pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +9 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +425 -200
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +523 -306
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +288 -70
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +383 -130
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +432 -186
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +3857 -2200
- pulumi_vault/database/outputs.py +2483 -1330
- pulumi_vault/database/secret_backend_connection.py +333 -112
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +283 -140
- pulumi_vault/database/secrets_mount.py +275 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +426 -205
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +420 -179
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +754 -533
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +720 -499
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +3 -0
- pulumi_vault/pkisecret/_inputs.py +31 -36
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +174 -126
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -31
- pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +894 -644
- pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
- pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +2 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +96 -95
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +3 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +325 -0
- pulumi_vault/transit/get_verify.py +355 -0
- pulumi_vault/transit/secret_backend_key.py +394 -231
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,60 +20,86 @@ __all__ = ['SecretBackendRootSignIntermediateArgs', 'SecretBackendRootSignInterm
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class SecretBackendRootSignIntermediateArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
common_name: pulumi.Input[str],
|
24
|
-
csr: pulumi.Input[str],
|
25
|
-
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
-
country: Optional[pulumi.Input[str]] = None,
|
27
|
-
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
common_name: pulumi.Input[builtins.str],
|
25
|
+
csr: pulumi.Input[builtins.str],
|
26
|
+
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
27
|
+
country: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
30
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
31
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
32
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
33
|
+
format: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
35
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
locality: Optional[pulumi.Input[builtins.str]] = None,
|
37
|
+
max_path_length: Optional[pulumi.Input[builtins.int]] = None,
|
38
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
39
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
41
|
+
organization: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
43
|
+
ou: Optional[pulumi.Input[builtins.str]] = None,
|
44
|
+
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
45
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
46
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
47
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
48
|
+
postal_code: Optional[pulumi.Input[builtins.str]] = None,
|
49
|
+
province: Optional[pulumi.Input[builtins.str]] = None,
|
50
|
+
revoke: Optional[pulumi.Input[builtins.bool]] = None,
|
51
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
52
|
+
skid: Optional[pulumi.Input[builtins.str]] = None,
|
53
|
+
street_address: Optional[pulumi.Input[builtins.str]] = None,
|
54
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
55
|
+
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
56
|
+
use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
|
57
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None):
|
45
58
|
"""
|
46
59
|
The set of arguments for constructing a SecretBackendRootSignIntermediate resource.
|
47
|
-
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
48
|
-
:param pulumi.Input[str] common_name: CN of intermediate to create
|
49
|
-
:param pulumi.Input[str] csr: The CSR
|
50
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
51
|
-
:param pulumi.Input[str] country: The country
|
52
|
-
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
53
|
-
:param pulumi.Input[str]
|
54
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
55
|
-
:param pulumi.Input[str]
|
60
|
+
:param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
|
61
|
+
:param pulumi.Input[builtins.str] common_name: CN of intermediate to create
|
62
|
+
:param pulumi.Input[builtins.str] csr: The CSR
|
63
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
|
64
|
+
:param pulumi.Input[builtins.str] country: The country
|
65
|
+
:param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
66
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
68
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
69
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
70
|
+
:param pulumi.Input[builtins.str] format: The format of data
|
71
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
|
72
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
56
73
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
57
74
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
58
75
|
overriding the role's `issuer_ref` value.
|
59
|
-
:param pulumi.Input[str] locality: The locality
|
60
|
-
:param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
|
61
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
76
|
+
:param pulumi.Input[builtins.str] locality: The locality
|
77
|
+
:param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
|
78
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
62
79
|
The value should not contain leading or trailing forward slashes.
|
63
80
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
64
81
|
*Available only for Vault Enterprise*.
|
65
|
-
:param pulumi.Input[str]
|
66
|
-
|
67
|
-
|
68
|
-
:param pulumi.Input[
|
69
|
-
:param pulumi.Input[str]
|
70
|
-
:param pulumi.Input[str]
|
71
|
-
:param pulumi.Input[
|
72
|
-
:param pulumi.Input[str]
|
73
|
-
:param pulumi.Input[str]
|
74
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
75
|
-
:param pulumi.Input[
|
82
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
|
83
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
84
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
85
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
86
|
+
:param pulumi.Input[builtins.str] organization: The organization
|
87
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
|
88
|
+
:param pulumi.Input[builtins.str] ou: The organization unit
|
89
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
90
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
91
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
92
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
93
|
+
:param pulumi.Input[builtins.str] postal_code: The postal code
|
94
|
+
:param pulumi.Input[builtins.str] province: The province
|
95
|
+
:param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
96
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
97
|
+
:param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
98
|
+
:param pulumi.Input[builtins.str] street_address: The street address
|
99
|
+
:param pulumi.Input[builtins.str] ttl: Time to live
|
100
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
|
101
|
+
:param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
|
102
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
76
103
|
"""
|
77
104
|
pulumi.set(__self__, "backend", backend)
|
78
105
|
pulumi.set(__self__, "common_name", common_name)
|
@@ -83,6 +110,14 @@ class SecretBackendRootSignIntermediateArgs:
|
|
83
110
|
pulumi.set(__self__, "country", country)
|
84
111
|
if exclude_cn_from_sans is not None:
|
85
112
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
113
|
+
if excluded_dns_domains is not None:
|
114
|
+
pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
|
115
|
+
if excluded_email_addresses is not None:
|
116
|
+
pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
|
117
|
+
if excluded_ip_ranges is not None:
|
118
|
+
pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
|
119
|
+
if excluded_uri_domains is not None:
|
120
|
+
pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
|
86
121
|
if format is not None:
|
87
122
|
pulumi.set(__self__, "format", format)
|
88
123
|
if ip_sans is not None:
|
@@ -95,6 +130,10 @@ class SecretBackendRootSignIntermediateArgs:
|
|
95
130
|
pulumi.set(__self__, "max_path_length", max_path_length)
|
96
131
|
if namespace is not None:
|
97
132
|
pulumi.set(__self__, "namespace", namespace)
|
133
|
+
if not_after is not None:
|
134
|
+
pulumi.set(__self__, "not_after", not_after)
|
135
|
+
if not_before_duration is not None:
|
136
|
+
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
98
137
|
if organization is not None:
|
99
138
|
pulumi.set(__self__, "organization", organization)
|
100
139
|
if other_sans is not None:
|
@@ -103,12 +142,22 @@ class SecretBackendRootSignIntermediateArgs:
|
|
103
142
|
pulumi.set(__self__, "ou", ou)
|
104
143
|
if permitted_dns_domains is not None:
|
105
144
|
pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
|
145
|
+
if permitted_email_addresses is not None:
|
146
|
+
pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
|
147
|
+
if permitted_ip_ranges is not None:
|
148
|
+
pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
|
149
|
+
if permitted_uri_domains is not None:
|
150
|
+
pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
|
106
151
|
if postal_code is not None:
|
107
152
|
pulumi.set(__self__, "postal_code", postal_code)
|
108
153
|
if province is not None:
|
109
154
|
pulumi.set(__self__, "province", province)
|
110
155
|
if revoke is not None:
|
111
156
|
pulumi.set(__self__, "revoke", revoke)
|
157
|
+
if signature_bits is not None:
|
158
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
159
|
+
if skid is not None:
|
160
|
+
pulumi.set(__self__, "skid", skid)
|
112
161
|
if street_address is not None:
|
113
162
|
pulumi.set(__self__, "street_address", street_address)
|
114
163
|
if ttl is not None:
|
@@ -117,106 +166,156 @@ class SecretBackendRootSignIntermediateArgs:
|
|
117
166
|
pulumi.set(__self__, "uri_sans", uri_sans)
|
118
167
|
if use_csr_values is not None:
|
119
168
|
pulumi.set(__self__, "use_csr_values", use_csr_values)
|
169
|
+
if use_pss is not None:
|
170
|
+
pulumi.set(__self__, "use_pss", use_pss)
|
120
171
|
|
121
172
|
@property
|
122
173
|
@pulumi.getter
|
123
|
-
def backend(self) -> pulumi.Input[str]:
|
174
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
124
175
|
"""
|
125
176
|
The PKI secret backend the resource belongs to.
|
126
177
|
"""
|
127
178
|
return pulumi.get(self, "backend")
|
128
179
|
|
129
180
|
@backend.setter
|
130
|
-
def backend(self, value: pulumi.Input[str]):
|
181
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
131
182
|
pulumi.set(self, "backend", value)
|
132
183
|
|
133
184
|
@property
|
134
185
|
@pulumi.getter(name="commonName")
|
135
|
-
def common_name(self) -> pulumi.Input[str]:
|
186
|
+
def common_name(self) -> pulumi.Input[builtins.str]:
|
136
187
|
"""
|
137
188
|
CN of intermediate to create
|
138
189
|
"""
|
139
190
|
return pulumi.get(self, "common_name")
|
140
191
|
|
141
192
|
@common_name.setter
|
142
|
-
def common_name(self, value: pulumi.Input[str]):
|
193
|
+
def common_name(self, value: pulumi.Input[builtins.str]):
|
143
194
|
pulumi.set(self, "common_name", value)
|
144
195
|
|
145
196
|
@property
|
146
197
|
@pulumi.getter
|
147
|
-
def csr(self) -> pulumi.Input[str]:
|
198
|
+
def csr(self) -> pulumi.Input[builtins.str]:
|
148
199
|
"""
|
149
200
|
The CSR
|
150
201
|
"""
|
151
202
|
return pulumi.get(self, "csr")
|
152
203
|
|
153
204
|
@csr.setter
|
154
|
-
def csr(self, value: pulumi.Input[str]):
|
205
|
+
def csr(self, value: pulumi.Input[builtins.str]):
|
155
206
|
pulumi.set(self, "csr", value)
|
156
207
|
|
157
208
|
@property
|
158
209
|
@pulumi.getter(name="altNames")
|
159
|
-
def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
210
|
+
def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
160
211
|
"""
|
161
212
|
List of alternative names
|
162
213
|
"""
|
163
214
|
return pulumi.get(self, "alt_names")
|
164
215
|
|
165
216
|
@alt_names.setter
|
166
|
-
def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
217
|
+
def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
167
218
|
