id.setter
855
- def managed_key_id(self, value: Optional[pulumi.Input[str]]):
1084
+ def managed_key_id(self, value: Optional[pulumi.Input[builtins.str]]):
856
1085
  pulumi.set(self, "managed_key_id", value)
857
1086
 
858
1087
  @property
859
1088
  @pulumi.getter(name="managedKeyName")
860
- def managed_key_name(self) -> Optional[pulumi.Input[str]]:
1089
+ def managed_key_name(self) -> Optional[pulumi.Input[builtins.str]]:
861
1090
  """
862
1091
  The name of the previously configured managed key. This field is
863
1092
  required if `type` is `kms` and it conflicts with `managed_key_id`
@@ -865,24 +1094,24 @@ class _SecretBackendRootCertState:
865
1094
  return pulumi.get(self, "managed_key_name")
866
1095
 
867
1096
  @managed_key_name.setter
868
- def managed_key_name(self, value: Optional[pulumi.Input[str]]):
1097
+ def managed_key_name(self, value: Optional[pulumi.Input[builtins.str]]):
869
1098
  pulumi.set(self, "managed_key_name", value)
870
1099
 
871
1100
  @property
872
1101
  @pulumi.getter(name="maxPathLength")
873
- def max_path_length(self) -> Optional[pulumi.Input[int]]:
1102
+ def max_path_length(self) -> Optional[pulumi.Input[builtins.int]]:
874
1103
  """
875
1104
  The maximum path length to encode in the generated certificate
876
1105
  """
877
1106
  return pulumi.get(self, "max_path_length")
878
1107
 
879
1108
  @max_path_length.setter
880
- def max_path_length(self, value: Optional[pulumi.Input[int]]):
1109
+ def max_path_length(self, value: Optional[pulumi.Input[builtins.int]]):
881
1110
  pulumi.set(self, "max_path_length", value)
882
1111
 
883
1112
  @property
884
1113
  @pulumi.getter
885
- def namespace(self) -> Optional[pulumi.Input[str]]:
1114
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
886
1115
  """
887
1116
  The namespace to provision the resource in.
888
1117
  The value should not contain leading or trailing forward slashes.
@@ -892,132 +1121,192 @@ class _SecretBackendRootCertState:
892
1121
  return pulumi.get(self, "namespace")
893
1122
 
894
1123
  @namespace.setter
895
- def namespace(self, value: Optional[pulumi.Input[str]]):
1124
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
896
1125
  pulumi.set(self, "namespace", value)
897
1126
 
1127
+ @property
1128
+ @pulumi.getter(name="notAfter")
1129
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
1130
+ """
1131
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1132
+ """
1133
+ return pulumi.get(self, "not_after")
1134
+
1135
+ @not_after.setter
1136
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
1137
+ pulumi.set(self, "not_after", value)
1138
+
898
1139
  @property
899
1140
  @pulumi.getter
900
- def organization(self) -> Optional[pulumi.Input[str]]:
1141
+ def organization(self) -> Optional[pulumi.Input[builtins.str]]:
901
1142
  """
902
1143
  The organization
903
1144
  """
904
1145
  return pulumi.get(self, "organization")
905
1146
 
906
1147
  @organization.setter
907
- def organization(self, value: Optional[pulumi.Input[str]]):
1148
+ def organization(self, value: Optional[pulumi.Input[builtins.str]]):
908
1149
  pulumi.set(self, "organization", value)
909
1150
 
910
1151
  @property
911
1152
  @pulumi.getter(name="otherSans")
912
- def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1153
+ def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
913
1154
  """
914
1155
  List of other SANs
915
1156
  """
916
1157
  return pulumi.get(self, "other_sans")
917
1158
 
918
1159
  @other_sans.setter
919
- def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1160
+ def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
920
1161
  pulumi.set(self, "other_sans", value)
921
1162
 
922
1163
  @property
923
1164
  @pulumi.getter
924
- def ou(self) -> Optional[pulumi.Input[str]]:
1165
+ def ou(self) -> Optional[pulumi.Input[builtins.str]]:
925
1166
  """
926
1167
  The organization unit
927
1168
  """
928
1169
  return pulumi.get(self, "ou")
929
1170
 
930
1171
  @ou.setter
931
- def ou(self, value: Optional[pulumi.Input[str]]):
1172
+ def ou(self, value: Optional[pulumi.Input[builtins.str]]):
932
1173
  pulumi.set(self, "ou", value)
933
1174
 
934
1175
  @property
935
1176
  @pulumi.getter(name="permittedDnsDomains")
936
- def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1177
+ def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
937
1178
  """
938
1179
  List of domains for which certificates are allowed to be issued
939
1180
  """
940
1181
  return pulumi.get(self, "permitted_dns_domains")
941
1182
 
942
1183
  @permitted_dns_domains.setter
943
- def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1184
+ def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
944
1185
  pulumi.set(self, "permitted_dns_domains", value)
945
1186
 
1187
+ @property
1188
+ @pulumi.getter(name="permittedEmailAddresses")
1189
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1190
+ """
1191
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1192
+ """
1193
+ return pulumi.get(self, "permitted_email_addresses")
1194
+
1195
+ @permitted_email_addresses.setter
1196
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1197
+ pulumi.set(self, "permitted_email_addresses", value)
1198
+
1199
+ @property
1200
+ @pulumi.getter(name="permittedIpRanges")
1201
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1202
+ """
1203
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1204
+ """
1205
+ return pulumi.get(self, "permitted_ip_ranges")
1206
+
1207
+ @permitted_ip_ranges.setter
1208
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1209
+ pulumi.set(self, "permitted_ip_ranges", value)
1210
+
1211
+ @property
1212
+ @pulumi.getter(name="permittedUriDomains")
1213
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1214
+ """
1215
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1216
+ """
1217
+ return pulumi.get(self, "permitted_uri_domains")
1218
+
1219
+ @permitted_uri_domains.setter
1220
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1221
+ pulumi.set(self, "permitted_uri_domains", value)
1222
+
946
1223
  @property
947
1224
  @pulumi.getter(name="postalCode")
948
- def postal_code(self) -> Optional[pulumi.Input[str]]:
1225
+ def postal_code(self) -> Optional[pulumi.Input[builtins.str]]:
949
1226
  """
950
1227
  The postal code
951
1228
  """
952
1229
  return pulumi.get(self, "postal_code")
953
1230
 
