pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (264) hide show
  1. pulumi_vault/__init__.py +9 -0
  2. pulumi_vault/_inputs.py +583 -562
  3. pulumi_vault/ad/__init__.py +1 -0
  4. pulumi_vault/ad/get_access_credentials.py +20 -19
  5. pulumi_vault/ad/secret_backend.py +477 -476
  6. pulumi_vault/ad/secret_library.py +99 -98
  7. pulumi_vault/ad/secret_role.py +85 -84
  8. pulumi_vault/alicloud/__init__.py +1 -0
  9. pulumi_vault/alicloud/auth_backend_role.py +183 -182
  10. pulumi_vault/approle/__init__.py +1 -0
  11. pulumi_vault/approle/auth_backend_login.py +106 -105
  12. pulumi_vault/approle/auth_backend_role.py +239 -238
  13. pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
  14. pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
  15. pulumi_vault/audit.py +85 -84
  16. pulumi_vault/audit_request_header.py +43 -42
  17. pulumi_vault/auth_backend.py +106 -105
  18. pulumi_vault/aws/__init__.py +1 -0
  19. pulumi_vault/aws/auth_backend_cert.py +71 -70
  20. pulumi_vault/aws/auth_backend_client.py +425 -200
  21. pulumi_vault/aws/auth_backend_config_identity.py +85 -84
  22. pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
  23. pulumi_vault/aws/auth_backend_login.py +209 -208
  24. pulumi_vault/aws/auth_backend_role.py +400 -399
  25. pulumi_vault/aws/auth_backend_role_tag.py +127 -126
  26. pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
  27. pulumi_vault/aws/auth_backend_sts_role.py +71 -70
  28. pulumi_vault/aws/get_access_credentials.py +44 -43
  29. pulumi_vault/aws/get_static_access_credentials.py +13 -12
  30. pulumi_vault/aws/secret_backend.py +523 -306
  31. pulumi_vault/aws/secret_backend_role.py +211 -210
  32. pulumi_vault/aws/secret_backend_static_role.py +288 -70
  33. pulumi_vault/azure/__init__.py +1 -0
  34. pulumi_vault/azure/_inputs.py +21 -20
  35. pulumi_vault/azure/auth_backend_config.py +383 -130
  36. pulumi_vault/azure/auth_backend_role.py +253 -252
  37. pulumi_vault/azure/backend.py +432 -186
  38. pulumi_vault/azure/backend_role.py +188 -140
  39. pulumi_vault/azure/get_access_credentials.py +58 -57
  40. pulumi_vault/azure/outputs.py +11 -10
  41. pulumi_vault/cert_auth_backend_role.py +365 -364
  42. pulumi_vault/config/__init__.py +1 -0
  43. pulumi_vault/config/__init__.pyi +1 -0
  44. pulumi_vault/config/_inputs.py +11 -10
  45. pulumi_vault/config/outputs.py +287 -286
  46. pulumi_vault/config/ui_custom_message.py +113 -112
  47. pulumi_vault/config/vars.py +1 -0
  48. pulumi_vault/consul/__init__.py +1 -0
  49. pulumi_vault/consul/secret_backend.py +197 -196
  50. pulumi_vault/consul/secret_backend_role.py +183 -182
  51. pulumi_vault/database/__init__.py +1 -0
  52. pulumi_vault/database/_inputs.py +3857 -2200
  53. pulumi_vault/database/outputs.py +2483 -1330
  54. pulumi_vault/database/secret_backend_connection.py +333 -112
  55. pulumi_vault/database/secret_backend_role.py +169 -168
  56. pulumi_vault/database/secret_backend_static_role.py +283 -140
  57. pulumi_vault/database/secrets_mount.py +275 -266
  58. pulumi_vault/egp_policy.py +71 -70
  59. pulumi_vault/gcp/__init__.py +1 -0
  60. pulumi_vault/gcp/_inputs.py +82 -81
  61. pulumi_vault/gcp/auth_backend.py +426 -205
  62. pulumi_vault/gcp/auth_backend_role.py +281 -280
  63. pulumi_vault/gcp/get_auth_backend_role.py +70 -69
  64. pulumi_vault/gcp/outputs.py +50 -49
  65. pulumi_vault/gcp/secret_backend.py +420 -179
  66. pulumi_vault/gcp/secret_impersonated_account.py +92 -91
  67. pulumi_vault/gcp/secret_roleset.py +92 -91
  68. pulumi_vault/gcp/secret_static_account.py +92 -91
  69. pulumi_vault/generic/__init__.py +1 -0
  70. pulumi_vault/generic/endpoint.py +113 -112
  71. pulumi_vault/generic/get_secret.py +28 -27
  72. pulumi_vault/generic/secret.py +78 -77
  73. pulumi_vault/get_auth_backend.py +19 -18
  74. pulumi_vault/get_auth_backends.py +14 -13
  75. pulumi_vault/get_namespace.py +15 -14
  76. pulumi_vault/get_namespaces.py +68 -18
  77. pulumi_vault/get_nomad_access_token.py +19 -18
  78. pulumi_vault/get_policy_document.py +6 -5
  79. pulumi_vault/get_raft_autopilot_state.py +18 -17
  80. pulumi_vault/github/__init__.py +1 -0
  81. pulumi_vault/github/_inputs.py +42 -41
  82. pulumi_vault/github/auth_backend.py +232 -231
  83. pulumi_vault/github/outputs.py +26 -25
  84. pulumi_vault/github/team.py +57 -56
  85. pulumi_vault/github/user.py +57 -56
  86. pulumi_vault/identity/__init__.py +1 -0
  87. pulumi_vault/identity/entity.py +85 -84
  88. pulumi_vault/identity/entity_alias.py +71 -70
  89. pulumi_vault/identity/entity_policies.py +64 -63
  90. pulumi_vault/identity/get_entity.py +43 -42
  91. pulumi_vault/identity/get_group.py +50 -49
  92. pulumi_vault/identity/get_oidc_client_creds.py +14 -13
  93. pulumi_vault/identity/get_oidc_openid_config.py +24 -23
  94. pulumi_vault/identity/get_oidc_public_keys.py +13 -12
  95. pulumi_vault/identity/group.py +141 -140
  96. pulumi_vault/identity/group_alias.py +57 -56
  97. pulumi_vault/identity/group_member_entity_ids.py +57 -56
  98. pulumi_vault/identity/group_member_group_ids.py +57 -56
  99. pulumi_vault/identity/group_policies.py +64 -63
  100. pulumi_vault/identity/mfa_duo.py +148 -147
  101. pulumi_vault/identity/mfa_login_enforcement.py +120 -119
  102. pulumi_vault/identity/mfa_okta.py +134 -133
  103. pulumi_vault/identity/mfa_pingid.py +127 -126
  104. pulumi_vault/identity/mfa_totp.py +176 -175
  105. pulumi_vault/identity/oidc.py +29 -28
  106. pulumi_vault/identity/oidc_assignment.py +57 -56
  107. pulumi_vault/identity/oidc_client.py +127 -126
  108. pulumi_vault/identity/oidc_key.py +85 -84
  109. pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
  110. pulumi_vault/identity/oidc_provider.py +92 -91
  111. pulumi_vault/identity/oidc_role.py +85 -84
  112. pulumi_vault/identity/oidc_scope.py +57 -56
  113. pulumi_vault/identity/outputs.py +32 -31
  114. pulumi_vault/jwt/__init__.py +1 -0
  115. pulumi_vault/jwt/_inputs.py +42 -41
  116. pulumi_vault/jwt/auth_backend.py +288 -287
  117. pulumi_vault/jwt/auth_backend_role.py +407 -406
  118. pulumi_vault/jwt/outputs.py +26 -25
  119. pulumi_vault/kmip/__init__.py +1 -0
  120. pulumi_vault/kmip/secret_backend.py +183 -182
  121. pulumi_vault/kmip/secret_role.py +295 -294
  122. pulumi_vault/kmip/secret_scope.py +57 -56
  123. pulumi_vault/kubernetes/__init__.py +1 -0
  124. pulumi_vault/kubernetes/auth_backend_config.py +141 -140
  125. pulumi_vault/kubernetes/auth_backend_role.py +225 -224
  126. pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
  127. pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
  128. pulumi_vault/kubernetes/get_service_account_token.py +38 -37
  129. pulumi_vault/kubernetes/secret_backend.py +316 -315
  130. pulumi_vault/kubernetes/secret_backend_role.py +197 -196
  131. pulumi_vault/kv/__init__.py +1 -0
  132. pulumi_vault/kv/_inputs.py +21 -20
  133. pulumi_vault/kv/get_secret.py +17 -16
  134. pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
  135. pulumi_vault/kv/get_secret_v2.py +29 -28
  136. pulumi_vault/kv/get_secrets_list.py +13 -12
  137. pulumi_vault/kv/get_secrets_list_v2.py +19 -18
  138. pulumi_vault/kv/outputs.py +13 -12
  139. pulumi_vault/kv/secret.py +50 -49
  140. pulumi_vault/kv/secret_backend_v2.py +71 -70
  141. pulumi_vault/kv/secret_v2.py +134 -133
  142. pulumi_vault/ldap/__init__.py +1 -0
  143. pulumi_vault/ldap/auth_backend.py +754 -533
  144. pulumi_vault/ldap/auth_backend_group.py +57 -56
  145. pulumi_vault/ldap/auth_backend_user.py +71 -70
  146. pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
  147. pulumi_vault/ldap/get_static_credentials.py +18 -17
  148. pulumi_vault/ldap/secret_backend.py +720 -499
  149. pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
  150. pulumi_vault/ldap/secret_backend_library_set.py +99 -98
  151. pulumi_vault/ldap/secret_backend_static_role.py +99 -98
  152. pulumi_vault/managed/__init__.py +1 -0
  153. pulumi_vault/managed/_inputs.py +229 -228
  154. pulumi_vault/managed/keys.py +15 -14
  155. pulumi_vault/managed/outputs.py +139 -138
  156. pulumi_vault/mfa_duo.py +113 -112
  157. pulumi_vault/mfa_okta.py +113 -112
  158. pulumi_vault/mfa_pingid.py +120 -119
  159. pulumi_vault/mfa_totp.py +127 -126
  160. pulumi_vault/mongodbatlas/__init__.py +1 -0
  161. pulumi_vault/mongodbatlas/secret_backend.py +64 -63
  162. pulumi_vault/mongodbatlas/secret_role.py +155 -154
  163. pulumi_vault/mount.py +274 -273
  164. pulumi_vault/namespace.py +64 -63
  165. pulumi_vault/nomad_secret_backend.py +211 -210
  166. pulumi_vault/nomad_secret_role.py +85 -84
  167. pulumi_vault/okta/__init__.py +1 -0
  168. pulumi_vault/okta/_inputs.py +26 -25
  169. pulumi_vault/okta/auth_backend.py +274 -273
  170. pulumi_vault/okta/auth_backend_group.py +57 -56
  171. pulumi_vault/okta/auth_backend_user.py +71 -70
  172. pulumi_vault/okta/outputs.py +16 -15
  173. pulumi_vault/outputs.py +73 -60
  174. pulumi_vault/password_policy.py +43 -42
  175. pulumi_vault/pkisecret/__init__.py +3 -0
  176. pulumi_vault/pkisecret/_inputs.py +31 -36
  177. pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
  178. pulumi_vault/pkisecret/backend_config_acme.py +174 -126
  179. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1377 -0
  180. pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
  181. pulumi_vault/pkisecret/backend_config_cmpv2.py +152 -104
  182. pulumi_vault/pkisecret/backend_config_est.py +120 -119
  183. pulumi_vault/pkisecret/get_backend_cert_metadata.py +278 -0
  184. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +35 -17
  185. pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
  186. pulumi_vault/pkisecret/get_backend_issuer.py +139 -25
  187. pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
  188. pulumi_vault/pkisecret/get_backend_key.py +20 -19
  189. pulumi_vault/pkisecret/get_backend_keys.py +15 -14
  190. pulumi_vault/pkisecret/outputs.py +28 -31
  191. pulumi_vault/pkisecret/secret_backend_cert.py +439 -297
  192. pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
  193. pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
  194. pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
  195. pulumi_vault/pkisecret/secret_backend_crl_config.py +237 -182
  196. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +520 -378
  197. pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
  198. pulumi_vault/pkisecret/secret_backend_issuer.py +441 -175
  199. pulumi_vault/pkisecret/secret_backend_key.py +120 -119
  200. pulumi_vault/pkisecret/secret_backend_role.py +894 -644
  201. pulumi_vault/pkisecret/secret_backend_root_cert.py +851 -427
  202. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +936 -357
  203. pulumi_vault/pkisecret/secret_backend_sign.py +347 -252
  204. pulumi_vault/plugin.py +127 -126
  205. pulumi_vault/plugin_pinned_version.py +43 -42
  206. pulumi_vault/policy.py +43 -42
  207. pulumi_vault/provider.py +120 -119
  208. pulumi_vault/pulumi-plugin.json +1 -1
  209. pulumi_vault/quota_lease_count.py +85 -84
  210. pulumi_vault/quota_rate_limit.py +113 -112
  211. pulumi_vault/rabbitmq/__init__.py +1 -0
  212. pulumi_vault/rabbitmq/_inputs.py +41 -40
  213. pulumi_vault/rabbitmq/outputs.py +25 -24
  214. pulumi_vault/rabbitmq/secret_backend.py +169 -168
  215. pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
  216. pulumi_vault/raft_autopilot.py +113 -112
  217. pulumi_vault/raft_snapshot_agent_config.py +393 -392
  218. pulumi_vault/rgp_policy.py +57 -56
  219. pulumi_vault/saml/__init__.py +1 -0
  220. pulumi_vault/saml/auth_backend.py +155 -154
  221. pulumi_vault/saml/auth_backend_role.py +239 -238
  222. pulumi_vault/secrets/__init__.py +1 -0
  223. pulumi_vault/secrets/_inputs.py +16 -15
  224. pulumi_vault/secrets/outputs.py +10 -9
  225. pulumi_vault/secrets/sync_association.py +71 -70
  226. pulumi_vault/secrets/sync_aws_destination.py +148 -147
  227. pulumi_vault/secrets/sync_azure_destination.py +148 -147
  228. pulumi_vault/secrets/sync_config.py +43 -42
  229. pulumi_vault/secrets/sync_gcp_destination.py +106 -105
  230. pulumi_vault/secrets/sync_gh_destination.py +134 -133
  231. pulumi_vault/secrets/sync_github_apps.py +64 -63
  232. pulumi_vault/secrets/sync_vercel_destination.py +120 -119
  233. pulumi_vault/ssh/__init__.py +2 -0
  234. pulumi_vault/ssh/_inputs.py +11 -10
  235. pulumi_vault/ssh/get_secret_backend_sign.py +295 -0
  236. pulumi_vault/ssh/outputs.py +7 -6
  237. pulumi_vault/ssh/secret_backend_ca.py +99 -98
  238. pulumi_vault/ssh/secret_backend_role.py +365 -364
  239. pulumi_vault/terraformcloud/__init__.py +1 -0
  240. pulumi_vault/terraformcloud/secret_backend.py +111 -110
  241. pulumi_vault/terraformcloud/secret_creds.py +74 -73
  242. pulumi_vault/terraformcloud/secret_role.py +96 -95
  243. pulumi_vault/token.py +246 -245
  244. pulumi_vault/tokenauth/__init__.py +1 -0
  245. pulumi_vault/tokenauth/auth_backend_role.py +267 -266
  246. pulumi_vault/transform/__init__.py +1 -0
  247. pulumi_vault/transform/alphabet.py +57 -56
  248. pulumi_vault/transform/get_decode.py +47 -46
  249. pulumi_vault/transform/get_encode.py +47 -46
  250. pulumi_vault/transform/role.py +57 -56
  251. pulumi_vault/transform/template.py +113 -112
  252. pulumi_vault/transform/transformation.py +141 -140
  253. pulumi_vault/transit/__init__.py +3 -0
  254. pulumi_vault/transit/get_decrypt.py +18 -17
  255. pulumi_vault/transit/get_encrypt.py +21 -20
  256. pulumi_vault/transit/get_sign.py +325 -0
  257. pulumi_vault/transit/get_verify.py +355 -0
  258. pulumi_vault/transit/secret_backend_key.py +394 -231
  259. pulumi_vault/transit/secret_cache_config.py +43 -42
  260. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
  261. pulumi_vault-6.7.0.dist-info/RECORD +265 -0
  262. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
  263. pulumi_vault-6.6.0a1741415971.dist-info/RECORD +0 -260
  264. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
2
2
  # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
3
  # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
4
 
