pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,60 +20,86 @@ __all__ = ['SecretBackendRootSignIntermediateArgs', 'SecretBackendRootSignInterm
19
20
  @pulumi.input_type
20
21
  class SecretBackendRootSignIntermediateArgs:
21
22
  def __init__(__self__, *,
22
- backend: pulumi.Input[str],
23
- common_name: pulumi.Input[str],
24
- csr: pulumi.Input[str],
25
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
- country: Optional[pulumi.Input[str]] = None,
27
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
28
- format: Optional[pulumi.Input[str]] = None,
29
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
- issuer_ref: Optional[pulumi.Input[str]] = None,
31
- locality: Optional[pulumi.Input[str]] = None,
32
- max_path_length: Optional[pulumi.Input[int]] = None,
33
- namespace: Optional[pulumi.Input[str]] = None,
34
- organization: Optional[pulumi.Input[str]] = None,
35
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
36
- ou: Optional[pulumi.Input[str]] = None,
37
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
38
- postal_code: Optional[pulumi.Input[str]] = None,
39
- province: Optional[pulumi.Input[str]] = None,
40
- revoke: Optional[pulumi.Input[bool]] = None,
41
- street_address: Optional[pulumi.Input[str]] = None,
42
- ttl: Optional[pulumi.Input[str]] = None,
43
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
44
- use_csr_values: Optional[pulumi.Input[bool]] = None):
23
+ backend: pulumi.Input[builtins.str],
24
+ common_name: pulumi.Input[builtins.str],
25
+ csr: pulumi.Input[builtins.str],
26
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
27
+ country: Optional[pulumi.Input[builtins.str]] = None,
28
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
29
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
30
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
31
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
32
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
33
+ format: Optional[pulumi.Input[builtins.str]] = None,
34
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
35
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
36
+ locality: Optional[pulumi.Input[builtins.str]] = None,
37
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
38
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
39
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
40
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
41
+ organization: Optional[pulumi.Input[builtins.str]] = None,
42
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
43
+ ou: Optional[pulumi.Input[builtins.str]] = None,
44
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
45
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
46
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
47
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
48
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
49
+ province: Optional[pulumi.Input[builtins.str]] = None,
50
+ revoke: Optional[pulumi.Input[builtins.bool]] = None,
51
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
52
+ skid: Optional[pulumi.Input[builtins.str]] = None,
53
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
54
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
55
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
56
+ use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
57
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None):
45
58
  """
46
59
  The set of arguments for constructing a SecretBackendRootSignIntermediate resource.
47
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
48
- :param pulumi.Input[str] common_name: CN of intermediate to create
49
- :param pulumi.Input[str] csr: The CSR
50
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
51
- :param pulumi.Input[str] country: The country
52
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
53
- :param pulumi.Input[str] format: The format of data
54
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
55
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
60
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
61
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
62
+ :param pulumi.Input[builtins.str] csr: The CSR
63
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
64
+ :param pulumi.Input[builtins.str] country: The country
65
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
66
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
67
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
68
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
69
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
70
+ :param pulumi.Input[builtins.str] format: The format of data
71
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
72
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
56
73
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
57
74
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
58
75
  overriding the role's `issuer_ref` value.
59
- :param pulumi.Input[str] locality: The locality
60
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
61
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
76
+ :param pulumi.Input[builtins.str] locality: The locality
77
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
78
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
62
79
  The value should not contain leading or trailing forward slashes.
63
80
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
64
81
  *Available only for Vault Enterprise*.
65
- :param pulumi.Input[str] organization: The organization
66
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
67
- :param pulumi.Input[str] ou: The organization unit
68
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
69
- :param pulumi.Input[str] postal_code: The postal code
70
- :param pulumi.Input[str] province: The province
71
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
72
- :param pulumi.Input[str] street_address: The street address
73
- :param pulumi.Input[str] ttl: Time to live
74
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
75
- :param pulumi.Input[bool] use_csr_values: Preserve CSR values
82
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
83
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
84
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
85
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
86
+ :param pulumi.Input[builtins.str] organization: The organization
87
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
88
+ :param pulumi.Input[builtins.str] ou: The organization unit
89
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
90
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
91
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
92
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
93
+ :param pulumi.Input[builtins.str] postal_code: The postal code
94
+ :param pulumi.Input[builtins.str] province: The province
95
+ :param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
96
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
97
+ :param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
98
+ :param pulumi.Input[builtins.str] street_address: The street address
99
+ :param pulumi.Input[builtins.str] ttl: Time to live
100
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
101
+ :param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
102
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
76
103
  """
77
104
  pulumi.set(__self__, "backend", backend)
78
105
  pulumi.set(__self__, "common_name", common_name)
@@ -83,6 +110,14 @@ class SecretBackendRootSignIntermediateArgs:
83
110
  pulumi.set(__self__, "country", country)
84
111
  if exclude_cn_from_sans is not None:
85
112
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
113
+ if excluded_dns_domains is not None:
114
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
115
+ if excluded_email_addresses is not None:
116
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
117
+ if excluded_ip_ranges is not None:
118
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
119
+ if excluded_uri_domains is not None:
120
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
86
121
  if format is not None:
87
122
  pulumi.set(__self__, "format", format)
88
123
  if ip_sans is not None:
@@ -95,6 +130,10 @@ class SecretBackendRootSignIntermediateArgs:
95
130
  pulumi.set(__self__, "max_path_length", max_path_length)
96
131
  if namespace is not None:
97
132
  pulumi.set(__self__, "namespace", namespace)
133
+ if not_after is not None:
134
+ pulumi.set(__self__, "not_after", not_after)
135
+ if not_before_duration is not None:
136
+ pulumi.set(__self__, "not_before_duration", not_before_duration)
98
137
  if organization is not None:
99
138
  pulumi.set(__self__, "organization", organization)
100
139
  if other_sans is not None:
@@ -103,12 +142,22 @@ class SecretBackendRootSignIntermediateArgs:
103
142
  pulumi.set(__self__, "ou", ou)
104
143
  if permitted_dns_domains is not None:
105
144
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
145
+ if permitted_email_addresses is not None:
146
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
147
+ if permitted_ip_ranges is not None:
148
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
149
+ if permitted_uri_domains is not None:
150
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
106
151
  if postal_code is not None:
107
152
  pulumi.set(__self__, "postal_code", postal_code)
108
153
  if province is not None:
109
154
  pulumi.set(__self__, "province", province)
110
155
  if revoke is not None:
111
156
  pulumi.set(__self__, "revoke", revoke)
157
+ if signature_bits is not None:
158
+ pulumi.set(__self__, "signature_bits", signature_bits)
159
+ if skid is not None:
160
+ pulumi.set(__self__, "skid", skid)
112
161
  if street_address is not None:
113
162
  pulumi.set(__self__, "street_address", street_address)
114
163
  if ttl is not None:
@@ -117,106 +166,156 @@ class SecretBackendRootSignIntermediateArgs:
117
166
  pulumi.set(__self__, "uri_sans", uri_sans)
118
167
  if use_csr_values is not None:
119
168
  pulumi.set(__self__, "use_csr_values", use_csr_values)
169
+ if use_pss is not None:
170
+ pulumi.set(__self__, "use_pss", use_pss)
120
171
 
121
172
  @property
122
173
  @pulumi.getter
123
- def backend(self) -> pulumi.Input[str]:
174
+ def backend(self) -> pulumi.Input[builtins.str]:
124
175
  """
125
176
  The PKI secret backend the resource belongs to.
126
177
  """
127
178
  return pulumi.get(self, "backend")
128
179
 
129
180
  @backend.setter
130
- def backend(self, value: pulumi.Input[str]):
181
+ def backend(self, value: pulumi.Input[builtins.str]):
131
182
  pulumi.set(self, "backend", value)
132
183
 
133
184
  @property
134
185
  @pulumi.getter(name="commonName")
135
- def common_name(self) -> pulumi.Input[str]:
186
+ def common_name(self) -> pulumi.Input[builtins.str]:
136
187
  """
137
188
  CN of intermediate to create
138
189
  """
139
190
  return pulumi.get(self, "common_name")
140
191
 
141
192
  @common_name.setter
142
- def common_name(self, value: pulumi.Input[str]):
193
+ def common_name(self, value: pulumi.Input[builtins.str]):
143
194
  pulumi.set(self, "common_name", value)
144
195
 
145
196
  @property
146
197
  @pulumi.getter
147
- def csr(self) -> pulumi.Input[str]:
198
+ def csr(self) -> pulumi.Input[builtins.str]:
148
199
  """
149
200
  The CSR
150
201
  """
151
202
  return pulumi.get(self, "csr")
152
203
 
153
204
  @csr.setter
154
- def csr(self, value: pulumi.Input[str]):
205
+ def csr(self, value: pulumi.Input[builtins.str]):
155
206
  pulumi.set(self, "csr", value)
156
207
 
157
208
  @property
158
209
  @pulumi.getter(name="altNames")
159
- def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
210
+ def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
160
211
  """
161
212
  List of alternative names
162
213
  """
163
214
  return pulumi.get(self, "alt_names")
164
215
 
165
216
  @alt_names.setter
166
- def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
217
+ def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
167
218
  pulumi.set(self, "alt_names", value)
168
219
 
169
220
  @property
170
221
  @pulumi.getter
171
- def country(self) -> Optional[pulumi.Input[str]]:
222
+ def country(self) -> Optional[pulumi.Input[builtins.str]]:
172
223
  """
173
224
  The country
174
225
  """
175
226
  return pulumi.get(self, "country")
176
227
 
177
228
  @country.setter
178
- def country(self, value: Optional[pulumi.Input[str]]):
229
+ def country(self, value: Optional[pulumi.Input[builtins.str]]):
179
230
  pulumi.set(self, "country", value)
180
231
 
181
232
  @property
182
233
  @pulumi.getter(name="excludeCnFromSans")
183
- def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
234
+ def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
184
235
  """
185
236
  Flag to exclude CN from SANs
186
237
  """
187
238
  return pulumi.get(self, "exclude_cn_from_sans")
188
239
 
189
240
  @exclude_cn_from_sans.setter
190
- def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
241
+ def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
191
242
  pulumi.set(self, "exclude_cn_from_sans", value)
192
243
 