954
1231
  @postal_code.setter
955
- def postal_code(self, value: Optional[pulumi.Input[str]]):
1232
+ def postal_code(self, value: Optional[pulumi.Input[builtins.str]]):
956
1233
  pulumi.set(self, "postal_code", value)
957
1234
 
958
1235
  @property
959
1236
  @pulumi.getter(name="privateKeyFormat")
960
- def private_key_format(self) -> Optional[pulumi.Input[str]]:
1237
+ def private_key_format(self) -> Optional[pulumi.Input[builtins.str]]:
961
1238
  """
962
1239
  The private key format
963
1240
  """
964
1241
  return pulumi.get(self, "private_key_format")
965
1242
 
966
1243
  @private_key_format.setter
967
- def private_key_format(self, value: Optional[pulumi.Input[str]]):
1244
+ def private_key_format(self, value: Optional[pulumi.Input[builtins.str]]):
968
1245
  pulumi.set(self, "private_key_format", value)
969
1246
 
970
1247
  @property
971
1248
  @pulumi.getter
972
- def province(self) -> Optional[pulumi.Input[str]]:
1249
+ def province(self) -> Optional[pulumi.Input[builtins.str]]:
973
1250
  """
974
1251
  The province
975
1252
  """
976
1253
  return pulumi.get(self, "province")
977
1254
 
978
1255
  @province.setter
979
- def province(self, value: Optional[pulumi.Input[str]]):
1256
+ def province(self, value: Optional[pulumi.Input[builtins.str]]):
980
1257
  pulumi.set(self, "province", value)
981
1258
 
982
1259
  @property
983
1260
  @pulumi.getter(name="serialNumber")
984
- def serial_number(self) -> Optional[pulumi.Input[str]]:
1261
+ def serial_number(self) -> Optional[pulumi.Input[builtins.str]]:
985
1262
  """
986
1263
  The certificate's serial number, hex formatted.
987
1264
  """
988
1265
  return pulumi.get(self, "serial_number")
989
1266
 
990
1267
  @serial_number.setter
991
- def serial_number(self, value: Optional[pulumi.Input[str]]):
1268
+ def serial_number(self, value: Optional[pulumi.Input[builtins.str]]):
992
1269
  pulumi.set(self, "serial_number", value)
993
1270
 
1271
+ @property
1272
+ @pulumi.getter(name="signatureBits")
1273
+ def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
1274
+ """
1275
+ The number of bits to use in the signature algorithm
1276
+ """
1277
+ return pulumi.get(self, "signature_bits")
1278
+
1279
+ @signature_bits.setter
1280
+ def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
1281
+ pulumi.set(self, "signature_bits", value)
1282
+
994
1283
  @property
995
1284
  @pulumi.getter(name="streetAddress")
996
- def street_address(self) -> Optional[pulumi.Input[str]]:
1285
+ def street_address(self) -> Optional[pulumi.Input[builtins.str]]:
997
1286
  """
998
1287
  The street address
999
1288
  """
1000
1289
  return pulumi.get(self, "street_address")
1001
1290
 
1002
1291
  @street_address.setter
1003
- def street_address(self, value: Optional[pulumi.Input[str]]):
1292
+ def street_address(self, value: Optional[pulumi.Input[builtins.str]]):
1004
1293
  pulumi.set(self, "street_address", value)
1005
1294
 
1006
1295
  @property
1007
1296
  @pulumi.getter
1008
- def ttl(self) -> Optional[pulumi.Input[str]]:
1297
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
1009
1298
  """
1010
1299
  Time to live
1011
1300
  """
1012
1301
  return pulumi.get(self, "ttl")
1013
1302
 
1014
1303
  @ttl.setter
1015
- def ttl(self, value: Optional[pulumi.Input[str]]):
1304
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
1016
1305
  pulumi.set(self, "ttl", value)
1017
1306
 
1018
1307
  @property
1019
1308
  @pulumi.getter
1020
- def type(self) -> Optional[pulumi.Input[str]]:
1309
+ def type(self) -> Optional[pulumi.Input[builtins.str]]:
1021
1310
  """
1022
1311
  Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
1023
1312
  or \\"kms\\"
@@ -1025,19 +1314,19 @@ class _SecretBackendRootCertState:
1025
1314
  return pulumi.get(self, "type")
1026
1315
 
1027
1316
  @type.setter
1028
- def type(self, value: Optional[pulumi.Input[str]]):
1317
+ def type(self, value: Optional[pulumi.Input[builtins.str]]):
1029
1318
  pulumi.set(self, "type", value)
1030
1319
 
1031
1320
  @property
1032
1321
  @pulumi.getter(name="uriSans")
1033
- def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1322
+ def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1034
1323
  """
1035
1324
  List of alternative URIs
1036
1325
  """
1037
1326
  return pulumi.get(self, "uri_sans")
1038
1327
 
1039
1328
  @uri_sans.setter
1040
- def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1329
+ def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1041
1330
  pulumi.set(self, "uri_sans", value)
1042
1331
 
