pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -0,0 +1,1376 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import copy
6
+ import warnings
7
+ import sys
8
+ import pulumi
9
+ import pulumi.runtime
10
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
11
+ if sys.version_info >= (3, 11):
12
+ from typing import NotRequired, TypedDict, TypeAlias
13
+ else:
14
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
15
+ from .. import _utilities
16
+
17
+ __all__ = ['BackendConfigAutoTidyArgs', 'BackendConfigAutoTidy']
18
+
19
+ @pulumi.input_type
20
+ class BackendConfigAutoTidyArgs:
21
+ def __init__(__self__, *,
22
+ backend: pulumi.Input[str],
23
+ enabled: pulumi.Input[bool],
24
+ acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
25
+ interval_duration: Optional[pulumi.Input[str]] = None,
26
+ issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
27
+ maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
28
+ max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
29
+ min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
30
+ namespace: Optional[pulumi.Input[str]] = None,
31
+ pause_duration: Optional[pulumi.Input[str]] = None,
32
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
33
+ revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
34
+ safety_buffer: Optional[pulumi.Input[str]] = None,
35
+ tidy_acme: Optional[pulumi.Input[bool]] = None,
36
+ tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
37
+ tidy_cert_store: Optional[pulumi.Input[bool]] = None,
38
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
39
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
40
+ tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
41
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
42
+ tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
43
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
44
+ tidy_revoked_certs: Optional[pulumi.Input[bool]] = None):
45
+ """
46
+ The set of arguments for constructing a BackendConfigAutoTidy resource.
47
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
48
+ read the configuration from, with no leading or trailing `/`s.
49
+ :param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
50
+ :param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
51
+ time after being marked revoked or deactivated.
52
+ :param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
53
+ between tidy invocations (after one finishes to the start of the next).
54
+ :param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
55
+ expiration before it is removed from the backend storage.
56
+ :param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
57
+ counted upon initialization of the backend, and whether during normal operation, a running count
58
+ of certificates stored is maintained.
59
+ :param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
60
+ after startup.
61
+ :param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
62
+ after startup.
63
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
64
+ The value should not contain leading or trailing forward slashes.
65
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
66
+ *Available only for Vault Enterprise*.
67
+ :param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
68
+ :param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
69
+ certificate count is published to the metrics consumer.
70
+ :param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
71
+ cross-cluster revocation request being initiated to when it will be slated for removal.
72
+ :param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
73
+ expiration before it is removed from the backend storage and/or revocation list.
74
+ :param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
75
+ :param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
76
+ :param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
77
+ :param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
78
+ :param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
79
+ revoked certificate store.
80
+ :param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
81
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
82
+ :param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
83
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
84
+ :param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
85
+ haven't been confirmed by any active cluster.
86
+ :param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
87
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
88
+ :param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
89
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
90
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
91
+ the CRL, and the CRL will be rotated.