5
+ import builtins
5
6
  import copy
6
7
  import warnings
7
8
  import sys
@@ -19,44 +20,48 @@ __all__ = ['SecretBackendSignArgs', 'SecretBackendSign']
19
20
  @pulumi.input_type
20
21
  class SecretBackendSignArgs:
21
22
  def __init__(__self__, *,
22
- backend: pulumi.Input[str],
23
- common_name: pulumi.Input[str],
24
- csr: pulumi.Input[str],
25
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
26
- auto_renew: Optional[pulumi.Input[bool]] = None,
27
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
28
- format: Optional[pulumi.Input[str]] = None,
29
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
30
- issuer_ref: Optional[pulumi.Input[str]] = None,
31
- min_seconds_remaining: Optional[pulumi.Input[int]] = None,
32
- name: Optional[pulumi.Input[str]] = None,
33
- namespace: Optional[pulumi.Input[str]] = None,
34
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
35
- ttl: Optional[pulumi.Input[str]] = None,
36
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
23
+ backend: pulumi.Input[builtins.str],
24
+ common_name: pulumi.Input[builtins.str],
25
+ csr: pulumi.Input[builtins.str],
26
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
27
+ auto_renew: Optional[pulumi.Input[builtins.bool]] = None,
28
+ cert_metadata: Optional[pulumi.Input[builtins.str]] = None,
29
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
30
+ format: Optional[pulumi.Input[builtins.str]] = None,
31
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
32
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
33
+ min_seconds_remaining: Optional[pulumi.Input[builtins.int]] = None,
34
+ name: Optional[pulumi.Input[builtins.str]] = None,
35
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
36
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
37
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
38
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
39
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
37
40
  """
38
41
  The set of arguments for constructing a SecretBackendSign resource.
39
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
40
- :param pulumi.Input[str] common_name: CN of certificate to create
41
- :param pulumi.Input[str] csr: The CSR
42
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
43
- :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
44
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
45
- :param pulumi.Input[str] format: The format of data
46
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
47
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. Can
42
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
43
+ :param pulumi.Input[builtins.str] common_name: CN of certificate to create
44
+ :param pulumi.Input[builtins.str] csr: The CSR
45
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
46
+ :param pulumi.Input[builtins.bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
47
+ :param pulumi.Input[builtins.str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
48
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
49
+ :param pulumi.Input[builtins.str] format: The format of data
50
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
51
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. Can
48
52
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
49
53
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
50
54
  overriding the role's `issuer_ref` value.
51
- :param pulumi.Input[int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
52
- :param pulumi.Input[str] name: Name of the role to create the certificate against
53
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
55
+ :param pulumi.Input[builtins.int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
56
+ :param pulumi.Input[builtins.str] name: Name of the role to create the certificate against
57
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
54
58
  The value should not contain leading or trailing forward slashes.
55
59
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
56
60
  *Available only for Vault Enterprise*.
57
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
58
- :param pulumi.Input[str] ttl: Time to live
59
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
61
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
62
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
63
+ :param pulumi.Input[builtins.str] ttl: Time to live
64
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
60
65
  """
61
66
  pulumi.set(__self__, "backend", backend)
62
67
  pulumi.set(__self__, "common_name", common_name)
@@ -65,6 +70,8 @@ class SecretBackendSignArgs:
65
70
  pulumi.set(__self__, "alt_names", alt_names)
66
71
  if auto_renew is not None:
67
72
  pulumi.set(__self__, "auto_renew", auto_renew)
73
+ if cert_metadata is not None:
74
+ pulumi.set(__self__, "cert_metadata", cert_metadata)
68
75
  if exclude_cn_from_sans is not None:
69
76
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
70
77
  if format is not None:
@@ -79,6 +86,8 @@ class SecretBackendSignArgs:
79
86
  pulumi.set(__self__, "name", name)
80
87
  if namespace is not None:
81
88
  pulumi.set(__self__, "namespace", namespace)
89
+ if not_after is not None:
90
+ pulumi.set(__self__, "not_after", not_after)
82
91
  if other_sans is not None:
83
92
  pulumi.set(__self__, "other_sans", other_sans)
84
93
  if ttl is not None:
@@ -88,103 +97,115 @@ class SecretBackendSignArgs:
88
97
 