1043
1332
 
@@ -1046,34 +1335,43 @@ class SecretBackendRootCert(pulumi.CustomResource):
1046
1335
  def __init__(__self__,
1047
1336
  resource_name: str,
1048
1337
  opts: Optional[pulumi.ResourceOptions] = None,
1049
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1050
- backend: Optional[pulumi.Input[str]] = None,
1051
- common_name: Optional[pulumi.Input[str]] = None,
1052
- country: Optional[pulumi.Input[str]] = None,
1053
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1054
- format: Optional[pulumi.Input[str]] = None,
1055
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1056
- issuer_name: Optional[pulumi.Input[str]] = None,
1057
- key_bits: Optional[pulumi.Input[int]] = None,
1058
- key_name: Optional[pulumi.Input[str]] = None,
1059
- key_ref: Optional[pulumi.Input[str]] = None,
1060
- key_type: Optional[pulumi.Input[str]] = None,
1061
- locality: Optional[pulumi.Input[str]] = None,
1062
- managed_key_id: Optional[pulumi.Input[str]] = None,
1063
- managed_key_name: Optional[pulumi.Input[str]] = None,
1064
- max_path_length: Optional[pulumi.Input[int]] = None,
1065
- namespace: Optional[pulumi.Input[str]] = None,
1066
- organization: Optional[pulumi.Input[str]] = None,
1067
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1068
- ou: Optional[pulumi.Input[str]] = None,
1069
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1070
- postal_code: Optional[pulumi.Input[str]] = None,
1071
- private_key_format: Optional[pulumi.Input[str]] = None,
1072
- province: Optional[pulumi.Input[str]] = None,
1073
- street_address: Optional[pulumi.Input[str]] = None,
1074
- ttl: Optional[pulumi.Input[str]] = None,
1075
- type: Optional[pulumi.Input[str]] = None,
1076
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1338
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1339
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1340
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
1341
+ country: Optional[pulumi.Input[builtins.str]] = None,
1342
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
1343
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1344
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1345
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1346
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1347
+ format: Optional[pulumi.Input[builtins.str]] = None,
1348
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1349
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
1350
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
1351
+ key_name: Optional[pulumi.Input[builtins.str]] = None,
1352
+ key_ref: Optional[pulumi.Input[builtins.str]] = None,
1353
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
1354
+ locality: Optional[pulumi.Input[builtins.str]] = None,
1355
+ managed_key_id: Optional[pulumi.Input[builtins.str]] = None,
1356
+ managed_key_name: Optional[pulumi.Input[builtins.str]] = None,
1357
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
1358
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1359
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1360
+ organization: Optional[pulumi.Input[builtins.str]] = None,
1361
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1362
+ ou: Optional[pulumi.Input[builtins.str]] = None,
1363
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1364
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1365
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1366
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1367
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
1368
+ private_key_format: Optional[pulumi.Input[builtins.str]] = None,
1369
+ province: Optional[pulumi.Input[builtins.str]] = None,
1370
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1371
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
1372
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1373
+ type: Optional[pulumi.Input[builtins.str]] = None,
1374
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1077
1375
  __props__=None):
1078
1376
  """
1079
1377
  ## Example Usage
@@ -1099,43 +1397,52 @@ class SecretBackendRootCert(pulumi.CustomResource):
1099
1397
 