pulumi.set(self, "alt_names", value)
|
168
219
|
|
169
220
|
@property
|
170
221
|
@pulumi.getter
|
171
|
-
def country(self) -> Optional[pulumi.Input[str]]:
|
222
|
+
def country(self) -> Optional[pulumi.Input[builtins.str]]:
|
172
223
|
"""
|
173
224
|
The country
|
174
225
|
"""
|
175
226
|
return pulumi.get(self, "country")
|
176
227
|
|
177
228
|
@country.setter
|
178
|
-
def country(self, value: Optional[pulumi.Input[str]]):
|
229
|
+
def country(self, value: Optional[pulumi.Input[builtins.str]]):
|
179
230
|
pulumi.set(self, "country", value)
|
180
231
|
|
181
232
|
@property
|
182
233
|
@pulumi.getter(name="excludeCnFromSans")
|
183
|
-
def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
|
234
|
+
def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
184
235
|
"""
|
185
236
|
Flag to exclude CN from SANs
|
186
237
|
"""
|
187
238
|
return pulumi.get(self, "exclude_cn_from_sans")
|
188
239
|
|
189
240
|
@exclude_cn_from_sans.setter
|
190
|
-
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
|
241
|
+
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
191
242
|
pulumi.set(self, "exclude_cn_from_sans", value)
|
192
243
|
|
244
|
+
@property
|
245
|
+
@pulumi.getter(name="excludedDnsDomains")
|
246
|
+
def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
247
|
+
"""
|
248
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
249
|
+
"""
|
250
|
+
return pulumi.get(self, "excluded_dns_domains")
|
251
|
+
|
252
|
+
@excluded_dns_domains.setter
|
253
|
+
def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
254
|
+
pulumi.set(self, "excluded_dns_domains", value)
|
255
|
+
|
256
|
+
@property
|
257
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
258
|
+
def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
259
|
+
"""
|
260
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
261
|
+
"""
|
262
|
+
return pulumi.get(self, "excluded_email_addresses")
|
263
|
+
|
264
|
+
@excluded_email_addresses.setter
|
265
|
+
def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
266
|
+
pulumi.set(self, "excluded_email_addresses", value)
|
267
|
+
|
268
|
+
@property
|
269
|
+
@pulumi.getter(name="excludedIpRanges")
|
270
|
+
def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
271
|
+
"""
|
272
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
273
|
+
"""
|
274
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
275
|
+
|
276
|
+
@excluded_ip_ranges.setter
|
277
|
+
def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
278
|
+
pulumi.set(self, "excluded_ip_ranges", value)
|
279
|
+
|
280
|
+
@property
|
281
|
+
@pulumi.getter(name="excludedUriDomains")
|
282
|
+
def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
283
|
+
"""
|
284
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
285
|
+
"""
|
286
|
+
return pulumi.get(self, "excluded_uri_domains")
|
287
|
+
|
288
|
+
@excluded_uri_domains.setter
|
289
|
+
def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
290
|
+
pulumi.set(self, "excluded_uri_domains", value)
|
291
|
+
|
193
292
|
@property
|
194
293
|
@pulumi.getter
|
195
|
-
def format(self) -> Optional[pulumi.Input[str]]:
|
294
|
+
def format(self) -> Optional[pulumi.Input[builtins.str]]:
|
196
295
|
"""
|
197
296
|
The format of data
|
198
297
|
"""
|
199
298
|
return pulumi.get(self, "format")
|
200
299
|
|
201
300
|
@format.setter
|
202
|
-
def format(self, value: Optional[pulumi.Input[str]]):
|
301
|
+
def format(self, value: Optional[pulumi.Input[builtins.str]]):
|
203
302
|
pulumi.set(self, "format", value)
|
204
303
|
|
205
304
|
@property
|
206
305
|
@pulumi.getter(name="ipSans")
|
207
|
-
def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
306
|
+
def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
208
307
|
"""
|
209
308
|
List of alternative IPs
|
210
309
|
"""
|
211
310
|
return pulumi.get(self, "ip_sans")
|
212
311
|
|
213
312
|
@ip_sans.setter
|
214
|
-
def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
313
|
+
def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
215
314
|
pulumi.set(self, "ip_sans", value)
|
216
315
|
|
217
316
|
@property
|
218
317
|
@pulumi.getter(name="issuerRef")
|
219
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
318
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
220
319
|
"""
|
221
320
|
Specifies the default issuer of this request. May
|
222
321
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -226,36 +325,36 @@ class SecretBackendRootSignIntermediateArgs:
|
|
226
325
|
return pulumi.get(self, "issuer_ref")
|
227
326
|
|
228
327
|
@issuer_ref.setter
|
229
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
328
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
230
329
|
pulumi.set(self, "issuer_ref", value)
|
231
330
|
|
232
331
|
@property
|
233
332
|
@pulumi.getter
|
234
|
-
def locality(self) -> Optional[pulumi.Input[str]]:
|
333
|
+
def locality(self) -> Optional[pulumi.Input[builtins.str]]:
|
235
334
|
"""
|
236
335
|
The locality
|
237
336
|
"""
|
238
337
|
return pulumi.get(self, "locality")
|
239
338
|
|
240
339
|
@locality.setter
|
241
|
-
def locality(self, value: Optional[pulumi.Input[str]]):
|
340
|
+
def locality(self, value: Optional[pulumi.Input[builtins.str]]):
|
242
341
|
pulumi.set(self, "locality", value)
|
243
342
|
|
244
343
|
@property
|
245
344
|
@pulumi.getter(name="maxPathLength")
|
246
|
-
def max_path_length(self) -> Optional[pulumi.Input[int]]:
|
345
|
+
def max_path_length(self) -> Optional[pulumi.Input[builtins.int]]:
|
247
346
|
"""
|
248
347
|
The maximum path length to encode in the generated certificate
|
249
348
|
"""
|
250
349
|
return pulumi.get(self, "max_path_length")
|
251
350
|
|
252
351
|
@max_path_length.setter
|
253
|
-
def max_path_length(self, value: Optional[pulumi.Input[int]]):
|
352
|
+
def max_path_length(self, value: Optional[pulumi.Input[builtins.int]]):
|
254
353
|
pulumi.set(self, "max_path_length", value)
|
255
354
|
|
256
355
|
@property
|
257
356
|
@pulumi.getter
|
258
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
357
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
259
358
|
"""
|
260
359
|
The namespace to provision the resource in.
|
261
360
|
The value should not contain leading or trailing forward slashes.
|
@@ -265,210 +364,334 @@ class SecretBackendRootSignIntermediateArgs:
|
|
265
364
|
return pulumi.get(self, "namespace")
|
266
365
|
|
267
366
|
@namespace.setter
|
268
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
367
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
269
368
|
pulumi.set(self, "namespace", value)
|
270
369
|
|
370
|
+
@property
|
371
|
+
@pulumi.getter(name="notAfter")
|
372
|
+
def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
|
373
|
+
"""
|
374
|
+
Set the Not After field of the certificate with specified date value.
|
375
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
376
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
377
|
+
"""
|
378
|
+
return pulumi.get(self, "not_after")
|
379
|
+
|
380
|
+
@not_after.setter
|
381
|
+
def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
|
382
|
+
pulumi.set(self, "not_after", value)
|
383
|
+
|
384
|
+
@property
|
385
|
+
@pulumi.getter(name="notBeforeDuration")
|
386
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
387
|
+
"""
|
388
|
+
Specifies the duration by which to backdate the NotBefore property.
|
389
|
+
"""
|
390
|
+
return pulumi.get(self, "not_before_duration")
|
391
|
+
|
392
|
+
@not_before_duration.setter
|
393
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
394
|
+
pulumi.set(self, "not_before_duration", value)
|
395
|
+
|
271
396
|
@property
|
272
397
|
@pulumi.getter
|
273
|
-
def organization(self) -> Optional[pulumi.Input[str]]:
|
398
|
+
def organization(self) -> Optional[pulumi.Input[builtins.str]]:
|
274
399
|
"""
|
275
400
|
The organization
|
276
401
|
"""
|
277
402
|
return pulumi.get(self, "organization")
|
278
403
|
|
279
404
|
@organization.setter
|
280
|
-
def organization(self, value: Optional[pulumi.Input[str]]):
|
405
|
+
def organization(self, value: Optional[pulumi.Input[builtins.str]]):
|
281
406
|
pulumi.set(self, "organization", value)
|
282
407
|
|
283
408
|
@property
|
284
409
|
@pulumi.getter(name="otherSans")
|
285
|
-
def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
410
|
+
def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
286
411
|
"""
|
287
412
|
List of other SANs
|
288
413
|
"""
|
289
414
|
return pulumi.get(self, "other_sans")
|
290
415
|
|
291
416
|
@other_sans.setter
|
292
|
-
def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
417
|
+
def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
293
418
|
pulumi.set(self, "other_sans", value)
|
294
419
|
|
295
420
|
@property
|
296
421
|
@pulumi.getter
|
297
|
-
def ou(self) -> Optional[pulumi.Input[str]]:
|
422
|
+
def ou(self) -> Optional[pulumi.Input[builtins.str]]:
|
298
423
|
"""
|
299
424
|
The organization unit
|
300
425
|
"""
|
301
426
|
return pulumi.get(self, "ou")
|
302
427
|
|
303
428
|
@ou.setter
|
304
|
-
def ou(self, value: Optional[pulumi.Input[str]]):
|
429
|
+
def ou(self, value: Optional[pulumi.Input[builtins.str]]):
|
305
430
|
pulumi.set(self, "ou", value)
|
306
431
|
|
307
432
|
@property
|
308
433
|
@pulumi.getter(name="permittedDnsDomains")
|
309
|
-
def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
434
|
+
def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
310
435
|
"""
|
311
436
|
List of domains for which certificates are allowed to be issued
|
312
437
|
"""
|
313
438
|
return pulumi.get(self, "permitted_dns_domains")
|
314
439
|
|
315
440
|
@permitted_dns_domains.setter
|
316
|
-
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
441
|
+
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
317
442
|
pulumi.set(self, "permitted_dns_domains", value)
|
318
443
|
|
444
|
+
@property
|
445
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
446
|
+
def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
447
|
+
"""
|
448
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
449
|
+
"""
|
450
|
+
return pulumi.get(self, "permitted_email_addresses")
|
451
|
+
|
452
|
+
@permitted_email_addresses.setter
|
453
|
+
def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
454
|
+
pulumi.set(self, "permitted_email_addresses", value)
|
455
|
+
|
456
|
+
@property
|
457
|
+
@pulumi.getter(name="permittedIpRanges")
|
458
|
+
def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
459
|
+
"""
|
460
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
461
|
+
"""
|
462
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
463
|
+
|
464
|
+
@permitted_ip_ranges.setter
|
465
|
+
def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
466
|
+
pulumi.set(self, "permitted_ip_ranges", value)
|
467
|
+
|
468
|
+
@property
|
469
|
+
@pulumi.getter(name="permittedUriDomains")
|
470
|
+
def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
471
|
+
"""
|
472
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
473
|
+
"""
|
474
|
+
return pulumi.get(self, "permitted_uri_domains")
|
475
|
+
|
476
|
+
@permitted_uri_domains.setter
|
477
|
+
def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
478
|
+
pulumi.set(self, "permitted_uri_domains", value)
|
479
|
+
|
319
480
|
@property
|
320
481
|
@pulumi.getter(name="postalCode")
|
321
|
-
def postal_code(self) -> Optional[pulumi.Input[str]]:
|
482
|
+
def postal_code(self) -> Optional[pulumi.Input[builtins.str]]:
|
322
483
|
"""
|
323
484
|
The postal code
|
324
485
|
"""
|
325
486
|
return pulumi.get(self, "postal_code")
|
326
487
|
|
327
488
|
@postal_code.setter
|
328
|
-
def postal_code(self, value: Optional[pulumi.Input[str]]):
|
489
|
+
def postal_code(self, value: Optional[pulumi.Input[builtins.str]]):
|
329
490
|
pulumi.set(self, "postal_code", value)
|
330
491
|
|
331
492
|
@property
|
332
493
|
@pulumi.getter
|
333
|
-
def province(self) -> Optional[pulumi.Input[str]]:
|
494
|
+
def province(self) -> Optional[pulumi.Input[builtins.str]]:
|
334
495
|
"""
|
335
496
|
The province
|
336
497
|
"""
|
337
498
|
return pulumi.get(self, "province")
|
338
499
|
|
339
500
|
@province.setter
|
340
|
-
def province(self, value: Optional[pulumi.Input[str]]):
|
501
|
+
def province(self, value: Optional[pulumi.Input[builtins.str]]):
|
341
502
|
pulumi.set(self, "province", value)
|
342
503
|
|
343
504
|
@property
|
344
505
|
@pulumi.getter
|
345
|
-
def revoke(self) -> Optional[pulumi.Input[bool]]:
|
506
|
+
def revoke(self) -> Optional[pulumi.Input[builtins.bool]]:
|
346
507
|
"""
|
347
508
|
If set to `true`, the certificate will be revoked on resource destruction.