244
+ @property
245
+ @pulumi.getter(name="excludedDnsDomains")
246
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
247
+ """
248
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
249
+ """
250
+ return pulumi.get(self, "excluded_dns_domains")
251
+
252
+ @excluded_dns_domains.setter
253
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
254
+ pulumi.set(self, "excluded_dns_domains", value)
255
+
256
+ @property
257
+ @pulumi.getter(name="excludedEmailAddresses")
258
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
259
+ """
260
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
261
+ """
262
+ return pulumi.get(self, "excluded_email_addresses")
263
+
264
+ @excluded_email_addresses.setter
265
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
266
+ pulumi.set(self, "excluded_email_addresses", value)
267
+
268
+ @property
269
+ @pulumi.getter(name="excludedIpRanges")
270
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
271
+ """
272
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
273
+ """
274
+ return pulumi.get(self, "excluded_ip_ranges")
275
+
276
+ @excluded_ip_ranges.setter
277
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
278
+ pulumi.set(self, "excluded_ip_ranges", value)
279
+
280
+ @property
281
+ @pulumi.getter(name="excludedUriDomains")
282
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
283
+ """
284
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
285
+ """
286
+ return pulumi.get(self, "excluded_uri_domains")
287
+
288
+ @excluded_uri_domains.setter
289
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
290
+ pulumi.set(self, "excluded_uri_domains", value)
291
+
193
292
  @property
194
293
  @pulumi.getter
195
- def format(self) -> Optional[pulumi.Input[str]]:
294
+ def format(self) -> Optional[pulumi.Input[builtins.str]]:
196
295
  """
197
296
  The format of data
198
297
  """
199
298
  return pulumi.get(self, "format")
200
299
 
201
300
  @format.setter
202
- def format(self, value: Optional[pulumi.Input[str]]):
301
+ def format(self, value: Optional[pulumi.Input[builtins.str]]):
203
302
  pulumi.set(self, "format", value)
204
303
 
205
304
  @property
206
305
  @pulumi.getter(name="ipSans")
207
- def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
306
+ def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
208
307
  """
209
308
  List of alternative IPs
210
309
  """
211
310
  return pulumi.get(self, "ip_sans")
212
311
 
213
312
  @ip_sans.setter
214
- def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
313
+ def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
215
314
  pulumi.set(self, "ip_sans", value)
216
315
 
217
316
  @property
218
317
  @pulumi.getter(name="issuerRef")
219
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
318
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
220
319
  """
221
320
  Specifies the default issuer of this request. May
222
321
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -226,36 +325,36 @@ class SecretBackendRootSignIntermediateArgs:
226
325
  return pulumi.get(self, "issuer_ref")
227
326
 
228
327
  @issuer_ref.setter
229
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
328
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
230
329
  pulumi.set(self, "issuer_ref", value)
231
330
 
232
331
  @property
233
332
  @pulumi.getter
234
- def locality(self) -> Optional[pulumi.Input[str]]:
333
+ def locality(self) -> Optional[pulumi.Input[builtins.str]]:
235
334
  """
236
335
  The locality
237
336
  """
238
337
  return pulumi.get(self, "locality")
239
338
 
240
339
  @locality.setter
241
- def locality(self, value: Optional[pulumi.Input[str]]):
340
+ def locality(self, value: Optional[pulumi.Input[builtins.str]]):
242
341
  pulumi.set(self, "locality", value)
243
342
 
244
343
  @property
245
344
  @pulumi.getter(name="maxPathLength")
246
- def max_path_length(self) -> Optional[pulumi.Input[int]]:
345
+ def max_path_length(self) -> Optional[pulumi.Input[builtins.int]]:
247
346
  """
248
347
  The maximum path length to encode in the generated certificate
249
348
  """
250
349
  return pulumi.get(self, "max_path_length")
251
350
 
252
351
  @max_path_length.setter
253
- def max_path_length(self, value: Optional[pulumi.Input[int]]):
352
+ def max_path_length(self, value: Optional[pulumi.Input[builtins.int]]):
254
353
  pulumi.set(self, "max_path_length", value)
255
354
 
256
355
  @property
257
356
  @pulumi.getter
258
- def namespace(self) -> Optional[pulumi.Input[str]]:
357
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
259
358
  """
260
359
  The namespace to provision the resource in.
261
360
  The value should not contain leading or trailing forward slashes.
@@ -265,210 +364,334 @@ class SecretBackendRootSignIntermediateArgs:
265
364
  return pulumi.get(self, "namespace")
266
365
 
267
366
  @namespace.setter
268
- def namespace(self, value: Optional[pulumi.Input[str]]):
367
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
269
368
  pulumi.set(self, "namespace", value)
270
369
 
370
+ @property
371
+ @pulumi.getter(name="notAfter")
372
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
373
+ """
374
+ Set the Not After field of the certificate with specified date value.
375
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
376
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
377
+ """
378
+ return pulumi.get(self, "not_after")
379
+
380
+ @not_after.setter
381
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
382
+ pulumi.set(self, "not_after", value)
383
+
384
+ @property
385
+ @pulumi.getter(name="notBeforeDuration")
386
+ def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
387
+ """
388
+ Specifies the duration by which to backdate the NotBefore property.
389
+ """
390
+ return pulumi.get(self, "not_before_duration")
391
+
392
+ @not_before_duration.setter
393
+ def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
394
+ pulumi.set(self, "not_before_duration", value)
395
+
271
396
  @property
272
397
  @pulumi.getter
273
- def organization(self) -> Optional[pulumi.Input[str]]:
398
+ def organization(self) -> Optional[pulumi.Input[builtins.str]]:
274
399
  """
275
400
  The organization
276
401
  """
277
402
  return pulumi.get(self, "organization")
278
403
 
279
404
  @organization.setter
280
- def organization(self, value: Optional[pulumi.Input[str]]):
405
+ def organization(self, value: Optional[pulumi.Input[builtins.str]]):
281
406
  pulumi.set(self, "organization", value)
282
407
 
283
408
  @property
284
409
  @pulumi.getter(name="otherSans")
285
- def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
410
+ def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
286
411
  """
287
412
  List of other SANs
288
413
  """
289
414
  return pulumi.get(self, "other_sans")
290
415
 
291
416
  @other_sans.setter
292
- def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
417
+ def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
293
418
  pulumi.set(self, "other_sans", value)
294
419
 
295
420
  @property
296
421
  @pulumi.getter
297
- def ou(self) -> Optional[pulumi.Input[str]]:
422
+ def ou(self) -> Optional[pulumi.Input[builtins.str]]:
298
423
  """
299
424
  The organization unit
300
425
  """
301
426
  return pulumi.get(self, "ou")
302
427
 
303
428
  @ou.setter
304
- def ou(self, value: Optional[pulumi.Input[str]]):
429
+ def ou(self, value: Optional[pulumi.Input[builtins.str]]):
305
430
  pulumi.set(self, "ou", value)
306
431
 
307
432
  @property
308
433
  @pulumi.getter(name="permittedDnsDomains")
309
- def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
434
+ def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
310
435
  """
311
436
  List of domains for which certificates are allowed to be issued
312
437
  """
313
438
  return pulumi.get(self, "permitted_dns_domains")
314
439
 
315
440
  @permitted_dns_domains.setter
316
- def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
441
+ def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
317
442
  pulumi.set(self, "permitted_dns_domains", value)
318
443
 
444
+ @property
445
+ @pulumi.getter(name="permittedEmailAddresses")
446
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
447
+ """
448
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
449
+ """
450
+ return pulumi.get(self, "permitted_email_addresses")
451
+
452
+ @permitted_email_addresses.setter
453
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
454
+ pulumi.set(self, "permitted_email_addresses", value)
455
+
456
+ @property
457
+ @pulumi.getter(name="permittedIpRanges")
458
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
459
+ """
460
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
461
+ """
462
+ return pulumi.get(self, "permitted_ip_ranges")
463
+
464
+ @permitted_ip_ranges.setter
465
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
466
+ pulumi.set(self, "permitted_ip_ranges", value)
467
+
468
+ @property
469
+ @pulumi.getter(name="permittedUriDomains")
470
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
471
+ """
472
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
473
+ """
474
+ return pulumi.get(self, "permitted_uri_domains")
475
+
476
+ @permitted_uri_domains.setter
477
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
478
+ pulumi.set(self, "permitted_uri_domains", value)
479
+
319
480
  @property
320
481
  @pulumi.getter(name="postalCode")
321
- def postal_code(self) -> Optional[pulumi.Input[str]]:
482
+ def postal_code(self) -> Optional[pulumi.Input[builtins.str]]:
322
483
  """
323
484
  The postal code
324
485
  """
325
486
  return pulumi.get(self, "postal_code")
326
487
 
327
488
  @postal_code.setter
328
- def postal_code(self, value: Optional[pulumi.Input[str]]):
489
+ def postal_code(self, value: Optional[pulumi.Input[builtins.str]]):
329
490
  pulumi.set(self, "postal_code", value)
330
491
 
331
492
  @property
332
493
  @pulumi.getter
333
- def province(self) -> Optional[pulumi.Input[str]]:
494
+ def province(self) -> Optional[pulumi.Input[builtins.str]]:
334
495
  """
335
496
  The province
336
497
  """
337
498
  return pulumi.get(self, "province")
338
499
 
339
500
  @province.setter
340
- def province(self, value: Optional[pulumi.Input[str]]):
501
+ def province(self, value: Optional[pulumi.Input[builtins.str]]):
341
502
  pulumi.set(self, "province", value)
342
503
 
343
504
  @property
344
505
  @pulumi.getter
345
- def revoke(self) -> Optional[pulumi.Input[bool]]:
506
+ def revoke(self) -> Optional[pulumi.Input[builtins.bool]]:
346
507
  """
347
508
  If set to `true`, the certificate will be revoked on resource destruction.
348
509
  """
349
510
  return pulumi.get(self, "revoke")
350
511
 
351
512
  @revoke.setter
352
- def revoke(self, value: Optional[pulumi.Input[bool]]):
513
+ def revoke(self, value: Optional[pulumi.Input[builtins.bool]]):
353
514
  pulumi.set(self, "revoke", value)
354
515
 
516
+ @property
517
+ @pulumi.getter(name="signatureBits")
518
+ def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
519
+ """
520
+ The number of bits to use in the signature algorithm
521
+ """
522
+ return pulumi.get(self, "signature_bits")
523
+
524
+ @signature_bits.setter
525
+ def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
526
+ pulumi.set(self, "signature_bits", value)
527
+
528
+ @property
529
+ @pulumi.getter
530
+ def skid(self) -> Optional[pulumi.Input[builtins.str]]:
531
+ """
532
+ Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
533
+ """
534
+ return pulumi.get(self, "skid")
535
+
536
+ @skid.setter
537
+ def skid(self, value: Optional[pulumi.Input[builtins.str]]):
538
+ pulumi.set(self, "skid", value)
539
+
355
540
  @property
356
541
  @pulumi.getter(name="streetAddress")
357
- def street_address(self) -> Optional[pulumi.Input[str]]:
542
+ def street_address(self) -> Optional[pulumi.Input[builtins.str]]:
358
543
  """
359
544
  The street address
360
545
  """
361
546
  return pulumi.get(self, "street_address")
362
547
 