89
98
  @property
90
99
  @pulumi.getter
91
- def backend(self) -> pulumi.Input[str]:
100
+ def backend(self) -> pulumi.Input[builtins.str]:
92
101
  """
93
102
  The PKI secret backend the resource belongs to.
94
103
  """
95
104
  return pulumi.get(self, "backend")
96
105
 
97
106
  @backend.setter
98
- def backend(self, value: pulumi.Input[str]):
107
+ def backend(self, value: pulumi.Input[builtins.str]):
99
108
  pulumi.set(self, "backend", value)
100
109
 
101
110
  @property
102
111
  @pulumi.getter(name="commonName")
103
- def common_name(self) -> pulumi.Input[str]:
112
+ def common_name(self) -> pulumi.Input[builtins.str]:
104
113
  """
105
114
  CN of certificate to create
106
115
  """
107
116
  return pulumi.get(self, "common_name")
108
117
 
109
118
  @common_name.setter
110
- def common_name(self, value: pulumi.Input[str]):
119
+ def common_name(self, value: pulumi.Input[builtins.str]):
111
120
  pulumi.set(self, "common_name", value)
112
121
 
113
122
  @property
114
123
  @pulumi.getter
115
- def csr(self) -> pulumi.Input[str]:
124
+ def csr(self) -> pulumi.Input[builtins.str]:
116
125
  """
117
126
  The CSR
118
127
  """
119
128
  return pulumi.get(self, "csr")
120
129
 
121
130
  @csr.setter
122
- def csr(self, value: pulumi.Input[str]):
131
+ def csr(self, value: pulumi.Input[builtins.str]):
123
132
  pulumi.set(self, "csr", value)
124
133
 
125
134
  @property
126
135
  @pulumi.getter(name="altNames")
127
- def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
136
+ def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
128
137
  """
129
138
  List of alternative names
130
139
  """
131
140
  return pulumi.get(self, "alt_names")
132
141
 
133
142
  @alt_names.setter
134
- def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
143
+ def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
135
144
  pulumi.set(self, "alt_names", value)
136
145
 
137
146
  @property
138
147
  @pulumi.getter(name="autoRenew")
139
- def auto_renew(self) -> Optional[pulumi.Input[bool]]:
148
+ def auto_renew(self) -> Optional[pulumi.Input[builtins.bool]]:
140
149
  """
141
150
  If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
142
151
  """
143
152
  return pulumi.get(self, "auto_renew")
144
153
 
145
154
  @auto_renew.setter
146
- def auto_renew(self, value: Optional[pulumi.Input[bool]]):
155
+ def auto_renew(self, value: Optional[pulumi.Input[builtins.bool]]):
147
156
  pulumi.set(self, "auto_renew", value)
148
157
 
158
+ @property
159
+ @pulumi.getter(name="certMetadata")
160
+ def cert_metadata(self) -> Optional[pulumi.Input[builtins.str]]:
161
+ """
162
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
163
+ """
164
+ return pulumi.get(self, "cert_metadata")
165
+
166
+ @cert_metadata.setter
167
+ def cert_metadata(self, value: Optional[pulumi.Input[builtins.str]]):
168
+ pulumi.set(self, "cert_metadata", value)
169
+
149
170
  @property
150
171
  @pulumi.getter(name="excludeCnFromSans")
151
- def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
172
+ def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
152
173
  """
153
174
  Flag to exclude CN from SANs
154
175
  """
155
176
  return pulumi.get(self, "exclude_cn_from_sans")
156
177
 
157
178
  @exclude_cn_from_sans.setter
158
- def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
179
+ def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
159
180
  pulumi.set(self, "exclude_cn_from_sans", value)
160
181
 
161
182
  @property
162
183
  @pulumi.getter
163
- def format(self) -> Optional[pulumi.Input[str]]:
184
+ def format(self) -> Optional[pulumi.Input[builtins.str]]:
164
185
  """
165
186
  The format of data
166
187
  """
167
188
  return pulumi.get(self, "format")
168
189
 
169
190
  @format.setter
170
- def format(self, value: Optional[pulumi.Input[str]]):
191
+ def format(self, value: Optional[pulumi.Input[builtins.str]]):
171
192
  pulumi.set(self, "format", value)
172
193
 
173
194
  @property
174
195
  @pulumi.getter(name="ipSans")
175
- def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
196
+ def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
176
197
  """
177
198
  List of alternative IPs
178
199
  """
179
200
  return pulumi.get(self, "ip_sans")
180
201
 
181
202
  @ip_sans.setter
182
- def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
203
+ def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
183
204
  pulumi.set(self, "ip_sans", value)
184
205
 
185
206
  @property
186
207
  @pulumi.getter(name="issuerRef")
187
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
208
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
188
209
  """
189
210
  Specifies the default issuer of this request. Can
190
211
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -194,36 +215,36 @@ class SecretBackendSignArgs:
194
215
  return pulumi.get(self, "issuer_ref")
195
216
 