|
348
509
|
"""
|
349
510
|
return pulumi.get(self, "revoke")
|
350
511
|
|
351
512
|
@revoke.setter
|
352
|
-
def revoke(self, value: Optional[pulumi.Input[bool]]):
|
513
|
+
def revoke(self, value: Optional[pulumi.Input[builtins.bool]]):
|
353
514
|
pulumi.set(self, "revoke", value)
|
354
515
|
|
516
|
+
@property
|
517
|
+
@pulumi.getter(name="signatureBits")
|
518
|
+
def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
519
|
+
"""
|
520
|
+
The number of bits to use in the signature algorithm
|
521
|
+
"""
|
522
|
+
return pulumi.get(self, "signature_bits")
|
523
|
+
|
524
|
+
@signature_bits.setter
|
525
|
+
def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
526
|
+
pulumi.set(self, "signature_bits", value)
|
527
|
+
|
528
|
+
@property
|
529
|
+
@pulumi.getter
|
530
|
+
def skid(self) -> Optional[pulumi.Input[builtins.str]]:
|
531
|
+
"""
|
532
|
+
Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
533
|
+
"""
|
534
|
+
return pulumi.get(self, "skid")
|
535
|
+
|
536
|
+
@skid.setter
|
537
|
+
def skid(self, value: Optional[pulumi.Input[builtins.str]]):
|
538
|
+
pulumi.set(self, "skid", value)
|
539
|
+
|
355
540
|
@property
|
356
541
|
@pulumi.getter(name="streetAddress")
|
357
|
-
def street_address(self) -> Optional[pulumi.Input[str]]:
|
542
|
+
def street_address(self) -> Optional[pulumi.Input[builtins.str]]:
|
358
543
|
"""
|
359
544
|
The street address
|
360
545
|
"""
|
361
546
|
return pulumi.get(self, "street_address")
|
362
547
|
|
363
548
|
@street_address.setter
|
364
|
-
def street_address(self, value: Optional[pulumi.Input[str]]):
|
549
|
+
def street_address(self, value: Optional[pulumi.Input[builtins.str]]):
|
365
550
|
pulumi.set(self, "street_address", value)
|
366
551
|
|
367
552
|
@property
|
368
553
|
@pulumi.getter
|
369
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
554
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
370
555
|
"""
|
371
556
|
Time to live
|
372
557
|
"""
|
373
558
|
return pulumi.get(self, "ttl")
|
374
559
|
|
375
560
|
@ttl.setter
|
376
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
561
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
377
562
|
pulumi.set(self, "ttl", value)
|
378
563
|
|
379
564
|
@property
|
380
565
|
@pulumi.getter(name="uriSans")
|
381
|
-
def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
566
|
+
def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
382
567
|
"""
|
383
568
|
List of alternative URIs
|
384
569
|
"""
|
385
570
|
return pulumi.get(self, "uri_sans")
|
386
571
|
|
387
572
|
@uri_sans.setter
|
388
|
-
def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
573
|
+
def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
389
574
|
pulumi.set(self, "uri_sans", value)
|
390
575
|
|
391
576
|
@property
|
392
577
|
@pulumi.getter(name="useCsrValues")
|
393
|
-
def use_csr_values(self) -> Optional[pulumi.Input[bool]]:
|
578
|
+
def use_csr_values(self) -> Optional[pulumi.Input[builtins.bool]]:
|
394
579
|
"""
|
395
580
|
Preserve CSR values
|
396
581
|
"""
|
397
582
|
return pulumi.get(self, "use_csr_values")
|
398
583
|
|
399
584
|
@use_csr_values.setter
|
400
|
-
def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
|
585
|
+
def use_csr_values(self, value: Optional[pulumi.Input[builtins.bool]]):
|
401
586
|
pulumi.set(self, "use_csr_values", value)
|
402
587
|
|
588
|
+
@property
|
589
|
+
@pulumi.getter(name="usePss")
|
590
|
+
def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
|
591
|
+
"""
|
592
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
593
|
+
"""
|
594
|
+
return pulumi.get(self, "use_pss")
|
595
|
+
|
596
|
+
@use_pss.setter
|
597
|
+
def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
|
598
|
+
pulumi.set(self, "use_pss", value)
|
599
|
+
|
403
600
|
|
404
601
|
@pulumi.input_type
|
405
602
|
class _SecretBackendRootSignIntermediateState:
|
406
603
|
def __init__(__self__, *,
|
407
|
-
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
408
|
-
backend: Optional[pulumi.Input[str]] = None,
|
409
|
-
ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
410
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
411
|
-
certificate_bundle: Optional[pulumi.Input[str]] = None,
|
412
|
-
common_name: Optional[pulumi.Input[str]] = None,
|
413
|
-
country: Optional[pulumi.Input[str]] = None,
|
414
|
-
csr: Optional[pulumi.Input[str]] = None,
|
415
|
-
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
416
|
-
|
417
|
-
|
418
|
-
|
419
|
-
|
420
|
-
|
421
|
-
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
604
|
+
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
605
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
606
|
+
ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
607
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
608
|
+
certificate_bundle: Optional[pulumi.Input[builtins.str]] = None,
|
609
|
+
common_name: Optional[pulumi.Input[builtins.str]] = None,
|
610
|
+
country: Optional[pulumi.Input[builtins.str]] = None,
|
611
|
+
csr: Optional[pulumi.Input[builtins.str]] = None,
|
612
|
+
exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
613
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
614
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
615
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
616
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
617
|
+
format: Optional[pulumi.Input[builtins.str]] = None,
|
618
|
+
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
619
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
620
|
+
issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
|
621
|
+
locality: Optional[pulumi.Input[builtins.str]] = None,
|
622
|
+
max_path_length: Optional[pulumi.Input[builtins.int]] = None,
|
623
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
624
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
625
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
626
|
+
organization: Optional[pulumi.Input[builtins.str]] = None,
|
627
|
+
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
628
|
+
ou: Optional[pulumi.Input[builtins.str]] = None,
|
629
|
+
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
630
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
631
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
632
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
633
|
+
postal_code: Optional[pulumi.Input[builtins.str]] = None,
|
634
|
+
province: Optional[pulumi.Input[builtins.str]] = None,
|
635
|
+
revoke: Optional[pulumi.Input[builtins.bool]] = None,
|
636
|
+
serial_number: Optional[pulumi.Input[builtins.str]] = None,
|
637
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
638
|
+
skid: Optional[pulumi.Input[builtins.str]] = None,
|
639
|
+
street_address: Optional[pulumi.Input[builtins.str]] = None,
|
640
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
641
|
+
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
642
|
+
use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
|
643
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None):
|
435
644
|
"""
|
436
645
|
Input properties used for looking up and filtering SecretBackendRootSignIntermediate resources.
|
437
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
438
|
-
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
439
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
|
440
|
-
:param pulumi.Input[str] certificate: The intermediate CA certificate in the `format` specified.
|
441
|
-
:param pulumi.Input[str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
|
646
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
|
647
|
+
:param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
|
648
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
|
649
|
+
:param pulumi.Input[builtins.str] certificate: The intermediate CA certificate in the `format` specified.
|
650
|
+
:param pulumi.Input[builtins.str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
|
442
651
|
Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
|
443
|
-
:param pulumi.Input[str] common_name: CN of intermediate to create
|
444
|
-
:param pulumi.Input[str] country: The country
|
445
|
-
:param pulumi.Input[str] csr: The CSR
|
446
|
-
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
447
|
-
:param pulumi.Input[str]
|
448
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
449
|
-
:param pulumi.Input[str]
|
652
|
+
:param pulumi.Input[builtins.str] common_name: CN of intermediate to create
|
653
|
+
:param pulumi.Input[builtins.str] country: The country
|
654
|
+
:param pulumi.Input[builtins.str] csr: The CSR
|
655
|
+
:param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
656
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
657
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
658
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
659
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
660
|
+
:param pulumi.Input[builtins.str] format: The format of data
|
661
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
|
662
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
450
663
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
451
664
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
452
665
|
overriding the role's `issuer_ref` value.
|
453
|
-
:param pulumi.Input[str] issuing_ca: The issuing CA certificate in the `format` specified.
|
454
|
-
:param pulumi.Input[str] locality: The locality
|
455
|
-
:param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
|
456
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
666
|
+
:param pulumi.Input[builtins.str] issuing_ca: The issuing CA certificate in the `format` specified.
|
667
|
+
:param pulumi.Input[builtins.str] locality: The locality
|
668
|
+
:param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
|
669
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
457
670
|
The value should not contain leading or trailing forward slashes.
|
458
671
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
459
672
|
*Available only for Vault Enterprise*.
|
460
|
-
:param pulumi.Input[str]
|
461
|
-
|
462
|
-
|
463
|
-
:param pulumi.Input[
|
464
|
-
:param pulumi.Input[str]
|
465
|
-
:param pulumi.Input[str]
|
466
|
-
:param pulumi.Input[
|
467
|
-
:param pulumi.Input[str]
|
468
|
-
:param pulumi.Input[str]
|
469
|
-
:param pulumi.Input[str]
|
470
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
471
|
-
:param pulumi.Input[
|
673
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
|
674
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
675
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
676
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
677
|
+
:param pulumi.Input[builtins.str] organization: The organization
|
678
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
|
679
|
+
:param pulumi.Input[builtins.str] ou: The organization unit
|
680
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
681
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
682
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
683
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
684
|
+
:param pulumi.Input[builtins.str] postal_code: The postal code
|
685
|
+
:param pulumi.Input[builtins.str] province: The province
|
686
|
+
:param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
687
|
+
:param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
|
688
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
689
|
+
:param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
690
|
+
:param pulumi.Input[builtins.str] street_address: The street address
|
691
|
+
:param pulumi.Input[builtins.str] ttl: Time to live
|
692
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
|
693
|
+
:param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
|
694
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
472
695
|
"""
|
473
696
|
if alt_names is not None:
|
474
697
|
pulumi.set(__self__, "alt_names", alt_names)
|
@@ -488,6 +711,14 @@ class _SecretBackendRootSignIntermediateState:
|
|
488
711
|
pulumi.set(__self__, "csr", csr)
|
489
712
|
if exclude_cn_from_sans is not None:
|
490
713
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
714
|
+
if excluded_dns_domains is not None:
|
715
|
+
pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
|
716
|
+
if excluded_email_addresses is not None:
|
717
|
+
pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
|
718
|
+
if excluded_ip_ranges is not None:
|
719
|
+
pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
|
720
|
+
if excluded_uri_domains is not None:
|
721
|
+
pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
|
491
722
|
if format is not None:
|
492
723
|
pulumi.set(__self__, "format", format)
|
493
724
|
if ip_sans is not None:
|
@@ -502,6 +733,10 @@ class _SecretBackendRootSignIntermediateState:
|
|
502
733
|
pulumi.set(__self__, "max_path_length", max_path_length)
|
503
734
|
if namespace is not None:
|
504
735
|
pulumi.set(__self__, "namespace", namespace)
|
736
|
+
if not_after is not None:
|
737
|
+
pulumi.set(__self__, "not_after", not_after)
|
738
|
+
if not_before_duration is not None:
|
739
|
+
pulumi.set(__self__, "not_before_duration", not_before_duration)
|
505
740
|
if organization is not None:
|
506
741
|
pulumi.set(__self__, "organization", organization)
|
507
742
|
if other_sans is not None:
|
@@ -510,6 +745,12 @@ class _SecretBackendRootSignIntermediateState:
|
|
510
745
|
pulumi.set(__self__, "ou", ou)
|
511
746
|
if permitted_dns_domains is not None:
|
512
747
|
pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
|
748
|
+
if permitted_email_addresses is not None:
|
749
|
+
pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
|
750
|
+
if permitted_ip_ranges is not None:
|
751
|
+
pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
|
752
|
+
if permitted_uri_domains is not None:
|
753
|
+
pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
|
513
754
|
if postal_code is not None:
|
514
755
|
pulumi.set(__self__, "postal_code", postal_code)
|
515
756
|
if province is not None:
|
@@ -518,6 +759,10 @@ class _SecretBackendRootSignIntermediateState:
|
|
518
759
|
pulumi.set(__self__, "revoke", revoke)
|
519
760
|
if serial_number is not None:
|
520
761
|
pulumi.set(__self__, "serial_number", serial_number)
|
762
|
+
if signature_bits is not None:
|
763
|
+
pulumi.set(__self__, "signature_bits", signature_bits)
|
764
|
+
if skid is not None:
|
765
|
+
pulumi.set(__self__, "skid", skid)
|
521
766
|
if street_address is not None:
|
522
767
|
pulumi.set(__self__, "street_address", street_address)
|
523
768
|
if ttl is not None:
|
@@ -526,58 +771,60 @@ class _SecretBackendRootSignIntermediateState:
|
|
526
771
|
pulumi.set(__self__, "uri_sans", uri_sans)
|
527
772
|
if use_csr_values is not None:
|
528
773
|
pulumi.set(__self__, "use_csr_values", use_csr_values)
|
774
|
+
if use_pss is not None:
|
775
|
+
pulumi.set(__self__, "use_pss", use_pss)
|
529
776
|
|
530
777
|
@property
|
531
778
|
@pulumi.getter(name="altNames")
|
532
|
-
def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
779
|
+
def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
533
780
|
"""
|
534
781
|
List of alternative names
|
535
782
|
"""
|
536
783
|
return pulumi.get(self, "alt_names")
|
537
784
|
|
538
785
|
@alt_names.setter
|
539
|
-
def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
786
|
+
def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
540
787
|
pulumi.set(self, "alt_names", value)
|
541
788
|
|
542
789
|
@property
|
543
790
|
@pulumi.getter
|
544
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
791
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
545
792
|
"""
|
546
793
|
The PKI secret backend the resource belongs to.