363
548
  @street_address.setter
364
- def street_address(self, value: Optional[pulumi.Input[str]]):
549
+ def street_address(self, value: Optional[pulumi.Input[builtins.str]]):
365
550
  pulumi.set(self, "street_address", value)
366
551
 
367
552
  @property
368
553
  @pulumi.getter
369
- def ttl(self) -> Optional[pulumi.Input[str]]:
554
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
370
555
  """
371
556
  Time to live
372
557
  """
373
558
  return pulumi.get(self, "ttl")
374
559
 
375
560
  @ttl.setter
376
- def ttl(self, value: Optional[pulumi.Input[str]]):
561
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
377
562
  pulumi.set(self, "ttl", value)
378
563
 
379
564
  @property
380
565
  @pulumi.getter(name="uriSans")
381
- def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
566
+ def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
382
567
  """
383
568
  List of alternative URIs
384
569
  """
385
570
  return pulumi.get(self, "uri_sans")
386
571
 
387
572
  @uri_sans.setter
388
- def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
573
+ def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
389
574
  pulumi.set(self, "uri_sans", value)
390
575
 
391
576
  @property
392
577
  @pulumi.getter(name="useCsrValues")
393
- def use_csr_values(self) -> Optional[pulumi.Input[bool]]:
578
+ def use_csr_values(self) -> Optional[pulumi.Input[builtins.bool]]:
394
579
  """
395
580
  Preserve CSR values
396
581
  """
397
582
  return pulumi.get(self, "use_csr_values")
398
583
 
399
584
  @use_csr_values.setter
400
- def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
585
+ def use_csr_values(self, value: Optional[pulumi.Input[builtins.bool]]):
401
586
  pulumi.set(self, "use_csr_values", value)
402
587
 
588
+ @property
589
+ @pulumi.getter(name="usePss")
590
+ def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
591
+ """
592
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
593
+ """
594
+ return pulumi.get(self, "use_pss")
595
+
596
+ @use_pss.setter
597
+ def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
598
+ pulumi.set(self, "use_pss", value)
599
+
403
600
 
404
601
  @pulumi.input_type
405
602
  class _SecretBackendRootSignIntermediateState:
406
603
  def __init__(__self__, *,
407
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
408
- backend: Optional[pulumi.Input[str]] = None,
409
- ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
410
- certificate: Optional[pulumi.Input[str]] = None,
411
- certificate_bundle: Optional[pulumi.Input[str]] = None,
412
- common_name: Optional[pulumi.Input[str]] = None,
413
- country: Optional[pulumi.Input[str]] = None,
414
- csr: Optional[pulumi.Input[str]] = None,
415
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
416
- format: Optional[pulumi.Input[str]] = None,
417
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
418
- issuer_ref: Optional[pulumi.Input[str]] = None,
419
- issuing_ca: Optional[pulumi.Input[str]] = None,
420
- locality: Optional[pulumi.Input[str]] = None,
421
- max_path_length: Optional[pulumi.Input[int]] = None,
422
- namespace: Optional[pulumi.Input[str]] = None,
423
- organization: Optional[pulumi.Input[str]] = None,
424
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
425
- ou: Optional[pulumi.Input[str]] = None,
426
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
427
- postal_code: Optional[pulumi.Input[str]] = None,
428
- province: Optional[pulumi.Input[str]] = None,
429
- revoke: Optional[pulumi.Input[bool]] = None,
430
- serial_number: Optional[pulumi.Input[str]] = None,
431
- street_address: Optional[pulumi.Input[str]] = None,
432
- ttl: Optional[pulumi.Input[str]] = None,
433
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
434
- use_csr_values: Optional[pulumi.Input[bool]] = None):
604
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
605
+ backend: Optional[pulumi.Input[builtins.str]] = None,
606
+ ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
607
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
608
+ certificate_bundle: Optional[pulumi.Input[builtins.str]] = None,
609
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
610
+ country: Optional[pulumi.Input[builtins.str]] = None,
611
+ csr: Optional[pulumi.Input[builtins.str]] = None,
612
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
613
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
614
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
615
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
616
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
617
+ format: Optional[pulumi.Input[builtins.str]] = None,
618
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
619
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
620
+ issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
621
+ locality: Optional[pulumi.Input[builtins.str]] = None,
622
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
623
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
624
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
625
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
626
+ organization: Optional[pulumi.Input[builtins.str]] = None,
627
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
628
+ ou: Optional[pulumi.Input[builtins.str]] = None,
629
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
630
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
631
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
632
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
633
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
634
+ province: Optional[pulumi.Input[builtins.str]] = None,
635
+ revoke: Optional[pulumi.Input[builtins.bool]] = None,
636
+ serial_number: Optional[pulumi.Input[builtins.str]] = None,
637
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
638
+ skid: Optional[pulumi.Input[builtins.str]] = None,
639
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
640
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
641
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
642
+ use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
643
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None):
435
644
  """
436
645
  Input properties used for looking up and filtering SecretBackendRootSignIntermediate resources.
437
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
438
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
439
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
440
- :param pulumi.Input[str] certificate: The intermediate CA certificate in the `format` specified.
441
- :param pulumi.Input[str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
646
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
647
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
648
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
649
+ :param pulumi.Input[builtins.str] certificate: The intermediate CA certificate in the `format` specified.
650
+ :param pulumi.Input[builtins.str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
442
651
  Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
443
- :param pulumi.Input[str] common_name: CN of intermediate to create
444
- :param pulumi.Input[str] country: The country
445
- :param pulumi.Input[str] csr: The CSR
446
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
447
- :param pulumi.Input[str] format: The format of data
448
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
449
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
652
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
653
+ :param pulumi.Input[builtins.str] country: The country
654
+ :param pulumi.Input[builtins.str] csr: The CSR
655
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
656
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
657
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
658
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
659
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
660
+ :param pulumi.Input[builtins.str] format: The format of data
661
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
662
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
450
663
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
451
664
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
452
665
  overriding the role's `issuer_ref` value.
453
- :param pulumi.Input[str] issuing_ca: The issuing CA certificate in the `format` specified.
454
- :param pulumi.Input[str] locality: The locality
455
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
456
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
666
+ :param pulumi.Input[builtins.str] issuing_ca: The issuing CA certificate in the `format` specified.
667
+ :param pulumi.Input[builtins.str] locality: The locality
668
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
669
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
457
670
  The value should not contain leading or trailing forward slashes.
458
671
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
459
672
  *Available only for Vault Enterprise*.
460
- :param pulumi.Input[str] organization: The organization
461
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
462
- :param pulumi.Input[str] ou: The organization unit
463
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
464
- :param pulumi.Input[str] postal_code: The postal code
465
- :param pulumi.Input[str] province: The province
466
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
467
- :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
468
- :param pulumi.Input[str] street_address: The street address
469
- :param pulumi.Input[str] ttl: Time to live
470
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
471
- :param pulumi.Input[bool] use_csr_values: Preserve CSR values
673
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
674
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
675
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
676
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
677
+ :param pulumi.Input[builtins.str] organization: The organization
678
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
679
+ :param pulumi.Input[builtins.str] ou: The organization unit
680
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
681
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
682
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
683
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
684
+ :param pulumi.Input[builtins.str] postal_code: The postal code
685
+ :param pulumi.Input[builtins.str] province: The province
686
+ :param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
687
+ :param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
688
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
689
+ :param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
690
+ :param pulumi.Input[builtins.str] street_address: The street address
691
+ :param pulumi.Input[builtins.str] ttl: Time to live
692
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
693
+ :param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
694
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
472
695
  """
473
696
  if alt_names is not None:
474
697
  pulumi.set(__self__, "alt_names", alt_names)
@@ -488,6 +711,14 @@ class _SecretBackendRootSignIntermediateState:
488
711
  pulumi.set(__self__, "csr", csr)
489
712
  if exclude_cn_from_sans is not None:
490
713
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
714
+ if excluded_dns_domains is not None:
715
+ pulumi.set(__self__, "excluded_dns_domains", excluded_dns_domains)
716
+ if excluded_email_addresses is not None:
717
+ pulumi.set(__self__, "excluded_email_addresses", excluded_email_addresses)
718
+ if excluded_ip_ranges is not None:
719
+ pulumi.set(__self__, "excluded_ip_ranges", excluded_ip_ranges)
720
+ if excluded_uri_domains is not None:
721
+ pulumi.set(__self__, "excluded_uri_domains", excluded_uri_domains)
491
722
  if format is not None:
492
723
  pulumi.set(__self__, "format", format)
493
724
  if ip_sans is not None:
@@ -502,6 +733,10 @@ class _SecretBackendRootSignIntermediateState:
502
733
  pulumi.set(__self__, "max_path_length", max_path_length)
503
734
  if namespace is not None:
504
735
  pulumi.set(__self__, "namespace", namespace)
736
+ if not_after is not None:
737
+ pulumi.set(__self__, "not_after", not_after)
738
+ if not_before_duration is not None:
739
+ pulumi.set(__self__, "not_before_duration", not_before_duration)
505
740
  if organization is not None:
506
741
  pulumi.set(__self__, "organization", organization)
507
742
  if other_sans is not None:
@@ -510,6 +745,12 @@ class _SecretBackendRootSignIntermediateState:
510
745
  pulumi.set(__self__, "ou", ou)
511
746
  if permitted_dns_domains is not None:
512
747
  pulumi.set(__self__, "permitted_dns_domains", permitted_dns_domains)
748
+ if permitted_email_addresses is not None:
749
+ pulumi.set(__self__, "permitted_email_addresses", permitted_email_addresses)
750
+ if permitted_ip_ranges is not None:
751
+ pulumi.set(__self__, "permitted_ip_ranges", permitted_ip_ranges)
752
+ if permitted_uri_domains is not None:
753
+ pulumi.set(__self__, "permitted_uri_domains", permitted_uri_domains)
513
754
  if postal_code is not None:
514
755
  pulumi.set(__self__, "postal_code", postal_code)
515
756
  if province is not None:
@@ -518,6 +759,10 @@ class _SecretBackendRootSignIntermediateState:
518
759
  pulumi.set(__self__, "revoke", revoke)
519
760
  if serial_number is not None:
520
761
  pulumi.set(__self__, "serial_number", serial_number)
762
+ if signature_bits is not None:
763
+ pulumi.set(__self__, "signature_bits", signature_bits)
764
+ if skid is not None:
765
+ pulumi.set(__self__, "skid", skid)
521
766
  if street_address is not None:
522
767
  pulumi.set(__self__, "street_address", street_address)
523
768
  if ttl is not None:
@@ -526,58 +771,60 @@ class _SecretBackendRootSignIntermediateState:
526
771
  pulumi.set(__self__, "uri_sans", uri_sans)
527
772
  if use_csr_values is not None:
528
773
  pulumi.set(__self__, "use_csr_values", use_csr_values)
774
+ if use_pss is not None:
775
+ pulumi.set(__self__, "use_pss", use_pss)
529
776
 