92
+ """
93
+ pulumi.set(__self__, "backend", backend)
94
+ pulumi.set(__self__, "enabled", enabled)
95
+ if acme_account_safety_buffer is not None:
96
+ pulumi.set(__self__, "acme_account_safety_buffer", acme_account_safety_buffer)
97
+ if interval_duration is not None:
98
+ pulumi.set(__self__, "interval_duration", interval_duration)
99
+ if issuer_safety_buffer is not None:
100
+ pulumi.set(__self__, "issuer_safety_buffer", issuer_safety_buffer)
101
+ if maintain_stored_certificate_counts is not None:
102
+ pulumi.set(__self__, "maintain_stored_certificate_counts", maintain_stored_certificate_counts)
103
+ if max_startup_backoff_duration is not None:
104
+ pulumi.set(__self__, "max_startup_backoff_duration", max_startup_backoff_duration)
105
+ if min_startup_backoff_duration is not None:
106
+ pulumi.set(__self__, "min_startup_backoff_duration", min_startup_backoff_duration)
107
+ if namespace is not None:
108
+ pulumi.set(__self__, "namespace", namespace)
109
+ if pause_duration is not None:
110
+ pulumi.set(__self__, "pause_duration", pause_duration)
111
+ if publish_stored_certificate_count_metrics is not None:
112
+ pulumi.set(__self__, "publish_stored_certificate_count_metrics", publish_stored_certificate_count_metrics)
113
+ if revocation_queue_safety_buffer is not None:
114
+ pulumi.set(__self__, "revocation_queue_safety_buffer", revocation_queue_safety_buffer)
115
+ if safety_buffer is not None:
116
+ pulumi.set(__self__, "safety_buffer", safety_buffer)
117
+ if tidy_acme is not None:
118
+ pulumi.set(__self__, "tidy_acme", tidy_acme)
119
+ if tidy_cert_metadata is not None:
120
+ pulumi.set(__self__, "tidy_cert_metadata", tidy_cert_metadata)
121
+ if tidy_cert_store is not None:
122
+ pulumi.set(__self__, "tidy_cert_store", tidy_cert_store)
123
+ if tidy_cmpv2_nonce_store is not None:
124
+ pulumi.set(__self__, "tidy_cmpv2_nonce_store", tidy_cmpv2_nonce_store)
125
+ if tidy_cross_cluster_revoked_certs is not None:
126
+ pulumi.set(__self__, "tidy_cross_cluster_revoked_certs", tidy_cross_cluster_revoked_certs)
127
+ if tidy_expired_issuers is not None:
128
+ pulumi.set(__self__, "tidy_expired_issuers", tidy_expired_issuers)
129
+ if tidy_move_legacy_ca_bundle is not None:
130
+ pulumi.set(__self__, "tidy_move_legacy_ca_bundle", tidy_move_legacy_ca_bundle)
131
+ if tidy_revocation_queue is not None:
132
+ pulumi.set(__self__, "tidy_revocation_queue", tidy_revocation_queue)
133
+ if tidy_revoked_cert_issuer_associations is not None:
134
+ pulumi.set(__self__, "tidy_revoked_cert_issuer_associations", tidy_revoked_cert_issuer_associations)
135
+ if tidy_revoked_certs is not None:
136
+ pulumi.set(__self__, "tidy_revoked_certs", tidy_revoked_certs)
137
+
138
+ @property
139
+ @pulumi.getter
140
+ def backend(self) -> pulumi.Input[str]:
141
+ """
142
+ The path to the PKI secret backend to
143
+ read the configuration from, with no leading or trailing `/`s.
144
+ """
145
+ return pulumi.get(self, "backend")
146
+
147
+ @backend.setter
148
+ def backend(self, value: pulumi.Input[str]):
149
+ pulumi.set(self, "backend", value)
150
+
151
+ @property
152
+ @pulumi.getter
153
+ def enabled(self) -> pulumi.Input[bool]:
154
+ """
155
+ Specifies whether automatic tidy is enabled or not.
156
+ """
157
+ return pulumi.get(self, "enabled")
158
+
159
+ @enabled.setter
160
+ def enabled(self, value: pulumi.Input[bool]):
161
+ pulumi.set(self, "enabled", value)
162
+
163
+ @property
164
+ @pulumi.getter(name="acmeAccountSafetyBuffer")
165
+ def acme_account_safety_buffer(self) -> Optional[pulumi.Input[str]]:
166
+ """
167
+ The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
168
+ time after being marked revoked or deactivated.
169
+ """
170
+ return pulumi.get(self, "acme_account_safety_buffer")
171
+
172
+ @acme_account_safety_buffer.setter
173
+ def acme_account_safety_buffer(self, value: Optional[pulumi.Input[str]]):
174
+ pulumi.set(self, "acme_account_safety_buffer", value)
175
+
176
+ @property
177
+ @pulumi.getter(name="intervalDuration")
178
+ def interval_duration(self) -> Optional[pulumi.Input[str]]:
179
+ """
180
+ Interval at which to run an auto-tidy operation. This is the time
181
+ between tidy invocations (after one finishes to the start of the next).