196
217
  @issuer_ref.setter
197
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
218
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
198
219
  pulumi.set(self, "issuer_ref", value)
199
220
 
200
221
  @property
201
222
  @pulumi.getter(name="minSecondsRemaining")
202
- def min_seconds_remaining(self) -> Optional[pulumi.Input[int]]:
223
+ def min_seconds_remaining(self) -> Optional[pulumi.Input[builtins.int]]:
203
224
  """
204
225
  Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
205
226
  """
206
227
  return pulumi.get(self, "min_seconds_remaining")
207
228
 
208
229
  @min_seconds_remaining.setter
209
- def min_seconds_remaining(self, value: Optional[pulumi.Input[int]]):
230
+ def min_seconds_remaining(self, value: Optional[pulumi.Input[builtins.int]]):
210
231
  pulumi.set(self, "min_seconds_remaining", value)
211
232
 
212
233
  @property
213
234
  @pulumi.getter
214
- def name(self) -> Optional[pulumi.Input[str]]:
235
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
215
236
  """
216
237
  Name of the role to create the certificate against
217
238
  """
218
239
  return pulumi.get(self, "name")
219
240
 
220
241
  @name.setter
221
- def name(self, value: Optional[pulumi.Input[str]]):
242
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
222
243
  pulumi.set(self, "name", value)
223
244
 
224
245
  @property
225
246
  @pulumi.getter
226
- def namespace(self) -> Optional[pulumi.Input[str]]:
247
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
227
248
  """
228
249
  The namespace to provision the resource in.
229
250
  The value should not contain leading or trailing forward slashes.
@@ -233,99 +254,115 @@ class SecretBackendSignArgs:
233
254
  return pulumi.get(self, "namespace")
234
255
 
235
256
  @namespace.setter
236
- def namespace(self, value: Optional[pulumi.Input[str]]):
257
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
237
258
  pulumi.set(self, "namespace", value)
238
259
 
260
+ @property
261
+ @pulumi.getter(name="notAfter")
262
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
263
+ """
264
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
265
+ """
266
+ return pulumi.get(self, "not_after")
267
+
268
+ @not_after.setter
269
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
270
+ pulumi.set(self, "not_after", value)
271
+
239
272
  @property
240
273
  @pulumi.getter(name="otherSans")
241
- def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
274
+ def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
242
275
  """
243
276
  List of other SANs
244
277
  """
245
278
  return pulumi.get(self, "other_sans")
246
279
 
247
280
  @other_sans.setter
248
- def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
281
+ def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
249
282
  pulumi.set(self, "other_sans", value)
250
283
 
251
284
  @property
252
285
  @pulumi.getter
253
- def ttl(self) -> Optional[pulumi.Input[str]]:
286
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
254
287
  """
255
288
  Time to live
256
289
  """
257
290
  return pulumi.get(self, "ttl")
258
291
 
259
292
  @ttl.setter
260
- def ttl(self, value: Optional[pulumi.Input[str]]):
293
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
261
294
  pulumi.set(self, "ttl", value)
262
295
 
263
296
  @property
264
297
  @pulumi.getter(name="uriSans")
265
- def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
298
+ def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
266
299
  """
267
300
  List of alternative URIs
268
301
  """
269
302
  return pulumi.get(self, "uri_sans")
270
303
 
271
304
  @uri_sans.setter
272
- def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
305
+ def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
273
306
  pulumi.set(self, "uri_sans", value)
274
307
 
275
308
 
276
309
  @pulumi.input_type
277
310
  class _SecretBackendSignState:
278
311
  def __init__(__self__, *,
279
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
280
- auto_renew: Optional[pulumi.Input[bool]] = None,
281
- backend: Optional[pulumi.Input[str]] = None,
282
- ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
283
- certificate: Optional[pulumi.Input[str]] = None,
284
- common_name: Optional[pulumi.Input[str]] = None,
285
- csr: Optional[pulumi.Input[str]] = None,
286
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
287
- expiration: Optional[pulumi.Input[int]] = None,
288
- format: Optional[pulumi.Input[str]] = None,
289
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
290
- issuer_ref: Optional[pulumi.Input[str]] = None,
291
- issuing_ca: Optional[pulumi.Input[str]] = None,
292
- min_seconds_remaining: Optional[pulumi.Input[int]] = None,
293
- name: Optional[pulumi.Input[str]] = None,
294
- namespace: Optional[pulumi.Input[str]] = None,
295
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
296
- renew_pending: Optional[pulumi.Input[bool]] = None,
297
- serial_number: Optional[pulumi.Input[str]] = None,
298
- ttl: Optional[pulumi.Input[str]] = None,
299
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
312
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
313
+ auto_renew: Optional[pulumi.Input[builtins.bool]] = None,
314
+ backend: Optional[pulumi.Input[builtins.str]] = None,
315
+ ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
316
+ cert_metadata: Optional[pulumi.Input[builtins.str]] = None,
317
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
318
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
319
+ csr: Optional[pulumi.Input[builtins.str]] = None,
320
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
321
+ expiration: Optional[pulumi.Input[builtins.int]] = None,
322
+ format: Optional[pulumi.Input[builtins.str]] = None,
323
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
324
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
325
+ issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
326
+ min_seconds_remaining: Optional[pulumi.Input[builtins.int]] = None,
327
+ name: Optional[pulumi.Input[builtins.str]] = None,
328
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
329
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
330
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
331
+ renew_pending: Optional[pulumi.Input[builtins.bool]] = None,
332
+ serial_number: Optional[pulumi.Input[builtins.str]] = None,
333
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
334
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None):
300
335
  """
301
336
  Input properties used for looking up and filtering SecretBackendSign resources.
302
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
303
- :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
304
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
305
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: The CA chain
306
- :param pulumi.Input[str] certificate: The certificate
307
- :param pulumi.Input[str] common_name: CN of certificate to create
308
- :param pulumi.Input[str] csr: The CSR
309
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
310
- :param pulumi.Input[int] expiration: The expiration date of the certificate in unix epoch format
311
- :param pulumi.Input[str] format: The format of data
312
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
313
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. Can
337
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
338
+ :param pulumi.Input[builtins.bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
339
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
340
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ca_chains: The CA chain
341
+ :param pulumi.Input[builtins.str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
342
+ :param pulumi.Input[builtins.str] certificate: The certificate
343
+ :param pulumi.Input[builtins.str] common_name: CN of certificate to create
344
+ :param pulumi.Input[builtins.str] csr: The CSR
345
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
346
+ :param pulumi.Input[builtins.int] expiration: The expiration date of the certificate in unix epoch format
347
+ :param pulumi.Input[builtins.str] format: The format of data
348
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
349
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. Can
314
350
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
315
351
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
316
352
  overriding the role's `issuer_ref` value.
317
- :param pulumi.Input[str] issuing_ca: The issuing CA
318
- :param pulumi.Input[int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
319
- :param pulumi.Input[str] name: Name of the role to create the certificate against
320
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
353
+ :param pulumi.Input[builtins.str] issuing_ca: The issuing CA
354
+ :param pulumi.Input[builtins.int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
355
+ :param pulumi.Input[builtins.str] name: Name of the role to create the certificate against
356
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
321
357
  The value should not contain leading or trailing forward slashes.
322
358
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
323
359
  *Available only for Vault Enterprise*.
324
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
325
- :param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
326
- :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
327
- :param pulumi.Input[str] ttl: Time to live
328
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
360
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
361
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
362
+ :param pulumi.Input[builtins.bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
363
+ :param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
364
+ :param pulumi.Input[builtins.str] ttl: Time to live
365
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
329
366
  """
330
367
  if alt_names is not None:
331
368
  pulumi.set(__self__, "alt_names", alt_names)
@@ -335,6 +372,8 @@ class _SecretBackendSignState:
335
372
  pulumi.set(__self__, "backend", backend)
336
373
  if ca_chains is not None:
337
374
  pulumi.set(__self__, "ca_chains", ca_chains)
375
+ if cert_metadata is not None:
376
+ pulumi.set(__self__, "cert_metadata", cert_metadata)
338
377
  if certificate is not None:
339
378
  pulumi.set(__self__, "certificate", certificate)
340
379
  if common_name is not None:
@@ -359,6 +398,8 @@ class _SecretBackendSignState:
359
398
  pulumi.set(__self__, "name", name)
360
399
  if namespace is not None:
361
400
  pulumi.set(__self__, "namespace", namespace)
401
+ if not_after is not None:
402
+ pulumi.set(__self__, "not_after", not_after)
362
403
  if other_sans is not None:
363
404
  pulumi.set(__self__, "other_sans", other_sans)
364
405
  if renew_pending is not None:
@@ -372,139 +413,151 @@ class _SecretBackendSignState:
372
413
 