530
777
  @property
531
778
  @pulumi.getter(name="altNames")
532
- def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
779
+ def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
533
780
  """
534
781
  List of alternative names
535
782
  """
536
783
  return pulumi.get(self, "alt_names")
537
784
 
538
785
  @alt_names.setter
539
- def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
786
+ def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
540
787
  pulumi.set(self, "alt_names", value)
541
788
 
542
789
  @property
543
790
  @pulumi.getter
544
- def backend(self) -> Optional[pulumi.Input[str]]:
791
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
545
792
  """
546
793
  The PKI secret backend the resource belongs to.
547
794
  """
548
795
  return pulumi.get(self, "backend")
549
796
 
550
797
  @backend.setter
551
- def backend(self, value: Optional[pulumi.Input[str]]):
798
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
552
799
  pulumi.set(self, "backend", value)
553
800
 
554
801
  @property
555
802
  @pulumi.getter(name="caChains")
556
- def ca_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
803
+ def ca_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
557
804
  """
558
805
  A list of the issuing and intermediate CA certificates in the `format` specified.
559
806
  """
560
807
  return pulumi.get(self, "ca_chains")
561
808
 
562
809
  @ca_chains.setter
563
- def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
810
+ def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
564
811
  pulumi.set(self, "ca_chains", value)
565
812
 
566
813
  @property
567
814
  @pulumi.getter
568
- def certificate(self) -> Optional[pulumi.Input[str]]:
815
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
569
816
  """
570
817
  The intermediate CA certificate in the `format` specified.
571
818
  """
572
819
  return pulumi.get(self, "certificate")
573
820
 
574
821
  @certificate.setter
575
- def certificate(self, value: Optional[pulumi.Input[str]]):
822
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
576
823
  pulumi.set(self, "certificate", value)
577
824
 
578
825
  @property
579
826
  @pulumi.getter(name="certificateBundle")
580
- def certificate_bundle(self) -> Optional[pulumi.Input[str]]:
827
+ def certificate_bundle(self) -> Optional[pulumi.Input[builtins.str]]:
581
828
  """
582
829
  The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
583
830
  Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
@@ -585,84 +832,132 @@ class _SecretBackendRootSignIntermediateState:
585
832
  return pulumi.get(self, "certificate_bundle")
586
833
 
587
834
  @certificate_bundle.setter
588
- def certificate_bundle(self, value: Optional[pulumi.Input[str]]):
835
+ def certificate_bundle(self, value: Optional[pulumi.Input[builtins.str]]):
589
836
  pulumi.set(self, "certificate_bundle", value)
590
837
 
591
838
  @property
592
839
  @pulumi.getter(name="commonName")
593
- def common_name(self) -> Optional[pulumi.Input[str]]:
840
+ def common_name(self) -> Optional[pulumi.Input[builtins.str]]:
594
841
  """
595
842
  CN of intermediate to create
596
843
  """
597
844
  return pulumi.get(self, "common_name")
598
845
 
599
846
  @common_name.setter
600
- def common_name(self, value: Optional[pulumi.Input[str]]):
847
+ def common_name(self, value: Optional[pulumi.Input[builtins.str]]):
601
848
  pulumi.set(self, "common_name", value)
602
849
 
603
850
  @property
604
851
  @pulumi.getter
605
- def country(self) -> Optional[pulumi.Input[str]]:
852
+ def country(self) -> Optional[pulumi.Input[builtins.str]]:
606
853
  """
607
854
  The country
608
855
  """
609
856
  return pulumi.get(self, "country")
610
857
 
611
858
  @country.setter
612
- def country(self, value: Optional[pulumi.Input[str]]):
859
+ def country(self, value: Optional[pulumi.Input[builtins.str]]):
613
860
  pulumi.set(self, "country", value)
614
861
 
615
862
  @property
616
863
  @pulumi.getter
617
- def csr(self) -> Optional[pulumi.Input[str]]:
864
+ def csr(self) -> Optional[pulumi.Input[builtins.str]]:
618
865
  """
619
866
  The CSR
620
867
  """
621
868
  return pulumi.get(self, "csr")
622
869
 
623
870
  @csr.setter
624
- def csr(self, value: Optional[pulumi.Input[str]]):
871
+ def csr(self, value: Optional[pulumi.Input[builtins.str]]):
625
872
  pulumi.set(self, "csr", value)
626
873
 
627
874
  @property
628
875
  @pulumi.getter(name="excludeCnFromSans")
629
- def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
876
+ def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
630
877
  """
631
878
  Flag to exclude CN from SANs
632
879
  """
633
880
  return pulumi.get(self, "exclude_cn_from_sans")
634
881
 
635
882
  @exclude_cn_from_sans.setter
636
- def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
883
+ def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
637
884
  pulumi.set(self, "exclude_cn_from_sans", value)
638
885
 
886
+ @property
887
+ @pulumi.getter(name="excludedDnsDomains")
888
+ def excluded_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
889
+ """
890
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
891
+ """
892
+ return pulumi.get(self, "excluded_dns_domains")
893
+
894
+ @excluded_dns_domains.setter
895
+ def excluded_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
896
+ pulumi.set(self, "excluded_dns_domains", value)
897
+
898
+ @property
899
+ @pulumi.getter(name="excludedEmailAddresses")
900
+ def excluded_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
901
+ """
902
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
903
+ """
904
+ return pulumi.get(self, "excluded_email_addresses")
905
+
906
+ @excluded_email_addresses.setter
907
+ def excluded_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
908
+ pulumi.set(self, "excluded_email_addresses", value)
909
+
910
+ @property
911
+ @pulumi.getter(name="excludedIpRanges")
912
+ def excluded_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
913
+ """
914
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
915
+ """
916
+ return pulumi.get(self, "excluded_ip_ranges")
917
+
918
+ @excluded_ip_ranges.setter
919
+ def excluded_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
920
+ pulumi.set(self, "excluded_ip_ranges", value)
921
+
922
+ @property
923
+ @pulumi.getter(name="excludedUriDomains")
924
+ def excluded_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
925
+ """
926
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
927
+ """
928
+ return pulumi.get(self, "excluded_uri_domains")
929
+
930
+ @excluded_uri_domains.setter
931
+ def excluded_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
932
+ pulumi.set(self, "excluded_uri_domains", value)
933
+
639
934
  @property
640
935
  @pulumi.getter
641
- def format(self) -> Optional[pulumi.Input[str]]:
936
+ def format(self) -> Optional[pulumi.Input[builtins.str]]:
642
937
  """
643
938
  The format of data
644
939
  """
645
940
  return pulumi.get(self, "format")
646
941
 
647
942
  @format.setter
648
- def format(self, value: Optional[pulumi.Input[str]]):
943
+ def format(self, value: Optional[pulumi.Input[builtins.str]]):
649
944
  pulumi.set(self, "format", value)
650
945
 
651
946
  @property
652
947
  @pulumi.getter(name="ipSans")
653
- def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
948
+ def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
654
949
  """
655
950
  List of alternative IPs
656
951
  """
657
952
  return pulumi.get(self, "ip_sans")
658
953
 
659
954
  @ip_sans.setter
660
- def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
955
+ def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
661
956
  pulumi.set(self, "ip_sans", value)
662
957
 
663
958
  @property
664
959
  @pulumi.getter(name="issuerRef")
665
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
960
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
666
961
  """
667
962
  Specifies the default issuer of this request. May
668
963
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -672,48 +967,48 @@ class _SecretBackendRootSignIntermediateState:
672
967
  return pulumi.get(self, "issuer_ref")
673
968
 
674
969
  @issuer_ref.setter
675
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
970
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
676
971
  pulumi.set(self, "issuer_ref", value)
677
972
 
678
973
  @property
679
974
  @pulumi.getter(name="issuingCa")
680
- def issuing_ca(self) -> Optional[pulumi.Input[str]]:
975
+ def issuing_ca(self) -> Optional[pulumi.Input[builtins.str]]:
681
976
  """
682
977
  The issuing CA certificate in the `format` specified.
683
978
  """
684
979
  return pulumi.get(self, "issuing_ca")
685
980
 
686
981
  @issuing_ca.setter
687
- def issuing_ca(self, value: Optional[pulumi.Input[str]]):
982
+ def issuing_ca(self, value: Optional[pulumi.Input[builtins.str]]):
688
983
  pulumi.set(self, "issuing_ca", value)
689
984
 
690
985
  @property
691
986
  @pulumi.getter
692
- def locality(self) -> Optional[pulumi.Input[str]]:
987
+ def locality(self) -> Optional[pulumi.Input[builtins.str]]:
693
988
  """
694
989
  The locality
695
990
  """
696
991
  return pulumi.get(self, "locality")
697
992
 
698
993
  @locality.setter
699
- def locality(self, value: Optional[pulumi.Input[str]]):
994
+ def locality(self, value: Optional[pulumi.Input[builtins.str]]):
700
995
  pulumi.set(self, "locality", value)
701
996
 
702
997
  @property
703
998
  @pulumi.getter(name="maxPathLength")
704
- def max_path_length(self) -> Optional[pulumi.Input[int]]:
999
+ def max_path_length(self) -> Optional[pulumi.Input[builtins.int]]:
705
1000
  """
706
1001
  The maximum path length to encode in the generated certificate
707
1002
  """
708
1003
  return pulumi.get(self, "max_path_length")
709
1004
 
710
1005
  @max_path_length.setter
711
- def max_path_length(self, value: Optional[pulumi.Input[int]]):
1006
+ def max_path_length(self, value: Optional[pulumi.Input[builtins.int]]):
712
1007
  pulumi.set(self, "max_path_length", value)
713
1008
 
714
1009
  @property
715
1010
  @pulumi.getter
716
- def namespace(self) -> Optional[pulumi.Input[str]]:
1011
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
717
1012
  """
718
1013
  The namespace to provision the resource in.
719
1014
  The value should not contain leading or trailing forward slashes.
@@ -723,182 +1018,292 @@ class _SecretBackendRootSignIntermediateState:
723
1018
  return pulumi.get(self, "namespace")
724
1019
 
725
1020
  @namespace.setter
726
- def namespace(self, value: Optional[pulumi.Input[str]]):
1021
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
727
1022
  pulumi.set(self, "namespace", value)
728
1023
 