1100
1398
  :param str resource_name: The name of the resource.
1101
1399
  :param pulumi.ResourceOptions opts: Options for the resource.
1102
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
1103
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
1104
- :param pulumi.Input[str] common_name: CN of intermediate to create
1105
- :param pulumi.Input[str] country: The country
1106
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1107
- :param pulumi.Input[str] format: The format of data
1108
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
1109
- :param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
1400
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
1401
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
1402
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
1403
+ :param pulumi.Input[builtins.str] country: The country
1404
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1405
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1406
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1407
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1408
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1409
+ :param pulumi.Input[builtins.str] format: The format of data
1410
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
1411
+ :param pulumi.Input[builtins.str] issuer_name: Provides a name to the specified issuer. The name must be unique
1110
1412
  across all issuers and not be the reserved value `default`
1111
- :param pulumi.Input[int] key_bits: The number of bits to use
1112
- :param pulumi.Input[str] key_name: When a new key is created with this request, optionally specifies
1413
+ :param pulumi.Input[builtins.int] key_bits: The number of bits to use
1414
+ :param pulumi.Input[builtins.str] key_name: When a new key is created with this request, optionally specifies
1113
1415
  the name for this. The global ref `default` may not be used as a name.
1114
- :param pulumi.Input[str] key_ref: Specifies the key (either default, by name, or by identifier) to use
1416
+ :param pulumi.Input[builtins.str] key_ref: Specifies the key (either default, by name, or by identifier) to use
1115
1417
  for generating this request. Only suitable for `type=existing` requests.
1116
- :param pulumi.Input[str] key_type: The desired key type
1117
- :param pulumi.Input[str] locality: The locality
1118
- :param pulumi.Input[str] managed_key_id: The ID of the previously configured managed key. This field is
1418
+ :param pulumi.Input[builtins.str] key_type: The desired key type
1419
+ :param pulumi.Input[builtins.str] locality: The locality
1420
+ :param pulumi.Input[builtins.str] managed_key_id: The ID of the previously configured managed key. This field is
1119
1421
  required if `type` is `kms` and it conflicts with `managed_key_name`
1120
- :param pulumi.Input[str] managed_key_name: The name of the previously configured managed key. This field is
1422
+ :param pulumi.Input[builtins.str] managed_key_name: The name of the previously configured managed key. This field is
1121
1423
  required if `type` is `kms` and it conflicts with `managed_key_id`
1122
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
1123
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1424
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
1425
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1124
1426
  The value should not contain leading or trailing forward slashes.
1125
1427
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1126
1428
  *Available only for Vault Enterprise*.
1127
- :param pulumi.Input[str] organization: The organization
1128
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
1129
- :param pulumi.Input[str] ou: The organization unit
1130
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1131
- :param pulumi.Input[str] postal_code: The postal code
1132
- :param pulumi.Input[str] private_key_format: The private key format
1133
- :param pulumi.Input[str] province: The province
1134
- :param pulumi.Input[str] street_address: The street address
1135
- :param pulumi.Input[str] ttl: Time to live
1136
- :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
1429
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1430
+ :param pulumi.Input[builtins.str] organization: The organization
1431
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
1432
+ :param pulumi.Input[builtins.str] ou: The organization unit
1433
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1434
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1435
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1436
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1437
+ :param pulumi.Input[builtins.str] postal_code: The postal code
1438
+ :param pulumi.Input[builtins.str] private_key_format: The private key format
1439
+ :param pulumi.Input[builtins.str] province: The province
1440
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
1441
+ :param pulumi.Input[builtins.str] street_address: The street address
1442
+ :param pulumi.Input[builtins.str] ttl: Time to live
1443
+ :param pulumi.Input[builtins.str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
1137
1444
  or \\"kms\\"
1138
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
1445
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
1139
1446
  """
1140
1447
  ...
1141
1448
  @overload
@@ -1180,34 +1487,43 @@ class SecretBackendRootCert(pulumi.CustomResource):
1180
1487
  def _internal_init(__self__,
1181
1488
  resource_name: str,
1182
1489
  opts: Optional[pulumi.ResourceOptions] = None,
1183
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1184
- backend: Optional[pulumi.Input[str]] = None,
1185
- common_name: Optional[pulumi.Input[str]] = None,
1186
- country: Optional[pulumi.Input[str]] = None,
1187
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1188
- format: Optional[pulumi.Input[str]] = None,
1189
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1190
- issuer_name: Optional[pulumi.Input[str]] = None,
1191
- key_bits: Optional[pulumi.Input[int]] = None,
1192
- key_name: Optional[pulumi.Input[str]] = None,
1193
- key_ref: Optional[pulumi.Input[str]] = None,
1194
- key_type: Optional[pulumi.Input[str]] = None,
1195
- locality: Optional[pulumi.Input[str]] = None,
1196
- managed_key_id: Optional[pulumi.Input[str]] = None,
1197
- managed_key_name: Optional[pulumi.Input[str]] = None,
1198
- max_path_length: Optional[pulumi.Input[int]] = None,
1199
- namespace: Optional[pulumi.Input[str]] = None,
1200
- organization: Optional[pulumi.Input[str]] = None,
1201
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1202
- ou: Optional[pulumi.Input[str]] = None,
1203
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1204
- postal_code: Optional[pulumi.Input[str]] = None,
1205
- private_key_format: Optional[pulumi.Input[str]] = None,
1206
- province: Optional[pulumi.Input[str]] = None,
1207
- street_address: Optional[pulumi.Input[str]] = None,
1208
- ttl: Optional[pulumi.Input[str]] = None,
1209
- type: Optional[pulumi.Input[str]] = None,
1210
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1490
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1491
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1492
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
1493
+ country: Optional[pulumi.Input[builtins.str]] = None,
1494
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
1495
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1496
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1497
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1498
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1499
+ format: Optional[pulumi.Input[builtins.str]] = None,
1500
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1501
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
1502
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
1503
+ key_name: Optional[pulumi.Input[builtins.str]] = None,
1504
+ key_ref: Optional[pulumi.Input[builtins.str]] = None,
1505
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
1506
+ locality: Optional[pulumi.Input[builtins.str]] = None,
1507
+ managed_key_id: Optional[pulumi.Input[builtins.str]] = None,
1508
+ managed_key_name: Optional[pulumi.Input[builtins.str]] = None,
1509
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
1510
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1511
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1512
+ organization: Optional[pulumi.Input[builtins.str]] = None,
1513
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1514
+ ou: Optional[pulumi.Input[builtins.str]] = None,
1515
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1516
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1517
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1518
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1519
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
1520
+ private_key_format: Optional[pulumi.Input[builtins.str]] = None,
1521
+ province: Optional[pulumi.Input[builtins.str]] = None,
1522
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1523
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
1524
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1525
+ type: Optional[pulumi.Input[builtins.str]] = None,
1526
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1211
1527
  __props__=None):
1212
1528
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1213
1529
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1226,6 +1542,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1226
1542
  __props__.__dict__["common_name"] = common_name
1227
1543
  __props__.__dict__["country"] = country
1228
1544
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1545
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1546
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1547
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1548
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1229
1549
  __props__.__dict__["format"] = format
1230
1550
  __props__.__dict__["ip_sans"] = ip_sans
1231
1551
  __props__.__dict__["issuer_name"] = issuer_name
@@ -1238,13 +1558,18 @@ class SecretBackendRootCert(pulumi.CustomResource):
1238
1558
  __props__.__dict__["managed_key_name"] = managed_key_name
1239
1559
  __props__.__dict__["max_path_length"] = max_path_length
1240
1560
  __props__.__dict__["namespace"] = namespace
1561
+ __props__.__dict__["not_after"] = not_after
1241
1562
  __props__.__dict__["organization"] = organization
1242
1563
  __props__.__dict__["other_sans"] = other_sans
1243
1564
  __props__.__dict__["ou"] = ou
1244
1565
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1566
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1567
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1568
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1245
1569
  __props__.__dict__["postal_code"] = postal_code
1246
1570
  __props__.__dict__["private_key_format"] = private_key_format
1247
1571
  __props__.__dict__["province"] = province
1572
+ __props__.__dict__["signature_bits"] = signature_bits
1248
1573
  __props__.__dict__["street_address"] = street_address
1249
1574
  __props__.__dict__["ttl"] = ttl
1250
1575
  if type is None and not opts.urn:
@@ -1266,39 +1591,48 @@ class SecretBackendRootCert(pulumi.CustomResource):
1266
1591
  def get(resource_name: str,
1267
1592
  id: pulumi.Input[str],
1268
1593
  opts: Optional[pulumi.ResourceOptions] = None,
1269
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1270
- backend: Optional[pulumi.Input[str]] = None,
1271
- certificate: Optional[pulumi.Input[str]] = None,
1272
- common_name: Optional[pulumi.Input[str]] = None,
1273
- country: Optional[pulumi.Input[str]] = None,
1274
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1275
- format: Optional[pulumi.Input[str]] = None,
1276
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1277
- issuer_id: Optional[pulumi.Input[str]] = None,
1278
- issuer_name: Optional[pulumi.Input[str]] = None,
1279
- issuing_ca: Optional[pulumi.Input[str]] = None,
1280
- key_bits: Optional[pulumi.Input[int]] = None,
1281
- key_id: Optional[pulumi.Input[str]] = None,
1282
- key_name: Optional[pulumi.Input[str]] = None,
1283
- key_ref: Optional[pulumi.Input[str]] = None,
1284
- key_type: Optional[pulumi.Input[str]] = None,
1285
- locality: Optional[pulumi.Input[str]] = None,
1286
- managed_key_id: Optional[pulumi.Input[str]] = None,
1287
- managed_key_name: Optional[pulumi.Input[str]] = None,
1288
- max_path_length: Optional[pulumi.Input[int]] = None,
1289
- namespace: Optional[pulumi.Input[str]] = None,
1290
- organization: Optional[pulumi.Input[str]] = None,
1291
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1292
- ou: Optional[pulumi.Input[str]] = None,
1293
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1294
- postal_code: Optional[pulumi.Input[str]] = None,
1295
- private_key_format: Optional[pulumi.Input[str]] = None,
1296
- province: Optional[pulumi.Input[str]] = None,
1297
- serial_number: Optional[pulumi.Input[str]] = None,
1298
- street_address: Optional[pulumi.Input[str]] = None,
1299
- ttl: Optional[pulumi.Input[str]] = None,
1300
- type: Optional[pulumi.Input[str]] = None,
1301
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'SecretBackendRootCert':
1594
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1595
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1596
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1597
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
1598
+ country: Optional[pulumi.Input[builtins.str]] = None,
1599
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
1600
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1601
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1602
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1603
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1604
+ format: Optional[pulumi.Input[builtins.str]] = None,
1605
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1606
+ issuer_id: Optional[pulumi.Input[builtins.str]] = None,
1607
+ issuer_name: Optional[pulumi.Input[builtins.str]] = None,
1608
+ issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
1609
+ key_bits: Optional[pulumi.Input[builtins.int]] = None,
1610
+ key_id: Optional[pulumi.Input[builtins.str]] = None,
1611
+ key_name: Optional[pulumi.Input[builtins.str]] = None,
1612
+ key_ref: Optional[pulumi.Input[builtins.str]] = None,
1613
+ key_type: Optional[pulumi.Input[builtins.str]] = None,
1614
+ locality: Optional[pulumi.Input[builtins.str]] = None,
1615
+ managed_key_id: Optional[pulumi.Input[builtins.str]] = None,
1616
+ managed_key_name: Optional[pulumi.Input[builtins.str]] = None,
1617
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
1618
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1619
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1620
+ organization: Optional[pulumi.Input[builtins.str]] = None,
1621
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1622
+ ou: Optional[pulumi.Input[builtins.str]] = None,
1623
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1624
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1625
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1626
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1627
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
1628
+ private_key_format: Optional[pulumi.Input[builtins.str]] = None,
1629
+ province: Optional[pulumi.Input[builtins.str]] = None,
1630
+ serial_number: Optional[pulumi.Input[builtins.str]] = None,
1631
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1632
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
1633
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1634
+ type: Optional[pulumi.Input[builtins.str]] = None,
1635
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None) -> 'SecretBackendRootCert':
1302
1636
  """
1303
1637
  Get an existing SecretBackendRootCert resource's state with the given name, id, and optional extra
1304
1638
  properties used to qualify the lookup.
@@ -1306,48 +1640,57 @@ class SecretBackendRootCert(pulumi.CustomResource):
1306
1640
  :param str resource_name: The unique name of the resulting resource.
1307
1641
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1308
1642
  :param pulumi.ResourceOptions opts: Options for the resource.
1309
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
1310
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
1311
- :param pulumi.Input[str] certificate: The certificate.
1312
- :param pulumi.Input[str] common_name: CN of intermediate to create
1313
- :param pulumi.Input[str] country: The country
1314
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1315
- :param pulumi.Input[str] format: The format of data
1316
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
1317
- :param pulumi.Input[str] issuer_id: The ID of the generated issuer.
1318
- :param pulumi.Input[str] issuer_name: Provides a name to the specified issuer. The name must be unique
1643
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
1644
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
1645
+ :param pulumi.Input[builtins.str] certificate: The certificate.
1646
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
1647
+ :param pulumi.Input[builtins.str] country: The country
1648
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1649
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1650
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1651
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1652
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1653
+ :param pulumi.Input[builtins.str] format: The format of data
1654
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
1655
+ :param pulumi.Input[builtins.str] issuer_id: The ID of the generated issuer.
1656
+ :param pulumi.Input[builtins.str] issuer_name: Provides a name to the specified issuer. The name must be unique
1319
1657
  across all issuers and not be the reserved value `default`
1320
- :param pulumi.Input[str] issuing_ca: The issuing CA certificate.
1321
- :param pulumi.Input[int] key_bits: The number of bits to use
1322
- :param pulumi.Input[str] key_id: The ID of the generated key.
1323
- :param pulumi.Input[str] key_name: When a new key is created with this request, optionally specifies
1658
+ :param pulumi.Input[builtins.str] issuing_ca: The issuing CA certificate.
1659
+ :param pulumi.Input[builtins.int] key_bits: The number of bits to use
1660
+ :param pulumi.Input[builtins.str] key_id: The ID of the generated key.
1661
+ :param pulumi.Input[builtins.str] key_name: When a new key is created with this request, optionally specifies
1324
1662
  the name for this. The global ref `default` may not be used as a name.
1325
- :param pulumi.Input[str] key_ref: Specifies the key (either default, by name, or by identifier) to use
1663
+ :param pulumi.Input[builtins.str] key_ref: Specifies the key (either default, by name, or by identifier) to use
1326
1664
  for generating this request. Only suitable for `type=existing` requests.
1327
- :param pulumi.Input[str] key_type: The desired key type
1328
- :param pulumi.Input[str] locality: The locality
1329
- :param pulumi.Input[str] managed_key_id: The ID of the previously configured managed key. This field is
1665
+ :param pulumi.Input[builtins.str] key_type: The desired key type
1666
+ :param pulumi.Input[builtins.str] locality: The locality
1667
+ :param pulumi.Input[builtins.str] managed_key_id: The ID of the previously configured managed key. This field is
1330
1668
  required if `type` is `kms` and it conflicts with `managed_key_name`
1331
- :param pulumi.Input[str] managed_key_name: The name of the previously configured managed key. This field is
1669
+ :param pulumi.Input[builtins.str] managed_key_name: The name of the previously configured managed key. This field is
1332
1670
  required if `type` is `kms` and it conflicts with `managed_key_id`
1333
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
1334
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1671
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
1672
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1335
1673
  The value should not contain leading or trailing forward slashes.
1336
1674
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1337
1675
  *Available only for Vault Enterprise*.
1338
- :param pulumi.Input[str] organization: The organization
1339
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
1340
- :param pulumi.Input[str] ou: The organization unit
1341
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1342
- :param pulumi.Input[str] postal_code: The postal code
1343
- :param pulumi.Input[str] private_key_format: The private key format
1344
- :param pulumi.Input[str] province: The province
1345
- :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
1346
- :param pulumi.Input[str] street_address: The street address
1347
- :param pulumi.Input[str] ttl: Time to live
1348
- :param pulumi.Input[str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
1676
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1677
+ :param pulumi.Input[builtins.str] organization: The organization
1678
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
1679
+ :param pulumi.Input[builtins.str] ou: The organization unit
1680
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1681
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1682
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1683
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1684
+ :param pulumi.Input[builtins.str] postal_code: The postal code
1685
+ :param pulumi.Input[builtins.str] private_key_format: The private key format
1686
+ :param pulumi.Input[builtins.str] province: The province
1687
+ :param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
1688
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
1689
+ :param pulumi.Input[builtins.str] street_address: The street address
1690
+ :param pulumi.Input[builtins.str] ttl: Time to live
1691
+ :param pulumi.Input[builtins.str] type: Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
1349
1692
  or \\"kms\\"
1350
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
1693
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
1351
1694
  """
1352
1695
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1353
1696
 