373
414
  @property
374
415
  @pulumi.getter(name="altNames")
375
- def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
416
+ def alt_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
376
417
  """
377
418
  List of alternative names
378
419
  """
379
420
  return pulumi.get(self, "alt_names")
380
421
 
381
422
  @alt_names.setter
382
- def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
423
+ def alt_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
383
424
  pulumi.set(self, "alt_names", value)
384
425
 
385
426
  @property
386
427
  @pulumi.getter(name="autoRenew")
387
- def auto_renew(self) -> Optional[pulumi.Input[bool]]:
428
+ def auto_renew(self) -> Optional[pulumi.Input[builtins.bool]]:
388
429
  """
389
430
  If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
390
431
  """
391
432
  return pulumi.get(self, "auto_renew")
392
433
 
393
434
  @auto_renew.setter
394
- def auto_renew(self, value: Optional[pulumi.Input[bool]]):
435
+ def auto_renew(self, value: Optional[pulumi.Input[builtins.bool]]):
395
436
  pulumi.set(self, "auto_renew", value)
396
437
 
397
438
  @property
398
439
  @pulumi.getter
399
- def backend(self) -> Optional[pulumi.Input[str]]:
440
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
400
441
  """
401
442
  The PKI secret backend the resource belongs to.
402
443
  """
403
444
  return pulumi.get(self, "backend")
404
445
 
405
446
  @backend.setter
406
- def backend(self, value: Optional[pulumi.Input[str]]):
447
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
407
448
  pulumi.set(self, "backend", value)
408
449
 
409
450
  @property
410
451
  @pulumi.getter(name="caChains")
411
- def ca_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
452
+ def ca_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
412
453
  """
413
454
  The CA chain
414
455
  """
415
456
  return pulumi.get(self, "ca_chains")
416
457
 
417
458
  @ca_chains.setter
418
- def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
459
+ def ca_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
419
460
  pulumi.set(self, "ca_chains", value)
420
461
 
462
+ @property
463
+ @pulumi.getter(name="certMetadata")
464
+ def cert_metadata(self) -> Optional[pulumi.Input[builtins.str]]:
465
+ """
466
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
467
+ """
468
+ return pulumi.get(self, "cert_metadata")
469
+
470
+ @cert_metadata.setter
471
+ def cert_metadata(self, value: Optional[pulumi.Input[builtins.str]]):
472
+ pulumi.set(self, "cert_metadata", value)
473
+
421
474
  @property
422
475
  @pulumi.getter
423
- def certificate(self) -> Optional[pulumi.Input[str]]:
476
+ def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
424
477
  """
425
478
  The certificate
426
479
  """
427
480
  return pulumi.get(self, "certificate")
428
481
 
429
482
  @certificate.setter
430
- def certificate(self, value: Optional[pulumi.Input[str]]):
483
+ def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
431
484
  pulumi.set(self, "certificate", value)
432
485
 
433
486
  @property
434
487
  @pulumi.getter(name="commonName")
435
- def common_name(self) -> Optional[pulumi.Input[str]]:
488
+ def common_name(self) -> Optional[pulumi.Input[builtins.str]]:
436
489
  """
437
490
  CN of certificate to create
438
491
  """
439
492
  return pulumi.get(self, "common_name")
440
493
 
441
494
  @common_name.setter
442
- def common_name(self, value: Optional[pulumi.Input[str]]):
495
+ def common_name(self, value: Optional[pulumi.Input[builtins.str]]):
443
496
  pulumi.set(self, "common_name", value)
444
497
 
445
498
  @property
446
499
  @pulumi.getter
447
- def csr(self) -> Optional[pulumi.Input[str]]:
500
+ def csr(self) -> Optional[pulumi.Input[builtins.str]]:
448
501
  """
449
502
  The CSR
450
503
  """
451
504
  return pulumi.get(self, "csr")
452
505
 
453
506
  @csr.setter
454
- def csr(self, value: Optional[pulumi.Input[str]]):
507
+ def csr(self, value: Optional[pulumi.Input[builtins.str]]):
455
508
  pulumi.set(self, "csr", value)
456
509
 
457
510
  @property
458
511
  @pulumi.getter(name="excludeCnFromSans")
459
- def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
512
+ def exclude_cn_from_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
460
513
  """
461
514
  Flag to exclude CN from SANs
462
515
  """
463
516
  return pulumi.get(self, "exclude_cn_from_sans")
464
517
 
465
518
  @exclude_cn_from_sans.setter
466
- def exclude_cn_from_sans(self, value: Optional[pulumi.Input[bool]]):
519
+ def exclude_cn_from_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
467
520
  pulumi.set(self, "exclude_cn_from_sans", value)
468
521
 
469
522
  @property
470
523
  @pulumi.getter
471
- def expiration(self) -> Optional[pulumi.Input[int]]:
524
+ def expiration(self) -> Optional[pulumi.Input[builtins.int]]:
472
525
  """
473
526
  The expiration date of the certificate in unix epoch format
474
527
  """
475
528
  return pulumi.get(self, "expiration")
476
529
 
477
530
  @expiration.setter
478
- def expiration(self, value: Optional[pulumi.Input[int]]):
531
+ def expiration(self, value: Optional[pulumi.Input[builtins.int]]):
479
532
  pulumi.set(self, "expiration", value)
480
533
 
481
534
  @property
482
535
  @pulumi.getter
483
- def format(self) -> Optional[pulumi.Input[str]]:
536
+ def format(self) -> Optional[pulumi.Input[builtins.str]]:
484
537
  """
485
538
  The format of data
486
539
  """
487
540
  return pulumi.get(self, "format")
488
541
 
489
542
  @format.setter
490
- def format(self, value: Optional[pulumi.Input[str]]):
543
+ def format(self, value: Optional[pulumi.Input[builtins.str]]):
491
544
  pulumi.set(self, "format", value)
492
545
 
493
546
  @property
494
547
  @pulumi.getter(name="ipSans")
495
- def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
548
+ def ip_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
496
549
  """
497
550
  List of alternative IPs
498
551
  """
499
552
  return pulumi.get(self, "ip_sans")
500
553
 
501
554
  @ip_sans.setter
502
- def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
555
+ def ip_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
503
556
  pulumi.set(self, "ip_sans", value)
504
557
 
505
558
  @property
506
559
  @pulumi.getter(name="issuerRef")
507
- def issuer_ref(self) -> Optional[pulumi.Input[str]]:
560
+ def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
508
561
  """
509
562
  Specifies the default issuer of this request. Can
510
563
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -514,48 +567,48 @@ class _SecretBackendSignState:
514
567
  return pulumi.get(self, "issuer_ref")
515
568
 
516
569
  @issuer_ref.setter
517
- def issuer_ref(self, value: Optional[pulumi.Input[str]]):
570
+ def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
518
571
  pulumi.set(self, "issuer_ref", value)
519
572
 
520
573
  @property
521
574
  @pulumi.getter(name="issuingCa")
522
- def issuing_ca(self) -> Optional[pulumi.Input[str]]:
575
+ def issuing_ca(self) -> Optional[pulumi.Input[builtins.str]]:
523
576
  """
524
577
  The issuing CA
525
578
  """
526
579
  return pulumi.get(self, "issuing_ca")
527
580
 
528
581
  @issuing_ca.setter
529
- def issuing_ca(self, value: Optional[pulumi.Input[str]]):
582
+ def issuing_ca(self, value: Optional[pulumi.Input[builtins.str]]):
530
583
  pulumi.set(self, "issuing_ca", value)
531
584
 
532
585
  @property
533
586
  @pulumi.getter(name="minSecondsRemaining")
534
- def min_seconds_remaining(self) -> Optional[pulumi.Input[int]]:
587
+ def min_seconds_remaining(self) -> Optional[pulumi.Input[builtins.int]]:
535
588
  """
536
589
  Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
537
590
  """
538
591
  return pulumi.get(self, "min_seconds_remaining")
539
592
 
540
593
  @min_seconds_remaining.setter
541
- def min_seconds_remaining(self, value: Optional[pulumi.Input[int]]):
594
+ def min_seconds_remaining(self, value: Optional[pulumi.Input[builtins.int]]):
542
595
  pulumi.set(self, "min_seconds_remaining", value)
543
596
 