1024
+ @property
1025
+ @pulumi.getter(name="notAfter")
1026
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
1027
+ """
1028
+ Set the Not After field of the certificate with specified date value.
1029
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1030
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1031
+ """
1032
+ return pulumi.get(self, "not_after")
1033
+
1034
+ @not_after.setter
1035
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
1036
+ pulumi.set(self, "not_after", value)
1037
+
1038
+ @property
1039
+ @pulumi.getter(name="notBeforeDuration")
1040
+ def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
1041
+ """
1042
+ Specifies the duration by which to backdate the NotBefore property.
1043
+ """
1044
+ return pulumi.get(self, "not_before_duration")
1045
+
1046
+ @not_before_duration.setter
1047
+ def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
1048
+ pulumi.set(self, "not_before_duration", value)
1049
+
729
1050
  @property
730
1051
  @pulumi.getter
731
- def organization(self) -> Optional[pulumi.Input[str]]:
1052
+ def organization(self) -> Optional[pulumi.Input[builtins.str]]:
732
1053
  """
733
1054
  The organization
734
1055
  """
735
1056
  return pulumi.get(self, "organization")
736
1057
 
737
1058
  @organization.setter
738
- def organization(self, value: Optional[pulumi.Input[str]]):
1059
+ def organization(self, value: Optional[pulumi.Input[builtins.str]]):
739
1060
  pulumi.set(self, "organization", value)
740
1061
 
741
1062
  @property
742
1063
  @pulumi.getter(name="otherSans")
743
- def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1064
+ def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
744
1065
  """
745
1066
  List of other SANs
746
1067
  """
747
1068
  return pulumi.get(self, "other_sans")
748
1069
 
749
1070
  @other_sans.setter
750
- def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1071
+ def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
751
1072
  pulumi.set(self, "other_sans", value)
752
1073
 
753
1074
  @property
754
1075
  @pulumi.getter
755
- def ou(self) -> Optional[pulumi.Input[str]]:
1076
+ def ou(self) -> Optional[pulumi.Input[builtins.str]]:
756
1077
  """
757
1078
  The organization unit
758
1079
  """
759
1080
  return pulumi.get(self, "ou")
760
1081
 
761
1082
  @ou.setter
762
- def ou(self, value: Optional[pulumi.Input[str]]):
1083
+ def ou(self, value: Optional[pulumi.Input[builtins.str]]):
763
1084
  pulumi.set(self, "ou", value)
764
1085
 
765
1086
  @property
766
1087
  @pulumi.getter(name="permittedDnsDomains")
767
- def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1088
+ def permitted_dns_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
768
1089
  """
769
1090
  List of domains for which certificates are allowed to be issued
770
1091
  """
771
1092
  return pulumi.get(self, "permitted_dns_domains")
772
1093
 
773
1094
  @permitted_dns_domains.setter
774
- def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1095
+ def permitted_dns_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
775
1096
  pulumi.set(self, "permitted_dns_domains", value)
776
1097
 
1098
+ @property
1099
+ @pulumi.getter(name="permittedEmailAddresses")
1100
+ def permitted_email_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1101
+ """
1102
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1103
+ """
1104
+ return pulumi.get(self, "permitted_email_addresses")
1105
+
1106
+ @permitted_email_addresses.setter
1107
+ def permitted_email_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1108
+ pulumi.set(self, "permitted_email_addresses", value)
1109
+
1110
+ @property
1111
+ @pulumi.getter(name="permittedIpRanges")
1112
+ def permitted_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1113
+ """
1114
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1115
+ """
1116
+ return pulumi.get(self, "permitted_ip_ranges")
1117
+
1118
+ @permitted_ip_ranges.setter
1119
+ def permitted_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1120
+ pulumi.set(self, "permitted_ip_ranges", value)
1121
+
1122
+ @property
1123
+ @pulumi.getter(name="permittedUriDomains")
1124
+ def permitted_uri_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
1125
+ """
1126
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1127
+ """
1128
+ return pulumi.get(self, "permitted_uri_domains")
1129
+
1130
+ @permitted_uri_domains.setter
1131
+ def permitted_uri_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
1132
+ pulumi.set(self, "permitted_uri_domains", value)
1133
+
777
1134
  @property
778
1135
  @pulumi.getter(name="postalCode")
779
- def postal_code(self) -> Optional[pulumi.Input[str]]:
1136
+ def postal_code(self) -> Optional[pulumi.Input[builtins.str]]:
780
1137
  """
781
1138
  The postal code
782
1139
  """
783
1140
  return pulumi.get(self, "postal_code")
784
1141
 
785
1142
  @postal_code.setter
786
- def postal_code(self, value: Optional[pulumi.Input[str]]):
1143
+ def postal_code(self, value: Optional[pulumi.Input[builtins.str]]):
787
1144
  pulumi.set(self, "postal_code", value)
788
1145
 
789
1146
  @property
790
1147
  @pulumi.getter
791
- def province(self) -> Optional[pulumi.Input[str]]:
1148
+ def province(self) -> Optional[pulumi.Input[builtins.str]]:
792
1149
  """
793
1150
  The province
794
1151
  """
795
1152
  return pulumi.get(self, "province")
796
1153
 
797
1154
  @province.setter
798
- def province(self, value: Optional[pulumi.Input[str]]):
1155
+ def province(self, value: Optional[pulumi.Input[builtins.str]]):
799
1156
  pulumi.set(self, "province", value)
800
1157
 
801
1158
  @property
802
1159
  @pulumi.getter
803
- def revoke(self) -> Optional[pulumi.Input[bool]]:
1160
+ def revoke(self) -> Optional[pulumi.Input[builtins.bool]]:
804
1161
  """
805
1162
  If set to `true`, the certificate will be revoked on resource destruction.
806
1163
  """
807
1164
  return pulumi.get(self, "revoke")
808
1165
 
809
1166
  @revoke.setter
810
- def revoke(self, value: Optional[pulumi.Input[bool]]):
1167
+ def revoke(self, value: Optional[pulumi.Input[builtins.bool]]):
811
1168
  pulumi.set(self, "revoke", value)
812
1169
 
813
1170
  @property
814
1171
  @pulumi.getter(name="serialNumber")
815
- def serial_number(self) -> Optional[pulumi.Input[str]]:
1172
+ def serial_number(self) -> Optional[pulumi.Input[builtins.str]]:
816
1173
  """
817
1174
  The certificate's serial number, hex formatted.
818
1175
  """
819
1176
  return pulumi.get(self, "serial_number")
820
1177
 
821
1178
  @serial_number.setter
822
- def serial_number(self, value: Optional[pulumi.Input[str]]):
1179
+ def serial_number(self, value: Optional[pulumi.Input[builtins.str]]):
823
1180
  pulumi.set(self, "serial_number", value)
824
1181
 
1182
+ @property
1183
+ @pulumi.getter(name="signatureBits")
1184
+ def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
1185
+ """
1186
+ The number of bits to use in the signature algorithm
1187
+ """
1188
+ return pulumi.get(self, "signature_bits")
1189
+
1190
+ @signature_bits.setter
1191
+ def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
1192
+ pulumi.set(self, "signature_bits", value)
1193
+
1194
+ @property
1195
+ @pulumi.getter
1196
+ def skid(self) -> Optional[pulumi.Input[builtins.str]]:
1197
+ """
1198
+ Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1199
+ """
1200
+ return pulumi.get(self, "skid")
1201
+
1202
+ @skid.setter
1203
+ def skid(self, value: Optional[pulumi.Input[builtins.str]]):
1204
+ pulumi.set(self, "skid", value)
1205
+
825
1206
  @property
826
1207
  @pulumi.getter(name="streetAddress")
827
- def street_address(self) -> Optional[pulumi.Input[str]]:
1208
+ def street_address(self) -> Optional[pulumi.Input[builtins.str]]:
828
1209
  """
829
1210
  The street address
830
1211
  """
831
1212
  return pulumi.get(self, "street_address")
832
1213
 
833
1214
  @street_address.setter
834
- def street_address(self, value: Optional[pulumi.Input[str]]):
1215
+ def street_address(self, value: Optional[pulumi.Input[builtins.str]]):
835
1216
  pulumi.set(self, "street_address", value)
836
1217
 
837
1218
  @property
838
1219
  @pulumi.getter
839
- def ttl(self) -> Optional[pulumi.Input[str]]:
1220
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
840
1221
  """
841
1222
  Time to live
842
1223
  """
843
1224
  return pulumi.get(self, "ttl")
844
1225
 
845
1226
  @ttl.setter
846
- def ttl(self, value: Optional[pulumi.Input[str]]):
1227
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
847
1228
  pulumi.set(self, "ttl", value)
848
1229
 
849
1230
  @property
850
1231
  @pulumi.getter(name="uriSans")
851
- def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
1232
+ def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
852
1233
  """
853
1234
  List of alternative URIs
854
1235
  """
855
1236
  return pulumi.get(self, "uri_sans")
856
1237
 
857
1238
  @uri_sans.setter
858
- def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
1239
+ def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
859
1240
  pulumi.set(self, "uri_sans", value)
860
1241
 
861
1242
  @property
862
1243
  @pulumi.getter(name="useCsrValues")
863
- def use_csr_values(self) -> Optional[pulumi.Input[bool]]:
1244
+ def use_csr_values(self) -> Optional[pulumi.Input[builtins.bool]]:
864
1245
  """
865
1246
  Preserve CSR values
866
1247
  """
867
1248
  return pulumi.get(self, "use_csr_values")
868
1249
 
869
1250
  @use_csr_values.setter
870
- def use_csr_values(self, value: Optional[pulumi.Input[bool]]):
1251
+ def use_csr_values(self, value: Optional[pulumi.Input[builtins.bool]]):
871
1252
  pulumi.set(self, "use_csr_values", value)
872
1253
 
1254
+ @property
1255
+ @pulumi.getter(name="usePss")
1256
+ def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
1257
+ """
1258
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
1259
+ """
1260
+ return pulumi.get(self, "use_pss")
1261
+
1262
+ @use_pss.setter
1263
+ def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
1264
+ pulumi.set(self, "use_pss", value)
1265
+
873
1266
 