|
547
794
|
"""
|
548
795
|
return pulumi.get(self, "backend")
|
549
796
|
|
550
797
|
@backend.setter
|
551
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
798
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
552
799
|
pulumi.set(self, "backend", value)
|
553
800
|
|
554
801
|
@property
|
555
802
|
@pulumi.getter(name="caChains")
|
556
|
-
def ca_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
803
|
+
def ca_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
557
804
|
"""
|
558
805
|
A list of the issuing and intermediate CA certificates in the `format` specified.
|
559
806
|
"""
|
560
807
|
return pulumi.get(self, "ca_chains")
|
561
808
|
|
562
809
|
@ca_chains.setter
|
563
|
-
def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
810
|
+
def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
564
811
|
pulumi.set(self, "ca_chains", value)
|
565
812
|
|
566
813
|
@property
|
567
814
|
@pulumi.getter
|
568
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
815
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
569
816
|
"""
|
570
817
|
The intermediate CA certificate in the `format` specified.
|
571
818
|
"""
|
572
819
|
return pulumi.get(self, "certificate")
|
573
820
|
|
574
821
|
@certificate.setter
|
575
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
822
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
576
823
|
pulumi.set(self, "certificate", value)
|
577
824
|
|
578
825
|
@property
|
579
826
|
@pulumi.getter(name="certificateBundle")
|
580
|
-
def certificate_bundle(self) -> Optional[pulumi.Input[str]]:
|
827
|
+
def certificate_bundle(self) -> Optional[pulumi.Input[builtins.str]]:
|
581
828
|
"""
|
582
829
|
The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
|
583
830
|
Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
|
@@ -585,84 +832,132 @@ class _SecretBackendRootSignIntermediateState:
|
|
585
832
|
return pulumi.get(self, "certificate_bundle")
|
586
833
|
|
587
834
|
@certificate_bundle.setter
|
588
|
-
def certificate_bundle(self, value: Optional[pulumi.Input[str]]):
|
835
|
+
def certificate_bundle(self, value: Optional[pulumi.Input[builtins.str]]):
|
589
836
|
pulumi.set(self, "certificate_bundle", value)
|
590
837
|
|
591
838
|
@property
|
592
839
|
@pulumi.getter(name="commonName")
|
593
|
-
def common_name(self) -> Optional[pulumi.Input[str]]:
|
840
|
+
def common_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
594
841
|
"""
|
595
842
|
CN of intermediate to create
|
596
843
|
"""
|
597
844
|
return pulumi.get(self, "common_name")
|
598
845
|
|
599
846
|
@common_name.setter
|
600
|
-
def common_name(self, value: Optional[pulumi.Input[str]]):
|
847
|
+
def common_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
601
848
|
pulumi.set(self, "common_name", value)
|
602
849
|
|
603
850
|
@property
|
604
851
|
@pulumi.getter
|
605
|
-
def country(self) -> Optional[pulumi.Input[str]]:
|
852
|
+
def country(self) -> Optional[pulumi.Input[builtins.str]]:
|
606
853
|
"""
|
607
854
|
The country
|
608
855
|
"""
|
609
856
|
return pulumi.get(self, "country")
|
610
857
|
|
611
858
|
@country.setter
|
612
|
-
def country(self, value: Optional[pulumi.Input[str]]):
|
859
|
+
def country(self, value: Optional[pulumi.Input[builtins.str]]):
|
613
860
|
pulumi.set(self, "country", value)
|
614
861
|
|
615
862
|
@property
|
616
863
|
@pulumi.getter
|
617
|
-
def csr(self) -> Optional[pulumi.Input[str]]:
|
864
|
+
def csr(self) -> Optional[pulumi.Input[builtins.str]]:
|
618
865
|
"""
|
619
866
|
The CSR
|
620
867
|
"""
|
621
868
|
return pulumi.get(self, "csr")
|
622
869
|
|
623
870
|
@csr.setter
|
624
|
-
def csr(self, value: Optional[pulumi.Input[str]]):
|
871
|
+
def csr(self, value: Optional[pulumi.Input[builtins.str]]):
|
625
872
|
pulumi.set(self, "csr", value)
|
626
873
|
|
627
874
|
@property
|
628
875
|
@pulumi.getter(name="excludeCnFromSans")
|
629
|
-
def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
|
876
|
+
def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
630
877
|
"""
|
631
878
|
Flag to exclude CN from SANs
|
632
879
|
"""
|
633
880
|
return pulumi.get(self, "exclude_cn_from_sans")
|
634
881
|
|
635
882
|
@exclude_cn_from_sans.setter
|
636
|
-
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
|
883
|
+
def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
637
884
|
pulumi.set(self, "exclude_cn_from_sans", value)
|
638
885
|
|
886
|
+
@property
|
887
|
+
@pulumi.getter(name="excludedDnsDomains")
|
888
|
+
def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
889
|
+
"""
|
890
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
891
|
+
"""
|
892
|
+
return pulumi.get(self, "excluded_dns_domains")
|
893
|
+
|
894
|
+
@excluded_dns_domains.setter
|
895
|
+
def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
896
|
+
pulumi.set(self, "excluded_dns_domains", value)
|
897
|
+
|
898
|
+
@property
|
899
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
900
|
+
def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
901
|
+
"""
|
902
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
903
|
+
"""
|
904
|
+
return pulumi.get(self, "excluded_email_addresses")
|
905
|
+
|
906
|
+
@excluded_email_addresses.setter
|
907
|
+
def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
908
|
+
pulumi.set(self, "excluded_email_addresses", value)
|
909
|
+
|
910
|
+
@property
|
911
|
+
@pulumi.getter(name="excludedIpRanges")
|
912
|
+
def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
913
|
+
"""
|
914
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
915
|
+
"""
|
916
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
917
|
+
|
918
|
+
@excluded_ip_ranges.setter
|
919
|
+
def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
920
|
+
pulumi.set(self, "excluded_ip_ranges", value)
|
921
|
+
|
922
|
+
@property
|
923
|
+
@pulumi.getter(name="excludedUriDomains")
|
924
|
+
def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
925
|
+
"""
|
926
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
927
|
+
"""
|
928
|
+
return pulumi.get(self, "excluded_uri_domains")
|
929
|
+
|
930
|
+
@excluded_uri_domains.setter
|
931
|
+
def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
932
|
+
pulumi.set(self, "excluded_uri_domains", value)
|
933
|
+
|
639
934
|
@property
|
640
935
|
@pulumi.getter
|
641
|
-
def format(self) -> Optional[pulumi.Input[str]]:
|
936
|
+
def format(self) -> Optional[pulumi.Input[builtins.str]]:
|
642
937
|
"""
|
643
938
|
The format of data
|
644
939
|
"""
|
645
940
|
return pulumi.get(self, "format")
|
646
941
|
|
647
942
|
@format.setter
|
648
|
-
def format(self, value: Optional[pulumi.Input[str]]):
|
943
|
+
def format(self, value: Optional[pulumi.Input[builtins.str]]):
|
649
944
|
pulumi.set(self, "format", value)
|
650
945
|
|
651
946
|
@property
|
652
947
|
@pulumi.getter(name="ipSans")
|
653
|
-
def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
948
|
+
def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
654
949
|
"""
|
655
950
|
List of alternative IPs
|
656
951
|
"""
|
657
952
|
return pulumi.get(self, "ip_sans")
|
658
953
|
|
659
954
|
@ip_sans.setter
|
660
|
-
def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
955
|
+
def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
661
956
|
pulumi.set(self, "ip_sans", value)
|
662
957
|
|
663
958
|
@property
|
664
959
|
@pulumi.getter(name="issuerRef")
|
665
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
960
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
666
961
|
"""
|
667
962
|
Specifies the default issuer of this request. May
|
668
963
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -672,48 +967,48 @@ class _SecretBackendRootSignIntermediateState:
|
|
672
967
|
return pulumi.get(self, "issuer_ref")
|
673
968
|
|
674
969
|
@issuer_ref.setter
|
675
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
970
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
676
971
|
pulumi.set(self, "issuer_ref", value)
|
677
972
|
|
678
973
|
@property
|
679
974
|
@pulumi.getter(name="issuingCa")
|
680
|
-
def issuing_ca(self) -> Optional[pulumi.Input[str]]:
|
975
|
+
def issuing_ca(self) -> Optional[pulumi.Input[builtins.str]]:
|
681
976
|
"""
|
682
977
|
The issuing CA certificate in the `format` specified.
|
683
978
|
"""
|
684
979
|
return pulumi.get(self, "issuing_ca")
|
685
980
|
|
686
981
|
@issuing_ca.setter
|
687
|
-
def issuing_ca(self, value: Optional[pulumi.Input[str]]):
|
982
|
+
def issuing_ca(self, value: Optional[pulumi.Input[builtins.str]]):
|
688
983
|
pulumi.set(self, "issuing_ca", value)
|
689
984
|
|
690
985
|
@property
|
691
986
|
@pulumi.getter
|
692
|
-
def locality(self) -> Optional[pulumi.Input[str]]:
|
987
|
+
def locality(self) -> Optional[pulumi.Input[builtins.str]]:
|
693
988
|
"""
|
694
989
|
The locality
|
695
990
|
"""
|
696
991
|
return pulumi.get(self, "locality")
|
697
992
|
|
698
993
|
@locality.setter
|
699
|
-
def locality(self, value: Optional[pulumi.Input[str]]):
|
994
|
+
def locality(self, value: Optional[pulumi.Input[builtins.str]]):
|
700
995
|
pulumi.set(self, "locality", value)
|
701
996
|
|
702
997
|
@property
|
703
998
|
@pulumi.getter(name="maxPathLength")
|
704
|
-
def max_path_length(self) -> Optional[pulumi.Input[int]]:
|
999
|
+
def max_path_length(self) -> Optional[pulumi.Input[builtins.int]]:
|
705
1000
|
"""
|
706
1001
|
The maximum path length to encode in the generated certificate
|
707
1002
|
"""
|
708
1003
|
return pulumi.get(self, "max_path_length")
|
709
1004
|
|
710
1005
|
@max_path_length.setter
|
711
|
-
def max_path_length(self, value: Optional[pulumi.Input[int]]):
|
1006
|
+
def max_path_length(self, value: Optional[pulumi.Input[builtins.int]]):
|
712
1007
|
pulumi.set(self, "max_path_length", value)
|
713
1008
|
|
714
1009
|
@property
|
715
1010
|
@pulumi.getter
|
716
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1011
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
717
1012
|
"""
|
718
1013
|
The namespace to provision the resource in.