544
597
  @property
545
598
  @pulumi.getter
546
- def name(self) -> Optional[pulumi.Input[str]]:
599
+ def name(self) -> Optional[pulumi.Input[builtins.str]]:
547
600
  """
548
601
  Name of the role to create the certificate against
549
602
  """
550
603
  return pulumi.get(self, "name")
551
604
 
552
605
  @name.setter
553
- def name(self, value: Optional[pulumi.Input[str]]):
606
+ def name(self, value: Optional[pulumi.Input[builtins.str]]):
554
607
  pulumi.set(self, "name", value)
555
608
 
556
609
  @property
557
610
  @pulumi.getter
558
- def namespace(self) -> Optional[pulumi.Input[str]]:
611
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
559
612
  """
560
613
  The namespace to provision the resource in.
561
614
  The value should not contain leading or trailing forward slashes.
@@ -565,67 +618,79 @@ class _SecretBackendSignState:
565
618
  return pulumi.get(self, "namespace")
566
619
 
567
620
  @namespace.setter
568
- def namespace(self, value: Optional[pulumi.Input[str]]):
621
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
569
622
  pulumi.set(self, "namespace", value)
570
623
 
624
+ @property
625
+ @pulumi.getter(name="notAfter")
626
+ def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
627
+ """
628
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
629
+ """
630
+ return pulumi.get(self, "not_after")
631
+
632
+ @not_after.setter
633
+ def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
634
+ pulumi.set(self, "not_after", value)
635
+
571
636
  @property
572
637
  @pulumi.getter(name="otherSans")
573
- def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
638
+ def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
574
639
  """
575
640
  List of other SANs
576
641
  """
577
642
  return pulumi.get(self, "other_sans")
578
643
 
579
644
  @other_sans.setter
580
- def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
645
+ def other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
581
646
  pulumi.set(self, "other_sans", value)
582
647
 
583
648
  @property
584
649
  @pulumi.getter(name="renewPending")
585
- def renew_pending(self) -> Optional[pulumi.Input[bool]]:
650
+ def renew_pending(self) -> Optional[pulumi.Input[builtins.bool]]:
586
651
  """
587
652
  `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
588
653
  """
589
654
  return pulumi.get(self, "renew_pending")
590
655
 
591
656
  @renew_pending.setter
592
- def renew_pending(self, value: Optional[pulumi.Input[bool]]):
657
+ def renew_pending(self, value: Optional[pulumi.Input[builtins.bool]]):
593
658
  pulumi.set(self, "renew_pending", value)
594
659
 
595
660
  @property
596
661
  @pulumi.getter(name="serialNumber")
597
- def serial_number(self) -> Optional[pulumi.Input[str]]:
662
+ def serial_number(self) -> Optional[pulumi.Input[builtins.str]]:
598
663
  """
599
664
  The certificate's serial number, hex formatted.
600
665
  """
601
666
  return pulumi.get(self, "serial_number")
602
667
 
603
668
  @serial_number.setter
604
- def serial_number(self, value: Optional[pulumi.Input[str]]):
669
+ def serial_number(self, value: Optional[pulumi.Input[builtins.str]]):
605
670
  pulumi.set(self, "serial_number", value)
606
671
 
607
672
  @property
608
673
  @pulumi.getter
609
- def ttl(self) -> Optional[pulumi.Input[str]]:
674
+ def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
610
675
  """
611
676
  Time to live
612
677
  """
613
678
  return pulumi.get(self, "ttl")
614
679
 
615
680
  @ttl.setter
616
- def ttl(self, value: Optional[pulumi.Input[str]]):
681
+ def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
617
682
  pulumi.set(self, "ttl", value)
618
683
 
619
684
  @property
620
685
  @pulumi.getter(name="uriSans")
621
- def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
686
+ def uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
622
687
  """
623
688
  List of alternative URIs
624
689
  """
625
690
  return pulumi.get(self, "uri_sans")
626
691
 
627
692
  @uri_sans.setter
628
- def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
693
+ def uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
629
694
  pulumi.set(self, "uri_sans", value)
630
695
 
631
696
 
@@ -634,21 +699,23 @@ class SecretBackendSign(pulumi.CustomResource):
634
699
  def __init__(__self__,
635
700
  resource_name: str,
636
701
  opts: Optional[pulumi.ResourceOptions] = None,
637
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
638
- auto_renew: Optional[pulumi.Input[bool]] = None,
639
- backend: Optional[pulumi.Input[str]] = None,
640
- common_name: Optional[pulumi.Input[str]] = None,
641
- csr: Optional[pulumi.Input[str]] = None,
642
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
643
- format: Optional[pulumi.Input[str]] = None,
644
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
645
- issuer_ref: Optional[pulumi.Input[str]] = None,
646
- min_seconds_remaining: Optional[pulumi.Input[int]] = None,
647
- name: Optional[pulumi.Input[str]] = None,
648
- namespace: Optional[pulumi.Input[str]] = None,
649
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
650
- ttl: Optional[pulumi.Input[str]] = None,
651
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
702
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
703
+ auto_renew: Optional[pulumi.Input[builtins.bool]] = None,
704
+ backend: Optional[pulumi.Input[builtins.str]] = None,
705
+ cert_metadata: Optional[pulumi.Input[builtins.str]] = None,
706
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
707
+ csr: Optional[pulumi.Input[builtins.str]] = None,
708
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
709
+ format: Optional[pulumi.Input[builtins.str]] = None,
710
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
711
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
712
+ min_seconds_remaining: Optional[pulumi.Input[builtins.int]] = None,
713
+ name: Optional[pulumi.Input[builtins.str]] = None,
714
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
715
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
716
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
717
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
718
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
652
719
  __props__=None):
653
720
  """
654
721
  ## Example Usage
@@ -694,27 +761,29 @@ class SecretBackendSign(pulumi.CustomResource):
694
761
 