874
1267
  class SecretBackendRootSignIntermediate(pulumi.CustomResource):
875
1268
  @overload
876
1269
  def __init__(__self__,
877
1270
  resource_name: str,
878
1271
  opts: Optional[pulumi.ResourceOptions] = None,
879
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
880
- backend: Optional[pulumi.Input[str]] = None,
881
- common_name: Optional[pulumi.Input[str]] = None,
882
- country: Optional[pulumi.Input[str]] = None,
883
- csr: Optional[pulumi.Input[str]] = None,
884
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
885
- format: Optional[pulumi.Input[str]] = None,
886
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
887
- issuer_ref: Optional[pulumi.Input[str]] = None,
888
- locality: Optional[pulumi.Input[str]] = None,
889
- max_path_length: Optional[pulumi.Input[int]] = None,
890
- namespace: Optional[pulumi.Input[str]] = None,
891
- organization: Optional[pulumi.Input[str]] = None,
892
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
893
- ou: Optional[pulumi.Input[str]] = None,
894
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
895
- postal_code: Optional[pulumi.Input[str]] = None,
896
- province: Optional[pulumi.Input[str]] = None,
897
- revoke: Optional[pulumi.Input[bool]] = None,
898
- street_address: Optional[pulumi.Input[str]] = None,
899
- ttl: Optional[pulumi.Input[str]] = None,
900
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
901
- use_csr_values: Optional[pulumi.Input[bool]] = None,
1272
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1273
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1274
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
1275
+ country: Optional[pulumi.Input[builtins.str]] = None,
1276
+ csr: Optional[pulumi.Input[builtins.str]] = None,
1277
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
1278
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1279
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1280
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1281
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1282
+ format: Optional[pulumi.Input[builtins.str]] = None,
1283
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1284
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
1285
+ locality: Optional[pulumi.Input[builtins.str]] = None,
1286
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
1287
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1288
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1289
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
1290
+ organization: Optional[pulumi.Input[builtins.str]] = None,
1291
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1292
+ ou: Optional[pulumi.Input[builtins.str]] = None,
1293
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1294
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1295
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1296
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1297
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
1298
+ province: Optional[pulumi.Input[builtins.str]] = None,
1299
+ revoke: Optional[pulumi.Input[builtins.bool]] = None,
1300
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1301
+ skid: Optional[pulumi.Input[builtins.str]] = None,
1302
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
1303
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1304
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1305
+ use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
1306
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None,
902
1307
  __props__=None):
903
1308
  """
904
1309
  Creates PKI certificate.
@@ -921,35 +1326,49 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
921
1326
 
922
1327
  :param str resource_name: The name of the resource.
923
1328
  :param pulumi.ResourceOptions opts: Options for the resource.
924
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
925
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
926
- :param pulumi.Input[str] common_name: CN of intermediate to create
927
- :param pulumi.Input[str] country: The country
928
- :param pulumi.Input[str] csr: The CSR
929
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
930
- :param pulumi.Input[str] format: The format of data
931
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
932
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
1329
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
1330
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
1331
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
1332
+ :param pulumi.Input[builtins.str] country: The country
1333
+ :param pulumi.Input[builtins.str] csr: The CSR
1334
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1335
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1336
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1337
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1338
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1339
+ :param pulumi.Input[builtins.str] format: The format of data
1340
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
1341
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
933
1342
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
934
1343
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
935
1344
  overriding the role's `issuer_ref` value.
936
- :param pulumi.Input[str] locality: The locality
937
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
938
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1345
+ :param pulumi.Input[builtins.str] locality: The locality
1346
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
1347
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
939
1348
  The value should not contain leading or trailing forward slashes.
940
1349
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
941
1350
  *Available only for Vault Enterprise*.
942
- :param pulumi.Input[str] organization: The organization
943
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
944
- :param pulumi.Input[str] ou: The organization unit
945
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
946
- :param pulumi.Input[str] postal_code: The postal code
947
- :param pulumi.Input[str] province: The province
948
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
949
- :param pulumi.Input[str] street_address: The street address
950
- :param pulumi.Input[str] ttl: Time to live
951
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
952
- :param pulumi.Input[bool] use_csr_values: Preserve CSR values
1351
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
1352
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1353
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1354
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1355
+ :param pulumi.Input[builtins.str] organization: The organization
1356
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
1357
+ :param pulumi.Input[builtins.str] ou: The organization unit
1358
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1359
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1360
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1361
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1362
+ :param pulumi.Input[builtins.str] postal_code: The postal code
1363
+ :param pulumi.Input[builtins.str] province: The province
1364
+ :param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
1365
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
1366
+ :param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1367
+ :param pulumi.Input[builtins.str] street_address: The street address
1368
+ :param pulumi.Input[builtins.str] ttl: Time to live
1369
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
1370
+ :param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
1371
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
953
1372
  """
954
1373
  ...
955
1374
  @overload
@@ -991,29 +1410,41 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
991
1410
  def _internal_init(__self__,
992
1411
  resource_name: str,
993
1412
  opts: Optional[pulumi.ResourceOptions] = None,
994
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
995
- backend: Optional[pulumi.Input[str]] = None,
996
- common_name: Optional[pulumi.Input[str]] = None,
997
- country: Optional[pulumi.Input[str]] = None,
998
- csr: Optional[pulumi.Input[str]] = None,
999
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1000
- format: Optional[pulumi.Input[str]] = None,
1001
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1002
- issuer_ref: Optional[pulumi.Input[str]] = None,
1003
- locality: Optional[pulumi.Input[str]] = None,
1004
- max_path_length: Optional[pulumi.Input[int]] = None,
1005
- namespace: Optional[pulumi.Input[str]] = None,
1006
- organization: Optional[pulumi.Input[str]] = None,
1007
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1008
- ou: Optional[pulumi.Input[str]] = None,
1009
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1010
- postal_code: Optional[pulumi.Input[str]] = None,
1011
- province: Optional[pulumi.Input[str]] = None,
1012
- revoke: Optional[pulumi.Input[bool]] = None,
1013
- street_address: Optional[pulumi.Input[str]] = None,
1014
- ttl: Optional[pulumi.Input[str]] = None,
1015
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1016
- use_csr_values: Optional[pulumi.Input[bool]] = None,
1413
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1414
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1415
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
1416
+ country: Optional[pulumi.Input[builtins.str]] = None,
1417
+ csr: Optional[pulumi.Input[builtins.str]] = None,
1418
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
1419
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1420
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1421
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1422
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1423
+ format: Optional[pulumi.Input[builtins.str]] = None,
1424
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1425
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
1426
+ locality: Optional[pulumi.Input[builtins.str]] = None,
1427
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
1428
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1429
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1430
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
1431
+ organization: Optional[pulumi.Input[builtins.str]] = None,
1432
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1433
+ ou: Optional[pulumi.Input[builtins.str]] = None,
1434
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1435
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1436
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1437
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1438
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
1439
+ province: Optional[pulumi.Input[builtins.str]] = None,
1440
+ revoke: Optional[pulumi.Input[builtins.bool]] = None,
1441
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1442
+ skid: Optional[pulumi.Input[builtins.str]] = None,
1443
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
1444
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1445
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1446
+ use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
1447
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None,
1017
1448
  __props__=None):
1018
1449
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1019
1450
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1035,23 +1466,35 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1035
1466
  raise TypeError("Missing required property 'csr'")
1036
1467
  __props__.__dict__["csr"] = csr
1037
1468
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1469
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1470
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1471
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1472
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1038
1473
  __props__.__dict__["format"] = format
1039
1474
  __props__.__dict__["ip_sans"] = ip_sans
1040
1475
  __props__.__dict__["issuer_ref"] = issuer_ref
1041
1476
  __props__.__dict__["locality"] = locality
1042
1477
  __props__.__dict__["max_path_length"] = max_path_length
1043
1478
  __props__.__dict__["namespace"] = namespace
1479
+ __props__.__dict__["not_after"] = not_after
1480
+ __props__.__dict__["not_before_duration"] = not_before_duration
1044
1481
  __props__.__dict__["organization"] = organization
1045
1482
  __props__.__dict__["other_sans"] = other_sans
1046
1483
  __props__.__dict__["ou"] = ou
1047
1484
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1485
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1486
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1487
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1048
1488
  __props__.__dict__["postal_code"] = postal_code
1049
1489
  __props__.__dict__["province"] = province
1050
1490
  __props__.__dict__["revoke"] = revoke
1491
+ __props__.__dict__["signature_bits"] = signature_bits
1492
+ __props__.__dict__["skid"] = skid
1051
1493
  __props__.__dict__["street_address"] = street_address
1052
1494
  __props__.__dict__["ttl"] = ttl
1053
1495
  __props__.__dict__["uri_sans"] = uri_sans
1054
1496
  __props__.__dict__["use_csr_values"] = use_csr_values
1497
+ __props__.__dict__["use_pss"] = use_pss
1055
1498
  __props__.__dict__["ca_chains"] = None
1056
1499
  __props__.__dict__["certificate"] = None
1057
1500
  __props__.__dict__["certificate_bundle"] = None
@@ -1067,34 +1510,46 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1067
1510
  def get(resource_name: str,
1068
1511
  id: pulumi.Input[str],
1069
1512
  opts: Optional[pulumi.ResourceOptions] = None,
1070
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1071
- backend: Optional[pulumi.Input[str]] = None,
1072
- ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1073
- certificate: Optional[pulumi.Input[str]] = None,
1074
- certificate_bundle: Optional[pulumi.Input[str]] = None,
1075
- common_name: Optional[pulumi.Input[str]] = None,
1076
- country: Optional[pulumi.Input[str]] = None,
1077
- csr: Optional[pulumi.Input[str]] = None,
1078
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
1079
- format: Optional[pulumi.Input[str]] = None,
1080
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1081
- issuer_ref: Optional[pulumi.Input[str]] = None,
1082
- issuing_ca: Optional[pulumi.Input[str]] = None,
1083
- locality: Optional[pulumi.Input[str]] = None,
1084
- max_path_length: Optional[pulumi.Input[int]] = None,
1085
- namespace: Optional[pulumi.Input[str]] = None,
1086
- organization: Optional[pulumi.Input[str]] = None,
1087
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1088
- ou: Optional[pulumi.Input[str]] = None,
1089
- permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1090
- postal_code: Optional[pulumi.Input[str]] = None,
1091
- province: Optional[pulumi.Input[str]] = None,
1092
- revoke: Optional[pulumi.Input[bool]] = None,
1093
- serial_number: Optional[pulumi.Input[str]] = None,
1094
- street_address: Optional[pulumi.Input[str]] = None,
1095
- ttl: Optional[pulumi.Input[str]] = None,
1096
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1097
- use_csr_values: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRootSignIntermediate':
1513
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1514
+ backend: Optional[pulumi.Input[builtins.str]] = None,
1515
+ ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1516
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
1517
+ certificate_bundle: Optional[pulumi.Input[builtins.str]] = None,
1518
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
1519
+ country: Optional[pulumi.Input[builtins.str]] = None,
1520
+ csr: Optional[pulumi.Input[builtins.str]] = None,
1521
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
1522
+ excluded_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1523
+ excluded_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1524
+ excluded_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1525
+ excluded_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1526
+ format: Optional[pulumi.Input[builtins.str]] = None,
1527
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1528
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
1529
+ issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
1530
+ locality: Optional[pulumi.Input[builtins.str]] = None,
1531
+ max_path_length: Optional[pulumi.Input[builtins.int]] = None,
1532
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
1533
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
1534
+ not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
1535
+ organization: Optional[pulumi.Input[builtins.str]] = None,
1536
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1537
+ ou: Optional[pulumi.Input[builtins.str]] = None,
1538
+ permitted_dns_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1539
+ permitted_email_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1540
+ permitted_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1541
+ permitted_uri_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1542
+ postal_code: Optional[pulumi.Input[builtins.str]] = None,
1543
+ province: Optional[pulumi.Input[builtins.str]] = None,
1544
+ revoke: Optional[pulumi.Input[builtins.bool]] = None,
1545
+ serial_number: Optional[pulumi.Input[builtins.str]] = None,
1546
+ signature_bits: Optional[pulumi.Input[builtins.int]] = None,
1547
+ skid: Optional[pulumi.Input[builtins.str]] = None,
1548
+ street_address: Optional[pulumi.Input[builtins.str]] = None,
1549
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
1550
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
1551
+ use_csr_values: Optional[pulumi.Input[builtins.bool]] = None,
1552
+ use_pss: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendRootSignIntermediate':
1098
1553
  """
1099
1554
  Get an existing SecretBackendRootSignIntermediate resource's state with the given name, id, and optional extra
1100
1555
  properties used to qualify the lookup.
@@ -1102,41 +1557,55 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1102
1557
  :param str resource_name: The unique name of the resulting resource.
1103
1558
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1104
1559
  :param pulumi.ResourceOptions opts: Options for the resource.
1105
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
1106
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
1107
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
1108
- :param pulumi.Input[str] certificate: The intermediate CA certificate in the `format` specified.
1109
- :param pulumi.Input[str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
1560
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
1561
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
1562
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ca_chains: A list of the issuing and intermediate CA certificates in the `format` specified.
1563
+ :param pulumi.Input[builtins.str] certificate: The intermediate CA certificate in the `format` specified.
1564
+ :param pulumi.Input[builtins.str] certificate_bundle: The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
1110
1565
  Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
1111
- :param pulumi.Input[str] common_name: CN of intermediate to create
1112
- :param pulumi.Input[str] country: The country
1113
- :param pulumi.Input[str] csr: The CSR
1114
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1115
- :param pulumi.Input[str] format: The format of data
1116
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
1117
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
1566
+ :param pulumi.Input[builtins.str] common_name: CN of intermediate to create
1567
+ :param pulumi.Input[builtins.str] country: The country
1568
+ :param pulumi.Input[builtins.str] csr: The CSR
1569
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
1570
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_dns_domains: List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1571
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_email_addresses: List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1572
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_ip_ranges: List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1573
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] excluded_uri_domains: List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1574
+ :param pulumi.Input[builtins.str] format: The format of data
1575
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
1576
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
1118
1577
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
1119
1578
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
1120
1579
  overriding the role's `issuer_ref` value.
1121
- :param pulumi.Input[str] issuing_ca: The issuing CA certificate in the `format` specified.
1122
- :param pulumi.Input[str] locality: The locality
1123
- :param pulumi.Input[int] max_path_length: The maximum path length to encode in the generated certificate
1124
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
1580
+ :param pulumi.Input[builtins.str] issuing_ca: The issuing CA certificate in the `format` specified.
1581
+ :param pulumi.Input[builtins.str] locality: The locality
1582
+ :param pulumi.Input[builtins.int] max_path_length: The maximum path length to encode in the generated certificate
1583
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
1125
1584
  The value should not contain leading or trailing forward slashes.
1126
1585
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1127
1586
  *Available only for Vault Enterprise*.
1128
- :param pulumi.Input[str] organization: The organization
1129
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
1130
- :param pulumi.Input[str] ou: The organization unit
1131
- :param pulumi.Input[Sequence[pulumi.Input[str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1132
- :param pulumi.Input[str] postal_code: The postal code
1133
- :param pulumi.Input[str] province: The province
1134
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
1135
- :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
1136
- :param pulumi.Input[str] street_address: The street address
1137
- :param pulumi.Input[str] ttl: Time to live
1138
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
1139
- :param pulumi.Input[bool] use_csr_values: Preserve CSR values
1587
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value.
1588
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1589
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1590
+ :param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1591
+ :param pulumi.Input[builtins.str] organization: The organization
1592
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
1593
+ :param pulumi.Input[builtins.str] ou: The organization unit
1594
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_dns_domains: List of domains for which certificates are allowed to be issued
1595
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_email_addresses: List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1596
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_ip_ranges: List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1597
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] permitted_uri_domains: List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1598
+ :param pulumi.Input[builtins.str] postal_code: The postal code
1599
+ :param pulumi.Input[builtins.str] province: The province
1600
+ :param pulumi.Input[builtins.bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
1601
+ :param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
1602
+ :param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
1603
+ :param pulumi.Input[builtins.str] skid: Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1604
+ :param pulumi.Input[builtins.str] street_address: The street address
1605
+ :param pulumi.Input[builtins.str] ttl: Time to live
1606
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
1607
+ :param pulumi.Input[builtins.bool] use_csr_values: Preserve CSR values
1608
+ :param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
1140
1609
  """
1141
1610
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1142
1611
 