|
719
1014
|
The value should not contain leading or trailing forward slashes.
|
@@ -723,182 +1018,292 @@ class _SecretBackendRootSignIntermediateState:
|
|
723
1018
|
return pulumi.get(self, "namespace")
|
724
1019
|
|
725
1020
|
@namespace.setter
|
726
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1021
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
727
1022
|
pulumi.set(self, "namespace", value)
|
728
1023
|
|
1024
|
+
@property
|
1025
|
+
@pulumi.getter(name="notAfter")
|
1026
|
+
def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
|
1027
|
+
"""
|
1028
|
+
Set the Not After field of the certificate with specified date value.
|
1029
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1030
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1031
|
+
"""
|
1032
|
+
return pulumi.get(self, "not_after")
|
1033
|
+
|
1034
|
+
@not_after.setter
|
1035
|
+
def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
|
1036
|
+
pulumi.set(self, "not_after", value)
|
1037
|
+
|
1038
|
+
@property
|
1039
|
+
@pulumi.getter(name="notBeforeDuration")
|
1040
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
1041
|
+
"""
|
1042
|
+
Specifies the duration by which to backdate the NotBefore property.
|
1043
|
+
"""
|
1044
|
+
return pulumi.get(self, "not_before_duration")
|
1045
|
+
|
1046
|
+
@not_before_duration.setter
|
1047
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
1048
|
+
pulumi.set(self, "not_before_duration", value)
|
1049
|
+
|
729
1050
|
@property
|
730
1051
|
@pulumi.getter
|
731
|
-
def organization(self) -> Optional[pulumi.Input[str]]:
|
1052
|
+
def organization(self) -> Optional[pulumi.Input[builtins.str]]:
|
732
1053
|
"""
|
733
1054
|
The organization
|
734
1055
|
"""
|
735
1056
|
return pulumi.get(self, "organization")
|
736
1057
|
|
737
1058
|
@organization.setter
|
738
|
-
def organization(self, value: Optional[pulumi.Input[str]]):
|
1059
|
+
def organization(self, value: Optional[pulumi.Input[builtins.str]]):
|
739
1060
|
pulumi.set(self, "organization", value)
|
740
1061
|
|
741
1062
|
@property
|
742
1063
|
@pulumi.getter(name="otherSans")
|
743
|
-
def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1064
|
+
def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
744
1065
|
"""
|
745
1066
|
List of other SANs
|
746
1067
|
"""
|
747
1068
|
return pulumi.get(self, "other_sans")
|
748
1069
|
|
749
1070
|
@other_sans.setter
|
750
|
-
def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1071
|
+
def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
751
1072
|
pulumi.set(self, "other_sans", value)
|
752
1073
|
|
753
1074
|
@property
|
754
1075
|
@pulumi.getter
|
755
|
-
def ou(self) -> Optional[pulumi.Input[str]]:
|
1076
|
+
def ou(self) -> Optional[pulumi.Input[builtins.str]]:
|
756
1077
|
"""
|
757
1078
|
The organization unit
|
758
1079
|
"""
|
759
1080
|
return pulumi.get(self, "ou")
|
760
1081
|
|
761
1082
|
@ou.setter
|
762
|
-
def ou(self, value: Optional[pulumi.Input[str]]):
|
1083
|
+
def ou(self, value: Optional[pulumi.Input[builtins.str]]):
|
763
1084
|
pulumi.set(self, "ou", value)
|
764
1085
|
|
765
1086
|
@property
|
766
1087
|
@pulumi.getter(name="permittedDnsDomains")
|
767
|
-
def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1088
|
+
def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
768
1089
|
"""
|
769
1090
|
List of domains for which certificates are allowed to be issued
|
770
1091
|
"""
|
771
1092
|
return pulumi.get(self, "permitted_dns_domains")
|
772
1093
|
|
773
1094
|
@permitted_dns_domains.setter
|
774
|
-
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1095
|
+
def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
775
1096
|
pulumi.set(self, "permitted_dns_domains", value)
|
776
1097
|
|
1098
|
+
@property
|
1099
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
1100
|
+
def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1101
|
+
"""
|
1102
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1103
|
+
"""
|
1104
|
+
return pulumi.get(self, "permitted_email_addresses")
|
1105
|
+
|
1106
|
+
@permitted_email_addresses.setter
|
1107
|
+
def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1108
|
+
pulumi.set(self, "permitted_email_addresses", value)
|
1109
|
+
|
1110
|
+
@property
|
1111
|
+
@pulumi.getter(name="permittedIpRanges")
|
1112
|
+
def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1113
|
+
"""
|
1114
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1115
|
+
"""
|
1116
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
1117
|
+
|
1118
|
+
@permitted_ip_ranges.setter
|
1119
|
+
def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1120
|
+
pulumi.set(self, "permitted_ip_ranges", value)
|
1121
|
+
|
1122
|
+
@property
|
1123
|
+
@pulumi.getter(name="permittedUriDomains")
|
1124
|
+
def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1125
|
+
"""
|
1126
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1127
|
+
"""
|
1128
|
+
return pulumi.get(self, "permitted_uri_domains")
|
1129
|
+
|
1130
|
+
@permitted_uri_domains.setter
|
1131
|
+
def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1132
|
+
pulumi.set(self, "permitted_uri_domains", value)
|
1133
|
+
|
777
1134
|
@property
|
778
1135
|
@pulumi.getter(name="postalCode")
|
779
|
-
def postal_code(self) -> Optional[pulumi.Input[str]]:
|
1136
|
+
def postal_code(self) -> Optional[pulumi.Input[builtins.str]]:
|
780
1137
|
"""
|
781
1138
|
The postal code
|
782
1139
|
"""
|
783
1140
|
return pulumi.get(self, "postal_code")
|
784
1141
|
|
785
1142
|
@postal_code.setter
|
786
|
-
def postal_code(self, value: Optional[pulumi.Input[str]]):
|
1143
|
+
def postal_code(self, value: Optional[pulumi.Input[builtins.str]]):
|
787
1144
|
pulumi.set(self, "postal_code", value)
|
788
1145
|
|
789
1146
|
@property
|
790
1147
|
@pulumi.getter
|
791
|
-
def province(self) -> Optional[pulumi.Input[str]]:
|
1148
|
+
def province(self) -> Optional[pulumi.Input[builtins.str]]:
|
792
1149
|
"""
|
793
1150
|
The province
|
794
1151
|
"""
|
795
1152
|
return pulumi.get(self, "province")
|
796
1153
|
|
797
1154
|
@province.setter
|
798
|
-
def province(self, value: Optional[pulumi.Input[str]]):
|
1155
|
+
def province(self, value: Optional[pulumi.Input[builtins.str]]):
|
799
1156
|
pulumi.set(self, "province", value)
|
800
1157
|
|
801
1158
|
@property
|
802
1159
|
@pulumi.getter
|
803
|
-
def revoke(self) -> Optional[pulumi.Input[bool]]:
|
1160
|
+
def revoke(self) -> Optional[pulumi.Input[builtins.bool]]:
|
804
1161
|
"""
|
805
1162
|
If set to `true`, the certificate will be revoked on resource destruction.
|
806
1163
|
"""
|
807
1164
|
return pulumi.get(self, "revoke")
|
808
1165
|
|
809
1166
|
@revoke.setter
|
810
|
-
def revoke(self, value: Optional[pulumi.Input[bool]]):
|
1167
|
+
def revoke(self, value: Optional[pulumi.Input[builtins.bool]]):
|
811
1168
|
pulumi.set(self, "revoke", value)
|
812
1169
|
|
813
1170
|
@property
|
814
1171
|
@pulumi.getter(name="serialNumber")
|
815
|
-
def serial_number(self) -> Optional[pulumi.Input[str]]:
|
1172
|
+
def serial_number(self) -> Optional[pulumi.Input[builtins.str]]:
|
816
1173
|
"""
|
817
1174
|
The certificate's serial number, hex formatted.