@@ -1359,6 +1702,10 @@ class SecretBackendRootCert(pulumi.CustomResource):
1359
1702
  __props__.__dict__["common_name"] = common_name
1360
1703
  __props__.__dict__["country"] = country
1361
1704
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1705
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1706
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1707
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1708
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1362
1709
  __props__.__dict__["format"] = format
1363
1710
  __props__.__dict__["ip_sans"] = ip_sans
1364
1711
  __props__.__dict__["issuer_id"] = issuer_id
@@ -1374,14 +1721,19 @@ class SecretBackendRootCert(pulumi.CustomResource):
1374
1721
  __props__.__dict__["managed_key_name"] = managed_key_name
1375
1722
  __props__.__dict__["max_path_length"] = max_path_length
1376
1723
  __props__.__dict__["namespace"] = namespace
1724
+ __props__.__dict__["not_after"] = not_after
1377
1725
  __props__.__dict__["organization"] = organization
1378
1726
  __props__.__dict__["other_sans"] = other_sans
1379
1727
  __props__.__dict__["ou"] = ou
1380
1728
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1729
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1730
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1731
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1381
1732
  __props__.__dict__["postal_code"] = postal_code
1382
1733
  __props__.__dict__["private_key_format"] = private_key_format
1383
1734
  __props__.__dict__["province"] = province
1384
1735
  __props__.__dict__["serial_number"] = serial_number
1736
+ __props__.__dict__["signature_bits"] = signature_bits
1385
1737
  __props__.__dict__["street_address"] = street_address
1386
1738
  __props__.__dict__["ttl"] = ttl
1387
1739
  __props__.__dict__["type"] = type
@@ -1390,7 +1742,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1390
1742
 