@@ -1151,6 +1620,10 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1151
1620
  __props__.__dict__["country"] = country
1152
1621
  __props__.__dict__["csr"] = csr
1153
1622
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
1623
+ __props__.__dict__["excluded_dns_domains"] = excluded_dns_domains
1624
+ __props__.__dict__["excluded_email_addresses"] = excluded_email_addresses
1625
+ __props__.__dict__["excluded_ip_ranges"] = excluded_ip_ranges
1626
+ __props__.__dict__["excluded_uri_domains"] = excluded_uri_domains
1154
1627
  __props__.__dict__["format"] = format
1155
1628
  __props__.__dict__["ip_sans"] = ip_sans
1156
1629
  __props__.__dict__["issuer_ref"] = issuer_ref
@@ -1158,23 +1631,31 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1158
1631
  __props__.__dict__["locality"] = locality
1159
1632
  __props__.__dict__["max_path_length"] = max_path_length
1160
1633
  __props__.__dict__["namespace"] = namespace
1634
+ __props__.__dict__["not_after"] = not_after
1635
+ __props__.__dict__["not_before_duration"] = not_before_duration
1161
1636
  __props__.__dict__["organization"] = organization
1162
1637
  __props__.__dict__["other_sans"] = other_sans
1163
1638
  __props__.__dict__["ou"] = ou
1164
1639
  __props__.__dict__["permitted_dns_domains"] = permitted_dns_domains
1640
+ __props__.__dict__["permitted_email_addresses"] = permitted_email_addresses
1641
+ __props__.__dict__["permitted_ip_ranges"] = permitted_ip_ranges
1642
+ __props__.__dict__["permitted_uri_domains"] = permitted_uri_domains
1165
1643
  __props__.__dict__["postal_code"] = postal_code
1166
1644
  __props__.__dict__["province"] = province
1167
1645
  __props__.__dict__["revoke"] = revoke
1168
1646
  __props__.__dict__["serial_number"] = serial_number
1647
+ __props__.__dict__["signature_bits"] = signature_bits
1648
+ __props__.__dict__["skid"] = skid
1169
1649
  __props__.__dict__["street_address"] = street_address
1170
1650
  __props__.__dict__["ttl"] = ttl
1171
1651
  __props__.__dict__["uri_sans"] = uri_sans
1172
1652
  __props__.__dict__["use_csr_values"] = use_csr_values
1653
+ __props__.__dict__["use_pss"] = use_pss
1173
1654
  return SecretBackendRootSignIntermediate(resource_name, opts=opts, __props__=__props__)
1174
1655
 
1175
1656
  @property
1176
1657
  @pulumi.getter(name="altNames")
1177
- def alt_names(self) -> pulumi.Output[Optional[Sequence[str]]]:
1658
+ def alt_names(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1178
1659
  """
1179
1660
  List of alternative names
1180
1661
  """
@@ -1182,7 +1663,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1182
1663
 
1183
1664
  @property
1184
1665
  @pulumi.getter
1185
- def backend(self) -> pulumi.Output[str]:
1666
+ def backend(self) -> pulumi.Output[builtins.str]:
1186
1667
  """
1187
1668
  The PKI secret backend the resource belongs to.
1188
1669
  """
@@ -1190,7 +1671,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1190
1671
 
1191
1672
  @property
1192
1673
  @pulumi.getter(name="caChains")
1193
- def ca_chains(self) -> pulumi.Output[Sequence[str]]:
1674
+ def ca_chains(self) -> pulumi.Output[Sequence[builtins.str]]:
1194
1675
  """
1195
1676
  A list of the issuing and intermediate CA certificates in the `format` specified.
1196
1677
  """
@@ -1198,7 +1679,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1198
1679
 
1199
1680
  @property
1200
1681
  @pulumi.getter
1201
- def certificate(self) -> pulumi.Output[str]:
1682
+ def certificate(self) -> pulumi.Output[builtins.str]:
1202
1683
  """
1203
1684
  The intermediate CA certificate in the `format` specified.
1204
1685
  """
@@ -1206,7 +1687,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1206
1687
 
1207
1688
  @property
1208
1689
  @pulumi.getter(name="certificateBundle")
1209
- def certificate_bundle(self) -> pulumi.Output[str]:
1690
+ def certificate_bundle(self) -> pulumi.Output[builtins.str]:
1210
1691
  """
1211
1692
  The concatenation of the intermediate CA and the issuing CA certificates (PEM encoded).
1212
1693
  Requires the `format` to be set to any of: pem, pem_bundle. The value will be empty for all other formats.
@@ -1215,7 +1696,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1215
1696
 
1216
1697
  @property
1217
1698
  @pulumi.getter(name="commonName")
1218
- def common_name(self) -> pulumi.Output[str]:
1699
+ def common_name(self) -> pulumi.Output[builtins.str]:
1219
1700
  """
1220
1701
  CN of intermediate to create
1221
1702
  """
@@ -1223,7 +1704,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1223
1704
 
1224
1705
  @property
1225
1706
  @pulumi.getter
1226
- def country(self) -> pulumi.Output[Optional[str]]:
1707
+ def country(self) -> pulumi.Output[Optional[builtins.str]]:
1227
1708
  """
1228
1709
  The country
1229
1710
  """
@@ -1231,7 +1712,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1231
1712
 
1232
1713
  @property
1233
1714
  @pulumi.getter
1234
- def csr(self) -> pulumi.Output[str]:
1715
+ def csr(self) -> pulumi.Output[builtins.str]:
1235
1716
  """
1236
1717
  The CSR
1237
1718
  """
@@ -1239,15 +1720,47 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1239
1720
 
1240
1721
  @property
1241
1722
  @pulumi.getter(name="excludeCnFromSans")
1242
- def exclude_cn_from_sans(self) -> pulumi.Output[Optional[bool]]:
1723
+ def exclude_cn_from_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
1243
1724
  """
1244
1725
  Flag to exclude CN from SANs
1245
1726
  """
1246
1727
  return pulumi.get(self, "exclude_cn_from_sans")
1247
1728
 