|
818
1175
|
"""
|
819
1176
|
return pulumi.get(self, "serial_number")
|
820
1177
|
|
821
1178
|
@serial_number.setter
|
822
|
-
def serial_number(self, value: Optional[pulumi.Input[str]]):
|
1179
|
+
def serial_number(self, value: Optional[pulumi.Input[builtins.str]]):
|
823
1180
|
pulumi.set(self, "serial_number", value)
|
824
1181
|
|
1182
|
+
@property
|
1183
|
+
@pulumi.getter(name="signatureBits")
|
1184
|
+
def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
1185
|
+
"""
|
1186
|
+
The number of bits to use in the signature algorithm
|
1187
|
+
"""
|
1188
|
+
return pulumi.get(self, "signature_bits")
|
1189
|
+
|
1190
|
+
@signature_bits.setter
|
1191
|
+
def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
1192
|
+
pulumi.set(self, "signature_bits", value)
|
1193
|
+
|
1194
|
+
@property
|
1195
|
+
@pulumi.getter
|
1196
|
+
def skid(self) -> Optional[pulumi.Input[builtins.str]]:
|
1197
|
+
"""
|
1198
|
+
Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1199
|
+
"""
|
1200
|
+
return pulumi.get(self, "skid")
|
1201
|
+
|
1202
|
+
@skid.setter
|
1203
|
+
def skid(self, value: Optional[pulumi.Input[builtins.str]]):
|
1204
|
+
pulumi.set(self, "skid", value)
|
1205
|
+
|
825
1206
|
@property
|
826
1207
|
@pulumi.getter(name="streetAddress")
|
827
|
-
def street_address(self) -> Optional[pulumi.Input[str]]:
|
1208
|
+
def street_address(self) -> Optional[pulumi.Input[builtins.str]]:
|
828
1209
|
"""
|
829
1210
|
The street address
|
830
1211
|
"""
|
831
1212
|
return pulumi.get(self, "street_address")
|
832
1213
|
|
833
1214
|
@street_address.setter
|
834
|
-
def street_address(self, value: Optional[pulumi.Input[str]]):
|
1215
|
+
def street_address(self, value: Optional[pulumi.Input[builtins.str]]):
|
835
1216
|
pulumi.set(self, "street_address", value)
|
836
1217
|
|
837
1218
|
@property
|
838
1219
|
@pulumi.getter
|
839
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
1220
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
840
1221
|
"""
|
841
1222
|
Time to live
|
842
1223
|
"""
|
843
1224
|
return pulumi.get(self, "ttl")
|
844
1225
|
|
845
1226
|
@ttl.setter
|
846
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
1227
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
847
1228
|
pulumi.set(self, "ttl", value)
|
848
1229
|
|
849
1230
|
@property
|
850
1231
|
@pulumi.getter(name="uriSans")
|
851
|
-
def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1232
|
+
def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
852
1233
|
"""
|
853
1234
|
List of alternative URIs
|
854
1235
|
"""
|
855
1236
|
return pulumi.get(self, "uri_sans")
|
856
1237
|
|
857
1238
|
@uri_sans.setter
|
858
|
-
def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1239
|
+
def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
859
1240
|
pulumi.set(self, "uri_sans", value)
|
860
1241
|
|
861
1242
|
@property
|
862
1243
|
@pulumi.getter(name="useCsrValues")
|
863
|
-
def use_csr_values(self) -> Optional[pulumi.Input[bool]]:
|
1244
|
+
def use_csr_values(self) -> Optional[pulumi.Input[builtins.bool]]:
|
864
1245
|
"""
|
865
1246
|
Preserve CSR values
|
866
1247
|
"""
|
867
1248
|
return pulumi.get(self, "use_csr_values")
|
868
1249
|
|
869
1250
|
@use_csr_values.setter
|
870
|
-
def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
|
1251
|
+
def use_csr_values(self, value: Optional[pulumi.Input[builtins.bool]]):
|
871
1252
|
pulumi.set(self, "use_csr_values", value)
|
872
1253
|
|
1254
|
+
@property
|
1255
|
+
@pulumi.getter(name="usePss")
|
1256
|
+
def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1257
|
+
"""
|
1258
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
1259
|
+
"""
|
1260
|
+
return pulumi.get(self, "use_pss")
|
1261
|
+
|
1262
|
+
@use_pss.setter
|
1263
|
+
def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1264
|
+
pulumi.set(self, "use_pss", value)
|
1265
|
+
|
873
1266
|
|
874
1267
|
class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
875
1268
|
@overload
|
876
1269
|
def __init__(__self__,
|
877
1270
|
resource_name: str,
|
878
1271
|
opts: Optional[pulumi.ResourceOptions] = None,
|
879
|
-
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
880
|
-
backend: Optional[pulumi.Input[str]] = None,
|
881
|
-
common_name: Optional[pulumi.Input[str]] = None,
|
882
|
-
country: Optional[pulumi.Input[str]] = None,
|
883
|
-
csr: Optional[pulumi.Input[str]] = None,
|
884
|
-
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
885
|
-
|
886
|
-
|
887
|
-
|
888
|
-
|
889
|
-
|
890
|
-
|
891
|
-
|
892
|
-
|
893
|
-
|
894
|
-
|
895
|
-
|
896
|
-
|
897
|
-
|
898
|
-
|
899
|
-
|
900
|
-
|
901
|
-
|
1272
|
+
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1273
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1274
|
+
common_name: Optional[pulumi.Input[builtins.str]] = None,
|
1275
|
+
country: Optional[pulumi.Input[builtins.str]] = None,
|
1276
|
+
csr: Optional[pulumi.Input[builtins.str]] = None,
|
1277
|
+
exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1278
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1279
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1280
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1281
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1282
|
+
format: Optional[pulumi.Input[builtins.str]] = None,
|
1283
|
+
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1284
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1285
|
+
locality: Optional[pulumi.Input[builtins.str]] = None,
|
1286
|
+
max_path_length: Optional[pulumi.Input[builtins.int]] = None,
|
1287
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1288
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1289
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1290
|
+
organization: Optional[pulumi.Input[builtins.str]] = None,
|
1291
|
+
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1292
|
+
ou: Optional[pulumi.Input[builtins.str]] = None,
|
1293
|
+
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1294
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1295
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1296
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1297
|
+
postal_code: Optional[pulumi.Input[builtins.str]] = None,
|
1298
|
+
province: Optional[pulumi.Input[builtins.str]] = None,
|
1299
|
+
revoke: Optional[pulumi.Input[builtins.bool]] = None,
|
1300
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1301
|
+
skid: Optional[pulumi.Input[builtins.str]] = None,
|
1302
|
+
street_address: Optional[pulumi.Input[builtins.str]] = None,
|
1303
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1304
|
+
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1305
|
+
use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
|
1306
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None,
|
902
1307
|
__props__=None):
|
903
1308
|
"""
|
904
1309
|
Creates PKI certificate.
|
@@ -921,35 +1326,49 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
921
1326
|
|
922
1327
|
:param str resource_name: The name of the resource.
|
923
1328
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
924
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
925
|
-
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
926
|
-
:param pulumi.Input[str] common_name: CN of intermediate to create
|
927
|
-
:param pulumi.Input[str] country: The country
|
928
|
-
:param pulumi.Input[str] csr: The CSR
|
929
|
-
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
930
|
-
:param pulumi.Input[str]
|
931
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
932
|
-
:param pulumi.Input[str]
|
1329
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
|
1330
|
+
:param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
|
1331
|
+
:param pulumi.Input[builtins.str] common_name: CN of intermediate to create
|
1332
|
+
:param pulumi.Input[builtins.str] country: The country
|
1333
|
+
:param pulumi.Input[builtins.str] csr: The CSR
|
1334
|
+
:param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1335
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1336
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1337
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1338
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1339
|
+
:param pulumi.Input[builtins.str] format: The format of data
|
1340
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
|
1341
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
933
1342
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
934
1343
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
935
1344
|
overriding the role's `issuer_ref` value.
|
936
|
-
:param pulumi.Input[str] locality: The locality
|
937
|
-
:param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
|
938
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1345
|
+
:param pulumi.Input[builtins.str] locality: The locality
|
1346
|
+
:param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
|
1347
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
939
1348
|
The value should not contain leading or trailing forward slashes.
|
940
1349
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
941
1350
|
*Available only for Vault Enterprise*.
|
942
|
-
:param pulumi.Input[str]
|
943
|
-
|
944
|
-
|
945
|
-
:param pulumi.Input[
|
946
|
-
:param pulumi.Input[str]
|
947
|
-
:param pulumi.Input[str]
|
948
|
-
:param pulumi.Input[
|
949
|
-
:param pulumi.Input[str]
|
950
|
-
:param pulumi.Input[str]
|
951
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
952
|
-
:param pulumi.Input[
|
1351
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
|
1352
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1353
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1354
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
1355
|
+
:param pulumi.Input[builtins.str] organization: The organization
|
1356
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
|
1357
|
+
:param pulumi.Input[builtins.str] ou: The organization unit
|
1358
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
1359
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1360
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1361
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1362
|
+
:param pulumi.Input[builtins.str] postal_code: The postal code
|
1363
|
+
:param pulumi.Input[builtins.str] province: The province
|
1364
|
+
:param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
1365
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
1366
|
+
:param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1367
|
+
:param pulumi.Input[builtins.str] street_address: The street address
|
1368
|
+
:param pulumi.Input[builtins.str] ttl: Time to live
|
1369
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
|
1370
|
+
:param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
|
1371
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
953
1372
|
"""
|
954
1373
|
...
|
955
1374
|
@overload
|
@@ -991,29 +1410,41 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
991
1410
|
def _internal_init(__self__,
|
992
1411
|
resource_name: str,
|
993
1412
|
opts: Optional[pulumi.ResourceOptions] = None,
|
994
|
-
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
995
|
-
backend: Optional[pulumi.Input[str]] = None,
|
996
|
-
common_name: Optional[pulumi.Input[str]] = None,
|
997
|
-
country: Optional[pulumi.Input[str]] = None,
|
998
|
-
csr: Optional[pulumi.Input[str]] = None,
|
999
|
-
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1000
|
-
|
1001
|
-
|
1002
|
-
|
1003
|
-
|
1004
|
-
|
1005
|
-
|
1006
|
-
|
1007
|
-
|
1008
|
-
|
1009
|
-
|
1010
|
-
|
1011
|
-
|
1012
|
-
|
1013
|
-
|
1014
|
-
|
1015
|
-
|
1016
|
-
|
1413
|
+
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1414
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1415
|
+
common_name: Optional[pulumi.Input[builtins.str]] = None,
|
1416
|
+
country: Optional[pulumi.Input[builtins.str]] = None,
|
1417
|
+
csr: Optional[pulumi.Input[builtins.str]] = None,
|
1418
|
+
exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1419
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1420
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1421
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1422
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1423
|
+
format: Optional[pulumi.Input[builtins.str]] = None,
|
1424
|
+
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1425
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1426
|
+
locality: Optional[pulumi.Input[builtins.str]] = None,
|
1427
|
+
max_path_length: Optional[pulumi.Input[builtins.int]] = None,
|
1428
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1429
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1430
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1431
|
+
organization: Optional[pulumi.Input[builtins.str]] = None,
|
1432
|
+
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1433
|
+
ou: Optional[pulumi.Input[builtins.str]] = None,
|
1434
|
+
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1435
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1436
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1437
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1438
|
+
postal_code: Optional[pulumi.Input[builtins.str]] = None,
|
1439
|
+
province: Optional[pulumi.Input[builtins.str]] = None,
|
1440
|
+
revoke: Optional[pulumi.Input[builtins.bool]] = None,
|
1441
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1442
|
+
skid: Optional[pulumi.Input[builtins.str]] = None,
|
1443
|
+
street_address: Optional[pulumi.Input[builtins.str]] = None,
|
1444
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1445
|
+
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1446
|
+
use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
|
1447
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None,
|
1017
1448
|
__props__=None):
|
1018
1449
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1019
1450
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1035,23 +1466,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1035
1466
|
raise TypeError("Missing required property 'csr'")
|
1036
1467
|
__props__.__dict__["csr"] = csr
|
1037
1468
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
1469
|
+
__props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
|
1470
|
+
__props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
|
1471
|
+
__props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
|
1472
|
+
__props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
|
1038
1473
|
__props__.__dict__["format"] = format
|
1039
1474
|
__props__.__dict__["ip_sans"] = ip_sans
|
1040
1475
|
__props__.__dict__["issuer_ref"] = issuer_ref
|
1041
1476
|
__props__.__dict__["locality"] = locality
|
1042
1477
|
__props__.__dict__["max_path_length"] = max_path_length
|
1043
1478
|
__props__.__dict__["namespace"] = namespace
|
1479
|
+
__props__.__dict__["not_after"] = not_after
|
1480
|
+
__props__.__dict__["not_before_duration"] = not_before_duration
|
1044
1481
|
__props__.__dict__["organization"] = organization
|
1045
1482
|
__props__.__dict__["other_sans"] = other_sans
|
1046
1483
|
__props__.__dict__["ou"] = ou
|
1047
1484
|
__props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
|
1485
|
+
__props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
|
1486
|
+
__props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
|
1487
|
+
__props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
|
1048
1488
|
__props__.__dict__["postal_code"] = postal_code
|
1049
1489
|
__props__.__dict__["province"] = province
|
1050
1490
|
__props__.__dict__["revoke"] = revoke
|
1491
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1492
|
+
__props__.__dict__["skid"] = skid
|
1051
1493
|
__props__.__dict__["street_address"] = street_address
|
1052
1494
|
__props__.__dict__["ttl"] = ttl
|
1053
1495
|
__props__.__dict__["uri_sans"] = uri_sans
|
1054
1496
|
__props__.__dict__["use_csr_values"] = use_csr_values
|
1497
|
+
__props__.__dict__["use_pss"] = use_pss
|
1055
1498
|
__props__.__dict__["ca_chains"] = None
|
1056
1499
|
__props__.__dict__["certificate"] = None
|
1057
1500
|
__props__.__dict__["certificate_bundle"] = None
|
@@ -1067,34 +1510,46 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1067
1510
|
def get(resource_name: str,
|
1068
1511
|
id: pulumi.Input[str],
|
1069
1512
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1070
|
-
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1071
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1072
|
-
ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1073
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1074
|
-
certificate_bundle: Optional[pulumi.Input[str]] = None,
|
1075
|
-
common_name: Optional[pulumi.Input[str]] = None,
|
1076
|
-
country: Optional[pulumi.Input[str]] = None,
|
1077
|
-
csr: Optional[pulumi.Input[str]] = None,
|
1078
|
-
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
1079
|
-
|
1080
|
-
|
1081
|
-
|
1082
|
-
|
1083
|
-
|
1084
|
-
|
1085
|
-
|
1086
|
-
|
1087
|
-
|
1088
|
-
|
1089
|
-
|
1090
|
-
|
1091
|
-
|
1092
|
-
|
1093
|
-
|
1094
|
-
|
1095
|
-
|
1096
|
-
|
1097
|
-
|
1513
|
+
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1514
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1515
|
+
ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1516
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1517
|
+
certificate_bundle: Optional[pulumi.Input[builtins.str]] = None,
|
1518
|
+
common_name: Optional[pulumi.Input[builtins.str]] = None,
|
1519
|
+
country: Optional[pulumi.Input[builtins.str]] = None,
|
1520
|
+
csr: Optional[pulumi.Input[builtins.str]] = None,
|
1521
|
+
exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1522
|
+
excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1523
|
+
excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1524
|
+
excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1525
|
+
excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1526
|
+
format: Optional[pulumi.Input[builtins.str]] = None,
|
1527
|
+
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1528
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1529
|
+
issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
|
1530
|
+
locality: Optional[pulumi.Input[builtins.str]] = None,
|
1531
|
+
max_path_length: Optional[pulumi.Input[builtins.int]] = None,
|
1532
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1533
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1534
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1535
|
+
organization: Optional[pulumi.Input[builtins.str]] = None,
|
1536
|
+
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1537
|
+
ou: Optional[pulumi.Input[builtins.str]] = None,
|
1538
|
+
permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1539
|
+
permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1540
|
+
permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1541
|
+
permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1542
|
+
postal_code: Optional[pulumi.Input[builtins.str]] = None,
|
1543
|
+
province: Optional[pulumi.Input[builtins.str]] = None,
|
1544
|
+
revoke: Optional[pulumi.Input[builtins.bool]] = None,
|
1545
|
+
serial_number: Optional[pulumi.Input[builtins.str]] = None,
|
1546
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1547
|
+
skid: Optional[pulumi.Input[builtins.str]] = None,
|
1548
|
+
street_address: Optional[pulumi.Input[builtins.str]] = None,
|
1549
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1550
|
+
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1551
|
+
use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
|
1552
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendRootSignIntermediate':
|
1098
1553
|
"""
|
1099
1554
|
Get an existing SecretBackendRootSignIntermediate resource's state with the given name, id, and optional extra
|
1100
1555
|
properties used to qualify the lookup.