695
762
  :param str resource_name: The name of the resource.
696
763
  :param pulumi.ResourceOptions opts: Options for the resource.
697
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
698
- :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
699
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
700
- :param pulumi.Input[str] common_name: CN of certificate to create
701
- :param pulumi.Input[str] csr: The CSR
702
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
703
- :param pulumi.Input[str] format: The format of data
704
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
705
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. Can
764
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
765
+ :param pulumi.Input[builtins.bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
766
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
767
+ :param pulumi.Input[builtins.str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
768
+ :param pulumi.Input[builtins.str] common_name: CN of certificate to create
769
+ :param pulumi.Input[builtins.str] csr: The CSR
770
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
771
+ :param pulumi.Input[builtins.str] format: The format of data
772
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
773
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. Can
706
774
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
707
775
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
708
776
  overriding the role's `issuer_ref` value.
709
- :param pulumi.Input[int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
710
- :param pulumi.Input[str] name: Name of the role to create the certificate against
711
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
777
+ :param pulumi.Input[builtins.int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
778
+ :param pulumi.Input[builtins.str] name: Name of the role to create the certificate against
779
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
712
780
  The value should not contain leading or trailing forward slashes.
713
781
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
714
782
  *Available only for Vault Enterprise*.
715
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
716
- :param pulumi.Input[str] ttl: Time to live
717
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
783
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
784
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
785
+ :param pulumi.Input[builtins.str] ttl: Time to live
786
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
718
787
  """
719
788
  ...
720
789
  @overload
@@ -779,21 +848,23 @@ class SecretBackendSign(pulumi.CustomResource):
779
848
  def _internal_init(__self__,
780
849
  resource_name: str,
781
850
  opts: Optional[pulumi.ResourceOptions] = None,
782
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
783
- auto_renew: Optional[pulumi.Input[bool]] = None,
784
- backend: Optional[pulumi.Input[str]] = None,
785
- common_name: Optional[pulumi.Input[str]] = None,
786
- csr: Optional[pulumi.Input[str]] = None,
787
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
788
- format: Optional[pulumi.Input[str]] = None,
789
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
790
- issuer_ref: Optional[pulumi.Input[str]] = None,
791
- min_seconds_remaining: Optional[pulumi.Input[int]] = None,
792
- name: Optional[pulumi.Input[str]] = None,
793
- namespace: Optional[pulumi.Input[str]] = None,
794
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
795
- ttl: Optional[pulumi.Input[str]] = None,
796
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
851
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
852
+ auto_renew: Optional[pulumi.Input[builtins.bool]] = None,
853
+ backend: Optional[pulumi.Input[builtins.str]] = None,
854
+ cert_metadata: Optional[pulumi.Input[builtins.str]] = None,
855
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
856
+ csr: Optional[pulumi.Input[builtins.str]] = None,
857
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
858
+ format: Optional[pulumi.Input[builtins.str]] = None,
859
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
860
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
861
+ min_seconds_remaining: Optional[pulumi.Input[builtins.int]] = None,
862
+ name: Optional[pulumi.Input[builtins.str]] = None,
863
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
864
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
865
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
866
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
867
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
797
868
  __props__=None):
798
869
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
799
870
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -808,6 +879,7 @@ class SecretBackendSign(pulumi.CustomResource):
808
879
  if backend is None and not opts.urn:
809
880
  raise TypeError("Missing required property 'backend'")
810
881
  __props__.__dict__["backend"] = backend
882
+ __props__.__dict__["cert_metadata"] = cert_metadata
811
883
  if common_name is None and not opts.urn:
812
884
  raise TypeError("Missing required property 'common_name'")
813
885
  __props__.__dict__["common_name"] = common_name
@@ -821,6 +893,7 @@ class SecretBackendSign(pulumi.CustomResource):
821
893
  __props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
822
894
  __props__.__dict__["name"] = name
823
895
  __props__.__dict__["namespace"] = namespace
896
+ __props__.__dict__["not_after"] = not_after
824
897
  __props__.__dict__["other_sans"] = other_sans
825
898
  __props__.__dict__["ttl"] = ttl
826
899
  __props__.__dict__["uri_sans"] = uri_sans
@@ -840,27 +913,29 @@ class SecretBackendSign(pulumi.CustomResource):
840
913
  def get(resource_name: str,
841
914
  id: pulumi.Input[str],
842
915
  opts: Optional[pulumi.ResourceOptions] = None,
843
- alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
844
- auto_renew: Optional[pulumi.Input[bool]] = None,
845
- backend: Optional[pulumi.Input[str]] = None,
846
- ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
847
- certificate: Optional[pulumi.Input[str]] = None,
848
- common_name: Optional[pulumi.Input[str]] = None,
849
- csr: Optional[pulumi.Input[str]] = None,
850
- exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
851
- expiration: Optional[pulumi.Input[int]] = None,
852
- format: Optional[pulumi.Input[str]] = None,
853
- ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
854
- issuer_ref: Optional[pulumi.Input[str]] = None,
855
- issuing_ca: Optional[pulumi.Input[str]] = None,
856
- min_seconds_remaining: Optional[pulumi.Input[int]] = None,
857
- name: Optional[pulumi.Input[str]] = None,
858
- namespace: Optional[pulumi.Input[str]] = None,
859
- other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
860
- renew_pending: Optional[pulumi.Input[bool]] = None,
861
- serial_number: Optional[pulumi.Input[str]] = None,
862
- ttl: Optional[pulumi.Input[str]] = None,
863
- uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None) -> 'SecretBackendSign':
916
+ alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
917
+ auto_renew: Optional[pulumi.Input[builtins.bool]] = None,
918
+ backend: Optional[pulumi.Input[builtins.str]] = None,
919
+ ca_chains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
920
+ cert_metadata: Optional[pulumi.Input[builtins.str]] = None,
921
+ certificate: Optional[pulumi.Input[builtins.str]] = None,
922
+ common_name: Optional[pulumi.Input[builtins.str]] = None,
923
+ csr: Optional[pulumi.Input[builtins.str]] = None,
924
+ exclude_cn_from_sans: Optional[pulumi.Input[builtins.bool]] = None,
925
+ expiration: Optional[pulumi.Input[builtins.int]] = None,
926
+ format: Optional[pulumi.Input[builtins.str]] = None,
927
+ ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
928
+ issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
929
+ issuing_ca: Optional[pulumi.Input[builtins.str]] = None,
930
+ min_seconds_remaining: Optional[pulumi.Input[builtins.int]] = None,
931
+ name: Optional[pulumi.Input[builtins.str]] = None,
932
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
933
+ not_after: Optional[pulumi.Input[builtins.str]] = None,
934
+ other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
935
+ renew_pending: Optional[pulumi.Input[builtins.bool]] = None,
936
+ serial_number: Optional[pulumi.Input[builtins.str]] = None,
937
+ ttl: Optional[pulumi.Input[builtins.str]] = None,
938
+ uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None) -> 'SecretBackendSign':
864
939
  """
865
940
  Get an existing SecretBackendSign resource's state with the given name, id, and optional extra
866
941
  properties used to qualify the lookup.
@@ -868,33 +943,35 @@ class SecretBackendSign(pulumi.CustomResource):
868
943
  :param str resource_name: The unique name of the resulting resource.
869
944
  :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
870
945
  :param pulumi.ResourceOptions opts: Options for the resource.
871
- :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
872
- :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
873
- :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
874
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ca_chains: The CA chain
875
- :param pulumi.Input[str] certificate: The certificate
876
- :param pulumi.Input[str] common_name: CN of certificate to create
877
- :param pulumi.Input[str] csr: The CSR
878
- :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
879
- :param pulumi.Input[int] expiration: The expiration date of the certificate in unix epoch format
880
- :param pulumi.Input[str] format: The format of data
881
- :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
882
- :param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. Can
946
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] alt_names: List of alternative names
947
+ :param pulumi.Input[builtins.bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
948
+ :param pulumi.Input[builtins.str] backend: The PKI secret backend the resource belongs to.
949
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ca_chains: The CA chain
950
+ :param pulumi.Input[builtins.str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
951
+ :param pulumi.Input[builtins.str] certificate: The certificate
952
+ :param pulumi.Input[builtins.str] common_name: CN of certificate to create
953
+ :param pulumi.Input[builtins.str] csr: The CSR
954
+ :param pulumi.Input[builtins.bool] exclude_cn_from_sans: Flag to exclude CN from SANs
955
+ :param pulumi.Input[builtins.int] expiration: The expiration date of the certificate in unix epoch format
956
+ :param pulumi.Input[builtins.str] format: The format of data
957
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ip_sans: List of alternative IPs
958
+ :param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. Can
883
959
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
884
960
  the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
885
961
  overriding the role's `issuer_ref` value.
886
- :param pulumi.Input[str] issuing_ca: The issuing CA
887
- :param pulumi.Input[int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
888
- :param pulumi.Input[str] name: Name of the role to create the certificate against
889
- :param pulumi.Input[str] namespace: The namespace to provision the resource in.
962
+ :param pulumi.Input[builtins.str] issuing_ca: The issuing CA
963
+ :param pulumi.Input[builtins.int] min_seconds_remaining: Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
964
+ :param pulumi.Input[builtins.str] name: Name of the role to create the certificate against
965
+ :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
890
966
  The value should not contain leading or trailing forward slashes.
891
967
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
892
968
  *Available only for Vault Enterprise*.
893
- :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
894
- :param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
895
- :param pulumi.Input[str] serial_number: The certificate's serial number, hex formatted.
896
- :param pulumi.Input[str] ttl: Time to live
897
- :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
969
+ :param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
970
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] other_sans: List of other SANs
971
+ :param pulumi.Input[builtins.bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
972
+ :param pulumi.Input[builtins.str] serial_number: The certificate's serial number, hex formatted.
973
+ :param pulumi.Input[builtins.str] ttl: Time to live
974
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] uri_sans: List of alternative URIs
898
975
  """
899
976
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
900
977
 
@@ -904,6 +981,7 @@ class SecretBackendSign(pulumi.CustomResource):
904
981
  __props__.__dict__["auto_renew"] = auto_renew
905
982
  __props__.__dict__["backend"] = backend
906
983
  __props__.__dict__["ca_chains"] = ca_chains
984
+ __props__.__dict__["cert_metadata"] = cert_metadata
907
985
  __props__.__dict__["certificate"] = certificate
908
986
  __props__.__dict__["common_name"] = common_name
909
987
  __props__.__dict__["csr"] = csr
@@ -916,6 +994,7 @@ class SecretBackendSign(pulumi.CustomResource):
916
994
  __props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
917
995
  __props__.__dict__["name"] = name
918
996
  __props__.__dict__["namespace"] = namespace
997
+ __props__.__dict__["not_after"] = not_after
919
998
  __props__.__dict__["other_sans"] = other_sans
920
999
  __props__.__dict__["renew_pending"] = renew_pending
921
1000
  __props__.__dict__["serial_number"] = serial_number
@@ -925,7 +1004,7 @@ class SecretBackendSign(pulumi.CustomResource):
925
1004
 
926
1005
  @property
927
1006
  @pulumi.getter(name="altNames")
928
- def alt_names(self) -> pulumi.Output[Optional[Sequence[str]]]:
1007
+ def alt_names(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
929
1008
  """
930
1009
  List of alternative names
931
1010
  """
@@ -933,7 +1012,7 @@ class SecretBackendSign(pulumi.CustomResource):
933
1012
 