1729
+ @property
1730
+ @pulumi.getter(name="excludedDnsDomains")
1731
+ def excluded_dns_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1732
+ """
1733
+ List of domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1734
+ """
1735
+ return pulumi.get(self, "excluded_dns_domains")
1736
+
1737
+ @property
1738
+ @pulumi.getter(name="excludedEmailAddresses")
1739
+ def excluded_email_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1740
+ """
1741
+ List of email addresses for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1742
+ """
1743
+ return pulumi.get(self, "excluded_email_addresses")
1744
+
1745
+ @property
1746
+ @pulumi.getter(name="excludedIpRanges")
1747
+ def excluded_ip_ranges(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1748
+ """
1749
+ List of IP ranges for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1750
+ """
1751
+ return pulumi.get(self, "excluded_ip_ranges")
1752
+
1753
+ @property
1754
+ @pulumi.getter(name="excludedUriDomains")
1755
+ def excluded_uri_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1756
+ """
1757
+ List of URI domains for which certificates are not allowed to be issued. Requires Vault version 1.19+.
1758
+ """
1759
+ return pulumi.get(self, "excluded_uri_domains")
1760
+
1248
1761
  @property
1249
1762
  @pulumi.getter
1250
- def format(self) -> pulumi.Output[Optional[str]]:
1763
+ def format(self) -> pulumi.Output[Optional[builtins.str]]:
1251
1764
  """
1252
1765
  The format of data
1253
1766
  """
@@ -1255,7 +1768,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1255
1768
 
1256
1769
  @property
1257
1770
  @pulumi.getter(name="ipSans")
1258
- def ip_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1771
+ def ip_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1259
1772
  """
1260
1773
  List of alternative IPs
1261
1774
  """
@@ -1263,7 +1776,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1263
1776
 
1264
1777
  @property
1265
1778
  @pulumi.getter(name="issuerRef")
1266
- def issuer_ref(self) -> pulumi.Output[Optional[str]]:
1779
+ def issuer_ref(self) -> pulumi.Output[Optional[builtins.str]]:
1267
1780
  """
1268
1781
  Specifies the default issuer of this request. May
1269
1782
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -1274,7 +1787,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1274
1787
 
1275
1788
  @property
1276
1789
  @pulumi.getter(name="issuingCa")
1277
- def issuing_ca(self) -> pulumi.Output[str]:
1790
+ def issuing_ca(self) -> pulumi.Output[builtins.str]:
1278
1791
  """
1279
1792
  The issuing CA certificate in the `format` specified.
1280
1793
  """
@@ -1282,7 +1795,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1282
1795
 
1283
1796
  @property
1284
1797
  @pulumi.getter
1285
- def locality(self) -> pulumi.Output[Optional[str]]:
1798
+ def locality(self) -> pulumi.Output[Optional[builtins.str]]:
1286
1799
  """
1287
1800
  The locality
1288
1801
  """
@@ -1290,7 +1803,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1290
1803
 
1291
1804
  @property
1292
1805
  @pulumi.getter(name="maxPathLength")
1293
- def max_path_length(self) -> pulumi.Output[Optional[int]]:
1806
+ def max_path_length(self) -> pulumi.Output[Optional[builtins.int]]:
1294
1807
  """
1295
1808
  The maximum path length to encode in the generated certificate
1296
1809
  """
@@ -1298,7 +1811,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1298
1811
 
1299
1812
  @property
1300
1813
  @pulumi.getter
1301
- def namespace(self) -> pulumi.Output[Optional[str]]:
1814
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1302
1815
  """
1303
1816
  The namespace to provision the resource in.
1304
1817
  The value should not contain leading or trailing forward slashes.
@@ -1307,9 +1820,27 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1307
1820
  """
1308
1821
  return pulumi.get(self, "namespace")
1309
1822
 
1823
+ @property
1824
+ @pulumi.getter(name="notAfter")
1825
+ def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
1826
+ """
1827
+ Set the Not After field of the certificate with specified date value.
1828
+ The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date
1829
+ for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1830
+ """
1831
+ return pulumi.get(self, "not_after")
1832
+
1833
+ @property
1834
+ @pulumi.getter(name="notBeforeDuration")
1835
+ def not_before_duration(self) -> pulumi.Output[Optional[builtins.str]]:
1836
+ """
1837
+ Specifies the duration by which to backdate the NotBefore property.
1838
+ """
1839
+ return pulumi.get(self, "not_before_duration")
1840
+
1310
1841
  @property
1311
1842
  @pulumi.getter
1312
- def organization(self) -> pulumi.Output[Optional[str]]:
1843
+ def organization(self) -> pulumi.Output[Optional[builtins.str]]:
1313
1844
  """
1314
1845
  The organization
1315
1846
  """
@@ -1317,7 +1848,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1317
1848
 
1318
1849
  @property
1319
1850
  @pulumi.getter(name="otherSans")
1320
- def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1851
+ def other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1321
1852
  """
1322
1853
  List of other SANs
1323
1854
  """
@@ -1325,7 +1856,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1325
1856
 
1326
1857
  @property
1327
1858
  @pulumi.getter
1328
- def ou(self) -> pulumi.Output[Optional[str]]:
1859
+ def ou(self) -> pulumi.Output[Optional[builtins.str]]:
1329
1860
  """
1330
1861
  The organization unit
1331
1862
  """
@@ -1333,15 +1864,39 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1333
1864
 
1334
1865
  @property
1335
1866
  @pulumi.getter(name="permittedDnsDomains")
1336
- def permitted_dns_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
1867
+ def permitted_dns_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1337
1868
  """
1338
1869
  List of domains for which certificates are allowed to be issued
1339
1870
  """
1340
1871
  return pulumi.get(self, "permitted_dns_domains")
1341
1872
 
1873
+ @property
1874
+ @pulumi.getter(name="permittedEmailAddresses")
1875
+ def permitted_email_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1876
+ """
1877
+ List of email addresses for which certificates are allowed to be issued. Requires Vault version 1.19+.
1878
+ """
1879
+ return pulumi.get(self, "permitted_email_addresses")
1880
+
1881
+ @property
1882
+ @pulumi.getter(name="permittedIpRanges")
1883
+ def permitted_ip_ranges(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1884
+ """
1885
+ List of IP ranges for which certificates are allowed to be issued. Requires Vault version 1.19+.
1886
+ """
1887
+ return pulumi.get(self, "permitted_ip_ranges")
1888
+
1889
+ @property
1890
+ @pulumi.getter(name="permittedUriDomains")
1891
+ def permitted_uri_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1892
+ """
1893
+ List of URI domains for which certificates are allowed to be issued. Requires Vault version 1.19+.
1894
+ """
1895
+ return pulumi.get(self, "permitted_uri_domains")
1896
+
1342
1897
  @property
1343
1898
  @pulumi.getter(name="postalCode")
1344
- def postal_code(self) -> pulumi.Output[Optional[str]]:
1899
+ def postal_code(self) -> pulumi.Output[Optional[builtins.str]]:
1345
1900
  """
1346
1901
  The postal code
1347
1902
  """
@@ -1349,7 +1904,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1349
1904
 
1350
1905
  @property
1351
1906
  @pulumi.getter
1352
- def province(self) -> pulumi.Output[Optional[str]]:
1907
+ def province(self) -> pulumi.Output[Optional[builtins.str]]:
1353
1908
  """
1354
1909
  The province
1355
1910
  """
@@ -1357,7 +1912,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1357
1912
 
1358
1913
  @property
1359
1914
  @pulumi.getter
1360
- def revoke(self) -> pulumi.Output[Optional[bool]]:
1915
+ def revoke(self) -> pulumi.Output[Optional[builtins.bool]]:
1361
1916
  """
1362
1917
  If set to `true`, the certificate will be revoked on resource destruction.
1363
1918
  """
@@ -1365,15 +1920,31 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1365
1920
 
1366
1921
  @property
1367
1922
  @pulumi.getter(name="serialNumber")
1368
- def serial_number(self) -> pulumi.Output[str]:
1923
+ def serial_number(self) -> pulumi.Output[builtins.str]:
1369
1924
  """
1370
1925
  The certificate's serial number, hex formatted.
1371
1926
  """
1372
1927
  return pulumi.get(self, "serial_number")
1373
1928
 
1929
+ @property
1930
+ @pulumi.getter(name="signatureBits")
1931
+ def signature_bits(self) -> pulumi.Output[Optional[builtins.int]]:
1932
+ """
1933
+ The number of bits to use in the signature algorithm
1934
+ """
1935
+ return pulumi.get(self, "signature_bits")
1936
+
1937
+ @property
1938
+ @pulumi.getter
1939
+ def skid(self) -> pulumi.Output[Optional[builtins.str]]:
1940
+ """
1941
+ Value for the Subject Key Identifier field (RFC 5280 Section 4.2.1.2). Specified as a string in hex format.
1942
+ """
1943
+ return pulumi.get(self, "skid")
1944
+
1374
1945
  @property
1375
1946
  @pulumi.getter(name="streetAddress")
1376
- def street_address(self) -> pulumi.Output[Optional[str]]:
1947
+ def street_address(self) -> pulumi.Output[Optional[builtins.str]]:
1377
1948
  """
1378
1949
  The street address
1379
1950
  """
@@ -1381,7 +1952,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1381
1952
 
1382
1953
  @property
1383
1954
  @pulumi.getter
1384
- def ttl(self) -> pulumi.Output[Optional[str]]:
1955
+ def ttl(self) -> pulumi.Output[Optional[builtins.str]]:
1385
1956
  """
1386
1957
  Time to live
1387
1958
  """
@@ -1389,7 +1960,7 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1389
1960
 
1390
1961
  @property
1391
1962
  @pulumi.getter(name="uriSans")
1392
- def uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1963
+ def uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1393
1964
  """
1394
1965
  List of alternative URIs
1395
1966
  """
@@ -1397,9 +1968,17 @@ class SecretBackendRootSignIntermediate(pulumi.CustomResource):
1397
1968
 
1398
1969
  @property
1399
1970
  @pulumi.getter(name="useCsrValues")
1400
- def use_csr_values(self) -> pulumi.Output[Optional[bool]]:
1971
+ def use_csr_values(self) -> pulumi.Output[Optional[builtins.bool]]:
1401
1972
  """
1402
1973
  Preserve CSR values
1403
1974
  """
1404
1975
  return pulumi.get(self, "use_csr_values")
1405
1976
 
1977
+ @property
1978
+ @pulumi.getter(name="usePss")
1979
+ def use_pss(self) -> pulumi.Output[Optional[builtins.bool]]:
1980
+ """
1981
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used.
1982
+ """
1983
+ return pulumi.get(self, "use_pss")
1984
+