|
@@ -1102,41 +1557,55 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1102
1557
|
:param str resource_name: The unique name of the resulting resource.
|
1103
1558
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1104
1559
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1105
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
1106
|
-
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
1107
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
|
1108
|
-
:param pulumi.Input[str] certificate: The intermediate CA certificate in the `format` specified.
|
1109
|
-
:param pulumi.Input[str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
|
1560
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
|
1561
|
+
:param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
|
1562
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
|
1563
|
+
:param pulumi.Input[builtins.str] certificate: The intermediate CA certificate in the `format` specified.
|
1564
|
+
:param pulumi.Input[builtins.str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
|
1110
1565
|
Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
|
1111
|
-
:param pulumi.Input[str] common_name: CN of intermediate to create
|
1112
|
-
:param pulumi.Input[str] country: The country
|
1113
|
-
:param pulumi.Input[str] csr: The CSR
|
1114
|
-
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1115
|
-
:param pulumi.Input[str]
|
1116
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
1117
|
-
:param pulumi.Input[str]
|
1566
|
+
:param pulumi.Input[builtins.str] common_name: CN of intermediate to create
|
1567
|
+
:param pulumi.Input[builtins.str] country: The country
|
1568
|
+
:param pulumi.Input[builtins.str] csr: The CSR
|
1569
|
+
:param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
1570
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1571
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1572
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1573
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1574
|
+
:param pulumi.Input[builtins.str] format: The format of data
|
1575
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
|
1576
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
1118
1577
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
1119
1578
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
1120
1579
|
overriding the role's `issuer_ref` value.
|
1121
|
-
:param pulumi.Input[str] issuing_ca: The issuing CA certificate in the `format` specified.
|
1122
|
-
:param pulumi.Input[str] locality: The locality
|
1123
|
-
:param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
|
1124
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1580
|
+
:param pulumi.Input[builtins.str] issuing_ca: The issuing CA certificate in the `format` specified.
|
1581
|
+
:param pulumi.Input[builtins.str] locality: The locality
|
1582
|
+
:param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
|
1583
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1125
1584
|
The value should not contain leading or trailing forward slashes.
|
1126
1585
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1127
1586
|
*Available only for Vault Enterprise*.
|
1128
|
-
:param pulumi.Input[str]
|
1129
|
-
|
1130
|
-
|
1131
|
-
:param pulumi.Input[
|
1132
|
-
:param pulumi.Input[str]
|
1133
|
-
:param pulumi.Input[str]
|
1134
|
-
:param pulumi.Input[
|
1135
|
-
:param pulumi.Input[str]
|
1136
|
-
:param pulumi.Input[str]
|
1137
|
-
:param pulumi.Input[str]
|
1138
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]]
|
1139
|
-
:param pulumi.Input[
|
1587
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
|
1588
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1589
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1590
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
1591
|
+
:param pulumi.Input[builtins.str] organization: The organization
|
1592
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
|
1593
|
+
:param pulumi.Input[builtins.str] ou: The organization unit
|
1594
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
|
1595
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1596
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1597
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1598
|
+
:param pulumi.Input[builtins.str] postal_code: The postal code
|
1599
|
+
:param pulumi.Input[builtins.str] province: The province
|
1600
|
+
:param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
1601
|
+
:param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
|
1602
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
1603
|
+
:param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1604
|
+
:param pulumi.Input[builtins.str] street_address: The street address
|
1605
|
+
:param pulumi.Input[builtins.str] ttl: Time to live
|
1606
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
|
1607
|
+
:param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
|
1608
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
1140
1609
|
"""
|
1141
1610
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1142
1611
|
|
@@ -1151,6 +1620,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1151
1620
|
__props__.__dict__["country"] = country
|
1152
1621
|
__props__.__dict__["csr"] = csr
|
1153
1622
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
1623
|
+
__props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
|
1624
|
+
__props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
|
1625
|
+
__props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
|
1626
|
+
__props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
|
1154
1627
|
__props__.__dict__["format"] = format
|
1155
1628
|
__props__.__dict__["ip_sans"] = ip_sans
|
1156
1629
|
__props__.__dict__["issuer_ref"] = issuer_ref
|
@@ -1158,23 +1631,31 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1158
1631
|
__props__.__dict__["locality"] = locality
|
1159
1632
|
__props__.__dict__["max_path_length"] = max_path_length
|
1160
1633
|
__props__.__dict__["namespace"] = namespace
|
1634
|
+
__props__.__dict__["not_after"] = not_after
|
1635
|
+
__props__.__dict__["not_before_duration"] = not_before_duration
|
1161
1636
|
__props__.__dict__["organization"] = organization
|
1162
1637
|
__props__.__dict__["other_sans"] = other_sans
|
1163
1638
|
__props__.__dict__["ou"] = ou
|
1164
1639
|
__props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
|
1640
|
+
__props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
|
1641
|
+
__props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
|
1642
|
+
__props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
|
1165
1643
|
__props__.__dict__["postal_code"] = postal_code
|
1166
1644
|
__props__.__dict__["province"] = province
|
1167
1645
|
__props__.__dict__["revoke"] = revoke
|
1168
1646
|
__props__.__dict__["serial_number"] = serial_number
|
1647
|
+
__props__.__dict__["signature_bits"] = signature_bits
|
1648
|
+
__props__.__dict__["skid"] = skid
|
1169
1649
|
__props__.__dict__["street_address"] = street_address
|
1170
1650
|
__props__.__dict__["ttl"] = ttl
|
1171
1651
|
__props__.__dict__["uri_sans"] = uri_sans
|
1172
1652
|
__props__.__dict__["use_csr_values"] = use_csr_values
|
1653
|
+
__props__.__dict__["use_pss"] = use_pss
|
1173
1654
|
return SecretBackendRootSignIntermediate(resource_name, opts=opts, __props__=__props__)
|
1174
1655
|
|
1175
1656
|
@property
|
1176
1657
|
@pulumi.getter(name="altNames")
|
1177
|
-
def alt_names(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1658
|
+
def alt_names(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1178
1659
|
"""
|
1179
1660
|
List of alternative names
|
1180
1661
|
"""
|
@@ -1182,7 +1663,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1182
1663
|
|
1183
1664
|
@property
|
1184
1665
|
@pulumi.getter
|
1185
|
-
def backend(self) -> pulumi.Output[str]:
|
1666
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
1186
1667
|
"""
|
1187
1668
|
The PKI secret backend the resource belongs to.
|
1188
1669
|
"""
|
@@ -1190,7 +1671,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1190
1671
|
|
1191
1672
|
@property
|
1192
1673
|
@pulumi.getter(name="caChains")
|
1193
|
-
def ca_chains(self) -> pulumi.Output[Sequence[str]]:
|
1674
|
+
def ca_chains(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1194
1675
|
"""
|
1195
1676
|
A list of the issuing and intermediate CA certificates in the `format` specified.
|
1196
1677
|
"""
|
@@ -1198,7 +1679,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1198
1679
|
|
1199
1680
|
@property
|
1200
1681
|
@pulumi.getter
|
1201
|
-
def certificate(self) -> pulumi.Output[str]:
|
1682
|
+
def certificate(self) -> pulumi.Output[builtins.str]:
|
1202
1683
|
"""
|
1203
1684
|
The intermediate CA certificate in the `format` specified.