934
1013
  @property
935
1014
  @pulumi.getter(name="autoRenew")
936
- def auto_renew(self) -> pulumi.Output[Optional[bool]]:
1015
+ def auto_renew(self) -> pulumi.Output[Optional[builtins.bool]]:
937
1016
  """
938
1017
  If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
939
1018
  """
@@ -941,7 +1020,7 @@ class SecretBackendSign(pulumi.CustomResource):
941
1020
 
942
1021
  @property
943
1022
  @pulumi.getter
944
- def backend(self) -> pulumi.Output[str]:
1023
+ def backend(self) -> pulumi.Output[builtins.str]:
945
1024
  """
946
1025
  The PKI secret backend the resource belongs to.
947
1026
  """
@@ -949,15 +1028,23 @@ class SecretBackendSign(pulumi.CustomResource):
949
1028
 
950
1029
  @property
951
1030
  @pulumi.getter(name="caChains")
952
- def ca_chains(self) -> pulumi.Output[Sequence[str]]:
1031
+ def ca_chains(self) -> pulumi.Output[Sequence[builtins.str]]:
953
1032
  """
954
1033
  The CA chain
955
1034
  """
956
1035
  return pulumi.get(self, "ca_chains")
957
1036
 
1037
+ @property
1038
+ @pulumi.getter(name="certMetadata")
1039
+ def cert_metadata(self) -> pulumi.Output[Optional[builtins.str]]:
1040
+ """
1041
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
1042
+ """
1043
+ return pulumi.get(self, "cert_metadata")
1044
+
958
1045
  @property
959
1046
  @pulumi.getter
960
- def certificate(self) -> pulumi.Output[str]:
1047
+ def certificate(self) -> pulumi.Output[builtins.str]:
961
1048
  """
962
1049
  The certificate
963
1050
  """
@@ -965,7 +1052,7 @@ class SecretBackendSign(pulumi.CustomResource):
965
1052
 
966
1053
  @property
967
1054
  @pulumi.getter(name="commonName")
968
- def common_name(self) -> pulumi.Output[str]:
1055
+ def common_name(self) -> pulumi.Output[builtins.str]:
969
1056
  """
970
1057
  CN of certificate to create
971
1058
  """
@@ -973,7 +1060,7 @@ class SecretBackendSign(pulumi.CustomResource):
973
1060
 
974
1061
  @property
975
1062
  @pulumi.getter
976
- def csr(self) -> pulumi.Output[str]:
1063
+ def csr(self) -> pulumi.Output[builtins.str]:
977
1064
  """
978
1065
  The CSR
979
1066
  """
@@ -981,7 +1068,7 @@ class SecretBackendSign(pulumi.CustomResource):
981
1068
 
982
1069
  @property
983
1070
  @pulumi.getter(name="excludeCnFromSans")
984
- def exclude_cn_from_sans(self) -> pulumi.Output[Optional[bool]]:
1071
+ def exclude_cn_from_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
985
1072
  """
986
1073
  Flag to exclude CN from SANs
987
1074
  """
@@ -989,7 +1076,7 @@ class SecretBackendSign(pulumi.CustomResource):
989
1076
 
990
1077
  @property
991
1078
  @pulumi.getter
992
- def expiration(self) -> pulumi.Output[int]:
1079
+ def expiration(self) -> pulumi.Output[builtins.int]:
993
1080
  """
994
1081
  The expiration date of the certificate in unix epoch format
995
1082
  """
@@ -997,7 +1084,7 @@ class SecretBackendSign(pulumi.CustomResource):
997
1084
 
998
1085
  @property
999
1086
  @pulumi.getter
1000
- def format(self) -> pulumi.Output[Optional[str]]:
1087
+ def format(self) -> pulumi.Output[Optional[builtins.str]]:
1001
1088
  """
1002
1089
  The format of data
1003
1090
  """
@@ -1005,7 +1092,7 @@ class SecretBackendSign(pulumi.CustomResource):
1005
1092
 
1006
1093
  @property
1007
1094
  @pulumi.getter(name="ipSans")
1008
- def ip_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1095
+ def ip_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1009
1096
  """
1010
1097
  List of alternative IPs
1011
1098
  """
@@ -1013,7 +1100,7 @@ class SecretBackendSign(pulumi.CustomResource):
1013
1100
 
1014
1101
  @property
1015
1102
  @pulumi.getter(name="issuerRef")
1016
- def issuer_ref(self) -> pulumi.Output[Optional[str]]:
1103
+ def issuer_ref(self) -> pulumi.Output[Optional[builtins.str]]:
1017
1104
  """
1018
1105
  Specifies the default issuer of this request. Can
1019
1106
  be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
@@ -1024,7 +1111,7 @@ class SecretBackendSign(pulumi.CustomResource):
1024
1111
 
1025
1112
  @property
1026
1113
  @pulumi.getter(name="issuingCa")
1027
- def issuing_ca(self) -> pulumi.Output[str]:
1114
+ def issuing_ca(self) -> pulumi.Output[builtins.str]:
1028
1115
  """
1029
1116
  The issuing CA
1030
1117
  """
@@ -1032,7 +1119,7 @@ class SecretBackendSign(pulumi.CustomResource):
1032
1119
 
1033
1120
  @property
1034
1121
  @pulumi.getter(name="minSecondsRemaining")
1035
- def min_seconds_remaining(self) -> pulumi.Output[Optional[int]]:
1122
+ def min_seconds_remaining(self) -> pulumi.Output[Optional[builtins.int]]:
1036
1123
  """
1037
1124
  Generate a new certificate when the expiration is within this number of seconds, default is 604800 (7 days)
1038
1125
  """
@@ -1040,7 +1127,7 @@ class SecretBackendSign(pulumi.CustomResource):
1040
1127
 
1041
1128
  @property
1042
1129
  @pulumi.getter
1043
- def name(self) -> pulumi.Output[str]:
1130
+ def name(self) -> pulumi.Output[builtins.str]:
1044
1131
  """
1045
1132
  Name of the role to create the certificate against
1046
1133
  """
@@ -1048,7 +1135,7 @@ class SecretBackendSign(pulumi.CustomResource):
1048
1135
 
1049
1136
  @property
1050
1137
  @pulumi.getter
1051
- def namespace(self) -> pulumi.Output[Optional[str]]:
1138
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
1052
1139
  """
1053
1140
  The namespace to provision the resource in.
1054
1141
  The value should not contain leading or trailing forward slashes.
@@ -1057,9 +1144,17 @@ class SecretBackendSign(pulumi.CustomResource):
1057
1144
  """
1058
1145
  return pulumi.get(self, "namespace")
1059
1146
 
1147
+ @property
1148
+ @pulumi.getter(name="notAfter")
1149
+ def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
1150
+ """
1151
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1152
+ """
1153
+ return pulumi.get(self, "not_after")
1154
+
1060
1155
  @property
1061
1156
  @pulumi.getter(name="otherSans")
1062
- def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1157
+ def other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1063
1158
  """
1064
1159
  List of other SANs
1065
1160
  """
@@ -1067,7 +1162,7 @@ class SecretBackendSign(pulumi.CustomResource):
1067
1162
 
1068
1163
  @property
1069
1164
  @pulumi.getter(name="renewPending")
1070
- def renew_pending(self) -> pulumi.Output[bool]:
1165
+ def renew_pending(self) -> pulumi.Output[builtins.bool]:
1071
1166
  """
1072
1167
  `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
1073
1168
  """
@@ -1075,7 +1170,7 @@ class SecretBackendSign(pulumi.CustomResource):
1075
1170
 
1076
1171
  @property
1077
1172
  @pulumi.getter(name="serialNumber")
1078
- def serial_number(self) -> pulumi.Output[str]:
1173
+ def serial_number(self) -> pulumi.Output[builtins.str]:
1079
1174
  """
1080
1175
  The certificate's serial number, hex formatted.
1081
1176
  """
@@ -1083,7 +1178,7 @@ class SecretBackendSign(pulumi.CustomResource):
1083
1178
 
1084
1179
  @property
1085
1180
  @pulumi.getter
1086
- def ttl(self) -> pulumi.Output[Optional[str]]:
1181
+ def ttl(self) -> pulumi.Output[Optional[builtins.str]]:
1087
1182
  """
1088
1183
  Time to live
1089
1184
  """
@@ -1091,7 +1186,7 @@ class SecretBackendSign(pulumi.CustomResource):
1091
1186
 
1092
1187
  @property
1093
1188
  @pulumi.getter(name="uriSans")
1094
- def uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
1189
+ def uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
1095
1190
  """
1096
1191
  List of alternative URIs
1097
1192
  """