1391
1743
  @property
1392
1744
  @pulumi.getter(name="altNames")
1393
- def alt_names(self) -> pulumi.Output[Optional[Sequence[str]]]:
1745
+ def alt_names(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1394
1746
  """
1395
1747
  List of alternative names
1396
1748
  """
@@ -1398,7 +1750,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1398
1750
 
1399
1751
  @property
1400
1752
  @pulumi.getter
1401
- def backend(self) -> pulumi.Output[str]:
1753
+ def backend(self) -> pulumi.Output[builtins.str]:
1402
1754
  """
1403
1755
  The PKI secret backend the resource belongs to.
1404
1756
  """
@@ -1406,7 +1758,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1406
1758
 
1407
1759
  @property
1408
1760
  @pulumi.getter
1409
- def certificate(self) -> pulumi.Output[str]:
1761
+ def certificate(self) -> pulumi.Output[builtins.str]:
1410
1762
  """
1411
1763
  The certificate.
1412
1764
  """
@@ -1414,7 +1766,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1414
1766
 
1415
1767
  @property
1416
1768
  @pulumi.getter(name="commonName")
1417
- def common_name(self) -> pulumi.Output[str]:
1769
+ def common_name(self) -> pulumi.Output[builtins.str]:
1418
1770
  """
1419
1771
  CN of intermediate to create
1420
1772
  """
@@ -1422,7 +1774,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1422
1774
 
1423
1775
  @property
1424
1776
  @pulumi.getter
1425
- def country(self) -> pulumi.Output[Optional[str]]:
1777
+ def country(self) -> pulumi.Output[Optional[builtins.str]]:
1426
1778
  """
1427
1779
  The country
1428
1780
  """
@@ -1430,15 +1782,47 @@ class SecretBackendRootCert(pulumi.CustomResource):
1430
1782
 
1431
1783
  @property
1432
1784
  @pulumi.getter(name="excludeCnFromSans")
1433
- def exclude_cn_from_sans(self) -> pulumi.Output[Optional[bool]]:
1785
+ def exclude_cn_from_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
1434
1786
  """
1435
1787
  Flag to exclude CN from SANs
1436
1788
  """
1437
1789
  return pulumi.get(self, "exclude_cn_from_sans")
1438
1790
 