|
1204
1685
|
"""
|
@@ -1206,7 +1687,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1206
1687
|
|
1207
1688
|
@property
|
1208
1689
|
@pulumi.getter(name="certificateBundle")
|
1209
|
-
def certificate_bundle(self) -> pulumi.Output[str]:
|
1690
|
+
def certificate_bundle(self) -> pulumi.Output[builtins.str]:
|
1210
1691
|
"""
|
1211
1692
|
The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
|
1212
1693
|
Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
|
@@ -1215,7 +1696,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1215
1696
|
|
1216
1697
|
@property
|
1217
1698
|
@pulumi.getter(name="commonName")
|
1218
|
-
def common_name(self) -> pulumi.Output[str]:
|
1699
|
+
def common_name(self) -> pulumi.Output[builtins.str]:
|
1219
1700
|
"""
|
1220
1701
|
CN of intermediate to create
|
1221
1702
|
"""
|
@@ -1223,7 +1704,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1223
1704
|
|
1224
1705
|
@property
|
1225
1706
|
@pulumi.getter
|
1226
|
-
def country(self) -> pulumi.Output[Optional[str]]:
|
1707
|
+
def country(self) -> pulumi.Output[Optional[builtins.str]]:
|
1227
1708
|
"""
|
1228
1709
|
The country
|
1229
1710
|
"""
|
@@ -1231,7 +1712,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1231
1712
|
|
1232
1713
|
@property
|
1233
1714
|
@pulumi.getter
|
1234
|
-
def csr(self) -> pulumi.Output[str]:
|
1715
|
+
def csr(self) -> pulumi.Output[builtins.str]:
|
1235
1716
|
"""
|
1236
1717
|
The CSR
|
1237
1718
|
"""
|
@@ -1239,15 +1720,47 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1239
1720
|
|
1240
1721
|
@property
|
1241
1722
|
@pulumi.getter(name="excludeCnFromSans")
|
1242
|
-
def exclude_cn_from_sans(self) -> pulumi.Output[Optional[bool]]:
|
1723
|
+
def exclude_cn_from_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1243
1724
|
"""
|
1244
1725
|
Flag to exclude CN from SANs
|
1245
1726
|
"""
|
1246
1727
|
return pulumi.get(self, "exclude_cn_from_sans")
|
1247
1728
|
|
1729
|
+
@property
|
1730
|
+
@pulumi.getter(name="excludedDnsDomains")
|
1731
|
+
def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1732
|
+
"""
|
1733
|
+
List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1734
|
+
"""
|
1735
|
+
return pulumi.get(self, "excluded_dns_domains")
|
1736
|
+
|
1737
|
+
@property
|
1738
|
+
@pulumi.getter(name="excludedEmailAddresses")
|
1739
|
+
def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1740
|
+
"""
|
1741
|
+
List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1742
|
+
"""
|
1743
|
+
return pulumi.get(self, "excluded_email_addresses")
|
1744
|
+
|
1745
|
+
@property
|
1746
|
+
@pulumi.getter(name="excludedIpRanges")
|
1747
|
+
def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1748
|
+
"""
|
1749
|
+
List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1750
|
+
"""
|
1751
|
+
return pulumi.get(self, "excluded_ip_ranges")
|
1752
|
+
|
1753
|
+
@property
|
1754
|
+
@pulumi.getter(name="excludedUriDomains")
|
1755
|
+
def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1756
|
+
"""
|
1757
|
+
List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
|
1758
|
+
"""
|
1759
|
+
return pulumi.get(self, "excluded_uri_domains")
|
1760
|
+
|
1248
1761
|
@property
|
1249
1762
|
@pulumi.getter
|
1250
|
-
def format(self) -> pulumi.Output[Optional[str]]:
|
1763
|
+
def format(self) -> pulumi.Output[Optional[builtins.str]]:
|
1251
1764
|
"""
|
1252
1765
|
The format of data
|
1253
1766
|
"""
|
@@ -1255,7 +1768,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1255
1768
|
|
1256
1769
|
@property
|
1257
1770
|
@pulumi.getter(name="ipSans")
|
1258
|
-
def ip_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1771
|
+
def ip_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1259
1772
|
"""
|
1260
1773
|
List of alternative IPs
|
1261
1774
|
"""
|
@@ -1263,7 +1776,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1263
1776
|
|
1264
1777
|
@property
|
1265
1778
|
@pulumi.getter(name="issuerRef")
|
1266
|
-
def issuer_ref(self) -> pulumi.Output[Optional[str]]:
|
1779
|
+
def issuer_ref(self) -> pulumi.Output[Optional[builtins.str]]:
|
1267
1780
|
"""
|
1268
1781
|
Specifies the default issuer of this request. May
|
1269
1782
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -1274,7 +1787,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1274
1787
|
|
1275
1788
|
@property
|
1276
1789
|
@pulumi.getter(name="issuingCa")
|
1277
|
-
def issuing_ca(self) -> pulumi.Output[str]:
|
1790
|
+
def issuing_ca(self) -> pulumi.Output[builtins.str]:
|
1278
1791
|
"""
|
1279
1792
|
The issuing CA certificate in the `format` specified.
|
1280
1793
|
"""
|
@@ -1282,7 +1795,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1282
1795
|
|
1283
1796
|
@property
|
1284
1797
|
@pulumi.getter
|
1285
|
-
def locality(self) -> pulumi.Output[Optional[str]]:
|
1798
|
+
def locality(self) -> pulumi.Output[Optional[builtins.str]]:
|
1286
1799
|
"""
|
1287
1800
|
The locality
|
1288
1801
|
"""
|
@@ -1290,7 +1803,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1290
1803
|
|
1291
1804
|
@property
|
1292
1805
|
@pulumi.getter(name="maxPathLength")
|
1293
|
-
def max_path_length(self) -> pulumi.Output[Optional[int]]:
|
1806
|
+
def max_path_length(self) -> pulumi.Output[Optional[builtins.int]]:
|
1294
1807
|
"""
|
1295
1808
|
The maximum path length to encode in the generated certificate
|
1296
1809
|
"""
|
@@ -1298,7 +1811,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1298
1811
|
|
1299
1812
|
@property
|
1300
1813
|
@pulumi.getter
|
1301
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1814
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1302
1815
|
"""
|
1303
1816
|
The namespace to provision the resource in.
|
1304
1817
|
The value should not contain leading or trailing forward slashes.
|
@@ -1307,9 +1820,27 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1307
1820
|
"""
|
1308
1821
|
return pulumi.get(self, "namespace")
|
1309
1822
|
|
1823
|
+
@property
|
1824
|
+
@pulumi.getter(name="notAfter")
|
1825
|
+
def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
|
1826
|
+
"""
|
1827
|
+
Set the Not After field of the certificate with specified date value.
|
1828
|
+
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
|
1829
|
+
for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1830
|
+
"""
|
1831
|
+
return pulumi.get(self, "not_after")
|
1832
|
+
|
1833
|
+
@property
|
1834
|
+
@pulumi.getter(name="notBeforeDuration")
|
1835
|
+
def not_before_duration(self) -> pulumi.Output[Optional[builtins.str]]:
|
1836
|
+
"""
|
1837
|
+
Specifies the duration by which to backdate the NotBefore property.
|
1838
|
+
"""
|
1839
|
+
return pulumi.get(self, "not_before_duration")
|
1840
|
+
|
1310
1841
|
@property
|
1311
1842
|
@pulumi.getter
|
1312
|
-
def organization(self) -> pulumi.Output[Optional[str]]:
|
1843
|
+
def organization(self) -> pulumi.Output[Optional[builtins.str]]:
|
1313
1844
|
"""
|
1314
1845
|
The organization
|
1315
1846
|
"""
|
@@ -1317,7 +1848,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1317
1848
|
|
1318
1849
|
@property
|
1319
1850
|
@pulumi.getter(name="otherSans")
|
1320
|
-
def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1851
|
+
def other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1321
1852
|
"""
|
1322
1853
|
List of other SANs
|
1323
1854
|
"""
|
@@ -1325,7 +1856,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1325
1856
|
|
1326
1857
|
@property
|
1327
1858
|
@pulumi.getter
|
1328
|
-
def ou(self) -> pulumi.Output[Optional[str]]:
|
1859
|
+
def ou(self) -> pulumi.Output[Optional[builtins.str]]:
|
1329
1860
|
"""
|
1330
1861
|
The organization unit
|
1331
1862
|
"""
|
@@ -1333,15 +1864,39 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1333
1864
|
|
1334
1865
|
@property
|
1335
1866
|
@pulumi.getter(name="permittedDnsDomains")
|
1336
|
-
def permitted_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1867
|
+
def permitted_dns_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1337
1868
|
"""
|
1338
1869
|
List of domains for which certificates are allowed to be issued
|
1339
1870
|
"""
|
1340
1871
|
return pulumi.get(self, "permitted_dns_domains")
|
1341
1872
|
|
1873
|
+
@property
|
1874
|
+
@pulumi.getter(name="permittedEmailAddresses")
|
1875
|
+
def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1876
|
+
"""
|
1877
|
+
List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1878
|
+
"""
|
1879
|
+
return pulumi.get(self, "permitted_email_addresses")
|
1880
|
+
|
1881
|
+
@property
|
1882
|
+
@pulumi.getter(name="permittedIpRanges")
|
1883
|
+
def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1884
|
+
"""
|
1885
|
+
List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1886
|
+
"""
|
1887
|
+
return pulumi.get(self, "permitted_ip_ranges")
|
1888
|
+
|
1889
|
+
@property
|
1890
|
+
@pulumi.getter(name="permittedUriDomains")
|
1891
|
+
def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1892
|
+
"""
|
1893
|
+
List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
|
1894
|
+
"""
|
1895
|
+
return pulumi.get(self, "permitted_uri_domains")
|
1896
|
+
|
1342
1897
|
@property
|
1343
1898
|
@pulumi.getter(name="postalCode")
|
1344
|
-
def postal_code(self) -> pulumi.Output[Optional[str]]:
|
1899
|
+
def postal_code(self) -> pulumi.Output[Optional[builtins.str]]:
|
1345
1900
|
"""
|
1346
1901
|
The postal code
|
1347
1902
|
"""
|
@@ -1349,7 +1904,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1349
1904
|
|
1350
1905
|
@property
|
1351
1906
|
@pulumi.getter
|
1352
|
-
def province(self) -> pulumi.Output[Optional[str]]:
|
1907
|
+
def province(self) -> pulumi.Output[Optional[builtins.str]]:
|
1353
1908
|
"""
|
1354
1909
|
The province
|
1355
1910
|
"""
|
@@ -1357,7 +1912,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1357
1912
|
|
1358
1913
|
@property
|
1359
1914
|
@pulumi.getter
|
1360
|
-
def revoke(self) -> pulumi.Output[Optional[bool]]:
|
1915
|
+
def revoke(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1361
1916
|
"""
|
1362
1917
|
If set to `true`, the certificate will be revoked on resource destruction.
|
1363
1918
|
"""
|
@@ -1365,15 +1920,31 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1365
1920
|
|
1366
1921
|
@property
|
1367
1922
|
@pulumi.getter(name="serialNumber")
|
1368
|
-
def serial_number(self) -> pulumi.Output[str]:
|
1923
|
+
def serial_number(self) -> pulumi.Output[builtins.str]:
|
1369
1924
|
"""
|
1370
1925
|
The certificate's serial number, hex formatted.
|
1371
1926
|
"""
|
1372
1927
|
return pulumi.get(self, "serial_number")
|
1373
1928
|
|
1929
|
+
@property
|
1930
|
+
@pulumi.getter(name="signatureBits")
|
1931
|
+
def signature_bits(self) -> pulumi.Output[Optional[builtins.int]]:
|
1932
|
+
"""
|
1933
|
+
The number of bits to use in the signature algorithm
|
1934
|
+
"""
|
1935
|
+
return pulumi.get(self, "signature_bits")
|
1936
|
+
|
1937
|
+
@property
|
1938
|
+
@pulumi.getter
|
1939
|
+
def skid(self) -> pulumi.Output[Optional[builtins.str]]:
|
1940
|
+
"""
|
1941
|
+
Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
|
1942
|
+
"""
|
1943
|
+
return pulumi.get(self, "skid")
|
1944
|
+
|
1374
1945
|
@property
|
1375
1946
|
@pulumi.getter(name="streetAddress")
|
1376
|
-
def street_address(self) -> pulumi.Output[Optional[str]]:
|
1947
|
+
def street_address(self) -> pulumi.Output[Optional[builtins.str]]:
|
1377
1948
|
"""
|
1378
1949
|
The street address
|
1379
1950
|
"""
|
@@ -1381,7 +1952,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1381
1952
|
|
1382
1953
|
@property
|
1383
1954
|
@pulumi.getter
|
1384
|
-
def ttl(self) -> pulumi.Output[Optional[str]]:
|
1955
|
+
def ttl(self) -> pulumi.Output[Optional[builtins.str]]:
|
1385
1956
|
"""
|
1386
1957
|
Time to live
|
1387
1958
|
"""
|
@@ -1389,7 +1960,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1389
1960
|
|
1390
1961
|
@property
|
1391
1962
|
@pulumi.getter(name="uriSans")
|
1392
|
-
def uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1963
|
+
def uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1393
1964
|
"""
|
1394
1965
|
List of alternative URIs
|
1395
1966
|
"""
|
@@ -1397,9 +1968,17 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
|
|
1397
1968
|
|
1398
1969
|
@property
|
1399
1970
|
@pulumi.getter(name="useCsrValues")
|
1400
|
-
def use_csr_values(self) -> pulumi.Output[Optional[bool]]:
|
1971
|
+
def use_csr_values(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1401
1972
|
"""
|
1402
1973
|
Preserve CSR values
|
1403
1974
|
"""
|
1404
1975
|
return pulumi.get(self, "use_csr_values")
|
1405
1976
|
|
1977
|
+
@property
|
1978
|
+
@pulumi.getter(name="usePss")
|
1979
|
+
def use_pss(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1980
|
+
"""
|
1981
|
+
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
|
1982
|
+
"""
|
1983
|
+
return pulumi.get(self, "use_pss")
|
1984
|
+
|