1791
+ @property
1792
+ @pulumi.getter(name="excludedDnsDomains")
1793
+ def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1794
+ """
1795
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1796
+ """
1797
+ return pulumi.get(self, "excluded_dns_domains")
1798
+
1799
+ @property
1800
+ @pulumi.getter(name="excludedEmailAddresses")
1801
+ def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1802
+ """
1803
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1804
+ """
1805
+ return pulumi.get(self, "excluded_email_addresses")
1806
+
1807
+ @property
1808
+ @pulumi.getter(name="excludedIpRanges")
1809
+ def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1810
+ """
1811
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1812
+ """
1813
+ return pulumi.get(self, "excluded_ip_ranges")
1814
+
1815
+ @property
1816
+ @pulumi.getter(name="excludedUriDomains")
1817
+ def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1818
+ """
1819
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1820
+ """
1821
+ return pulumi.get(self, "excluded_uri_domains")
1822
+
1439
1823
  @property
1440
1824
  @pulumi.getter
1441
- def format(self) -> pulumi.Output[Optional[str]]:
1825
+ def format(self) -> pulumi.Output[Optional[builtins.str]]:
1442
1826
  """
1443
1827
  The format of data
1444
1828
  """
@@ -1446,7 +1830,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1446
1830
 
1447
1831
  @property
1448
1832
  @pulumi.getter(name="ipSans")
1449
- def ip_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1833
+ def ip_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1450
1834
  """
1451
1835
  List of alternative IPs
1452
1836
  """
@@ -1454,7 +1838,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1454
1838
 
1455
1839
  @property
1456
1840
  @pulumi.getter(name="issuerId")
1457
- def issuer_id(self) -> pulumi.Output[str]:
1841
+ def issuer_id(self) -> pulumi.Output[builtins.str]:
1458
1842
  """
1459
1843
  The ID of the generated issuer.
1460
1844
  """
@@ -1462,7 +1846,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1462
1846
 
1463
1847
  @property
1464
1848
  @pulumi.getter(name="issuerName")
1465
- def issuer_name(self) -> pulumi.Output[str]:
1849
+ def issuer_name(self) -> pulumi.Output[builtins.str]:
1466
1850
  """
1467
1851
  Provides a name to the specified issuer. The name must be unique
1468
1852
  across all issuers and not be the reserved value `default`
@@ -1471,7 +1855,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1471
1855
 
1472
1856
  @property
1473
1857
  @pulumi.getter(name="issuingCa")
1474
- def issuing_ca(self) -> pulumi.Output[str]:
1858
+ def issuing_ca(self) -> pulumi.Output[builtins.str]:
1475
1859
  """
1476
1860
  The issuing CA certificate.
1477
1861
  """
@@ -1479,7 +1863,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1479
1863
 
1480
1864
  @property
1481
1865
  @pulumi.getter(name="keyBits")
1482
- def key_bits(self) -> pulumi.Output[Optional[int]]:
1866
+ def key_bits(self) -> pulumi.Output[Optional[builtins.int]]:
1483
1867
  """
1484
1868
  The number of bits to use
1485
1869
  """
@@ -1487,7 +1871,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1487
1871
 
1488
1872
  @property
1489
1873
  @pulumi.getter(name="keyId")
1490
- def key_id(self) -> pulumi.Output[str]:
1874
+ def key_id(self) -> pulumi.Output[builtins.str]:
1491
1875
  """
1492
1876
  The ID of the generated key.
1493
1877
  """
@@ -1495,7 +1879,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1495
1879
 
1496
1880
  @property
1497
1881
  @pulumi.getter(name="keyName")
1498
- def key_name(self) -> pulumi.Output[str]:
1882
+ def key_name(self) -> pulumi.Output[builtins.str]:
1499
1883
  """
1500
1884
  When a new key is created with this request, optionally specifies
1501
1885
  the name for this. The global ref `default` may not be used as a name.
@@ -1504,7 +1888,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1504
1888
 
1505
1889
  @property
1506
1890
  @pulumi.getter(name="keyRef")
1507
- def key_ref(self) -> pulumi.Output[str]:
1891
+ def key_ref(self) -> pulumi.Output[builtins.str]:
1508
1892
  """
1509
1893
  Specifies the key (either default, by name, or by identifier) to use
1510
1894
  for generating this request. Only suitable for `type=existing` requests.
@@ -1513,7 +1897,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1513
1897
 
1514
1898
  @property
1515
1899
  @pulumi.getter(name="keyType")
1516
- def key_type(self) -> pulumi.Output[Optional[str]]:
1900
+ def key_type(self) -> pulumi.Output[Optional[builtins.str]]:
1517
1901
  """
1518
1902
  The desired key type
1519
1903
  """
@@ -1521,7 +1905,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1521
1905
 
1522
1906
  @property
1523
1907
  @pulumi.getter
1524
- def locality(self) -> pulumi.Output[Optional[str]]:
1908
+ def locality(self) -> pulumi.Output[Optional[builtins.str]]:
1525
1909
  """
1526
1910
  The locality
1527
1911
  """
@@ -1529,7 +1913,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1529
1913
 
1530
1914
  @property
1531
1915
  @pulumi.getter(name="managedKeyId")
1532
- def managed_key_id(self) -> pulumi.Output[str]:
1916
+ def managed_key_id(self) -> pulumi.Output[builtins.str]:
1533
1917
  """
1534
1918
  The ID of the previously configured managed key. This field is
1535
1919
  required if `type` is `kms` and it conflicts with `managed_key_name`
@@ -1538,7 +1922,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1538
1922
 
1539
1923
  @property
1540
1924
  @pulumi.getter(name="managedKeyName")
1541
- def managed_key_name(self) -> pulumi.Output[str]:
1925
+ def managed_key_name(self) -> pulumi.Output[builtins.str]:
1542
1926
  """
1543
1927
  The name of the previously configured managed key. This field is
1544
1928
  required if `type` is `kms` and it conflicts with `managed_key_id`
@@ -1547,7 +1931,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1547
1931
 
1548
1932
  @property
1549
1933
  @pulumi.getter(name="maxPathLength")
1550
- def max_path_length(self) -> pulumi.Output[Optional[int]]:
1934
+ def max_path_length(self) -> pulumi.Output[Optional[builtins.int]]:
1551
1935
  """
1552
1936
  The maximum path length to encode in the generated certificate
1553
1937
  """
@@ -1555,7 +1939,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1555
1939
 
1556
1940
  @property
1557
1941
  @pulumi.getter
1558
- def namespace(self) -> pulumi.Output[Optional[str]]:
1942
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1559
1943
  """
1560
1944
  The namespace to provision the resource in.
1561
1945
  The value should not contain leading or trailing forward slashes.
@@ -1564,9 +1948,17 @@ class SecretBackendRootCert(pulumi.CustomResource):
1564
1948
  """
1565
1949
  return pulumi.get(self, "namespace")
1566
1950
 
1951
+ @property
1952
+ @pulumi.getter(name="notAfter")
1953
+ def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
1954
+ """
1955
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1956
+ """
1957
+ return pulumi.get(self, "not_after")
1958
+
1567
1959
  @property
1568
1960
  @pulumi.getter
1569
- def organization(self) -> pulumi.Output[Optional[str]]:
1961
+ def organization(self) -> pulumi.Output[Optional[builtins.str]]:
1570
1962
  """
1571
1963
  The organization
1572
1964
  """
@@ -1574,7 +1966,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1574
1966
 
1575
1967
  @property
1576
1968
  @pulumi.getter(name="otherSans")
1577
- def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1969
+ def other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1578
1970
  """
1579
1971
  List of other SANs
1580
1972
  """
@@ -1582,7 +1974,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1582
1974
 
1583
1975
  @property
1584
1976
  @pulumi.getter
1585
- def ou(self) -> pulumi.Output[Optional[str]]:
1977
+ def ou(self) -> pulumi.Output[Optional[builtins.str]]:
1586
1978
  """
1587
1979
  The organization unit
1588
1980
  """
@@ -1590,15 +1982,39 @@ class SecretBackendRootCert(pulumi.CustomResource):
1590
1982
 
1591
1983
  @property
1592
1984
  @pulumi.getter(name="permittedDnsDomains")
1593
- def permitted_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1985
+ def permitted_dns_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1594
1986
  """
1595
1987
  List of domains for which certificates are allowed to be issued
1596
1988
  """
1597
1989
  return pulumi.get(self, "permitted_dns_domains")
1598
1990
 
1991
+ @property
1992
+ @pulumi.getter(name="permittedEmailAddresses")
1993
+ def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1994
+ """
1995
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1996
+ """
1997
+ return pulumi.get(self, "permitted_email_addresses")
1998
+
1999
+ @property
2000
+ @pulumi.getter(name="permittedIpRanges")
2001
+ def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2002
+ """
2003
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
2004
+ """
2005
+ return pulumi.get(self, "permitted_ip_ranges")
2006
+
2007
+ @property
2008
+ @pulumi.getter(name="permittedUriDomains")
2009
+ def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
2010
+ """
2011
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
2012
+ """
2013
+ return pulumi.get(self, "permitted_uri_domains")
2014
+
1599
2015
  @property
1600
2016
  @pulumi.getter(name="postalCode")
1601
- def postal_code(self) -> pulumi.Output[Optional[str]]:
2017
+ def postal_code(self) -> pulumi.Output[Optional[builtins.str]]:
1602
2018
  """
1603
2019
  The postal code
1604
2020
  """
@@ -1606,7 +2022,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1606
2022
 
1607
2023
  @property
1608
2024
  @pulumi.getter(name="privateKeyFormat")
1609
- def private_key_format(self) -> pulumi.Output[Optional[str]]:
2025
+ def private_key_format(self) -> pulumi.Output[Optional[builtins.str]]:
1610
2026
  """
1611
2027
  The private key format
1612
2028
  """
@@ -1614,7 +2030,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1614
2030
 
1615
2031
  @property
1616
2032
  @pulumi.getter
1617
- def province(self) -> pulumi.Output[Optional[str]]:
2033
+ def province(self) -> pulumi.Output[Optional[builtins.str]]:
1618
2034
  """
1619
2035
  The province
1620
2036
  """
@@ -1622,15 +2038,23 @@ class SecretBackendRootCert(pulumi.CustomResource):
1622
2038
 
1623
2039
  @property
1624
2040
  @pulumi.getter(name="serialNumber")
1625
- def serial_number(self) -> pulumi.Output[str]:
2041
+ def serial_number(self) -> pulumi.Output[builtins.str]:
1626
2042
  """
1627
2043
  The certificate's serial number, hex formatted.
1628
2044
  """
1629
2045
  return pulumi.get(self, "serial_number")
1630
2046
 
2047
+ @property
2048
+ @pulumi.getter(name="signatureBits")
2049
+ def signature_bits(self) -> pulumi.Output[builtins.int]:
2050
+ """
2051
+ The number of bits to use in the signature algorithm
2052
+ """
2053
+ return pulumi.get(self, "signature_bits")
2054
+
1631
2055
  @property
1632
2056
  @pulumi.getter(name="streetAddress")
1633
- def street_address(self) -> pulumi.Output[Optional[str]]:
2057
+ def street_address(self) -> pulumi.Output[Optional[builtins.str]]:
1634
2058
  """
1635
2059
  The street address
1636
2060
  """
@@ -1638,7 +2062,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1638
2062
 
1639
2063
  @property
1640
2064
  @pulumi.getter
1641
- def ttl(self) -> pulumi.Output[Optional[str]]:
2065
+ def ttl(self) -> pulumi.Output[Optional[builtins.str]]:
1642
2066
  """
1643
2067
  Time to live
1644
2068
  """
@@ -1646,7 +2070,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1646
2070
 
1647
2071
  @property
1648
2072
  @pulumi.getter
1649
- def type(self) -> pulumi.Output[str]:
2073
+ def type(self) -> pulumi.Output[builtins.str]:
1650
2074
  """
1651
2075
  Type of intermediate to create. Must be either \\"exported\\", \\"internal\\"
1652
2076
  or \\"kms\\"
@@ -1655,7 +2079,7 @@ class SecretBackendRootCert(pulumi.CustomResource):
1655
2079
 
1656
2080
  @property
1657
2081
  @pulumi.getter(name="uriSans")
1658
- def uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
2082
+ def uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1659
2083
  """
1660
2084
  List of alternative URIs
1661
2085
  """