182
+ """
183
+ return pulumi.get(self, "interval_duration")
184
+
185
+ @interval_duration.setter
186
+ def interval_duration(self, value: Optional[pulumi.Input[str]]):
187
+ pulumi.set(self, "interval_duration", value)
188
+
189
+ @property
190
+ @pulumi.getter(name="issuerSafetyBuffer")
191
+ def issuer_safety_buffer(self) -> Optional[pulumi.Input[str]]:
192
+ """
193
+ The amount of extra time that must have passed beyond issuer's
194
+ expiration before it is removed from the backend storage.
195
+ """
196
+ return pulumi.get(self, "issuer_safety_buffer")
197
+
198
+ @issuer_safety_buffer.setter
199
+ def issuer_safety_buffer(self, value: Optional[pulumi.Input[str]]):
200
+ pulumi.set(self, "issuer_safety_buffer", value)
201
+
202
+ @property
203
+ @pulumi.getter(name="maintainStoredCertificateCounts")
204
+ def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[bool]]:
205
+ """
206
+ This configures whether stored certificate are
207
+ counted upon initialization of the backend, and whether during normal operation, a running count
208
+ of certificates stored is maintained.
209
+ """
210
+ return pulumi.get(self, "maintain_stored_certificate_counts")
211
+
212
+ @maintain_stored_certificate_counts.setter
213
+ def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[bool]]):
214
+ pulumi.set(self, "maintain_stored_certificate_counts", value)
215
+
216
+ @property
217
+ @pulumi.getter(name="maxStartupBackoffDuration")
218
+ def max_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
219
+ """
220
+ The maximum amount of time auto-tidy will be delayed
221
+ after startup.
222
+ """
223
+ return pulumi.get(self, "max_startup_backoff_duration")
224
+
225
+ @max_startup_backoff_duration.setter
226
+ def max_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
227
+ pulumi.set(self, "max_startup_backoff_duration", value)
228
+
229
+ @property
230
+ @pulumi.getter(name="minStartupBackoffDuration")
231
+ def min_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
232
+ """
233
+ The minimum amount of time auto-tidy will be delayed
234
+ after startup.
235
+ """
236
+ return pulumi.get(self, "min_startup_backoff_duration")
237
+
238
+ @min_startup_backoff_duration.setter
239
+ def min_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
240
+ pulumi.set(self, "min_startup_backoff_duration", value)
241
+
242
+ @property
243
+ @pulumi.getter
244
+ def namespace(self) -> Optional[pulumi.Input[str]]:
245
+ """
246
+ The namespace of the target resource.
247
+ The value should not contain leading or trailing forward slashes.
248
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
249
+ *Available only for Vault Enterprise*.
250
+ """
251
+ return pulumi.get(self, "namespace")
252
+
253
+ @namespace.setter
254
+ def namespace(self, value: Optional[pulumi.Input[str]]):
255
+ pulumi.set(self, "namespace", value)
256
+
257
+ @property
258
+ @pulumi.getter(name="pauseDuration")
259
+ def pause_duration(self) -> Optional[pulumi.Input[str]]:
260
+ """
261
+ The amount of time to wait between processing certificates.
262
+ """
263
+ return pulumi.get(self, "pause_duration")
264
+
265
+ @pause_duration.setter
266
+ def pause_duration(self, value: Optional[pulumi.Input[str]]):
267
+ pulumi.set(self, "pause_duration", value)
268
+
269
+ @property
270
+ @pulumi.getter(name="publishStoredCertificateCountMetrics")
271
+ def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[bool]]:
272
+ """
273
+ This configures whether the stored
274
+ certificate count is published to the metrics consumer.
275
+ """
276
+ return pulumi.get(self, "publish_stored_certificate_count_metrics")
277
+
278
+ @publish_stored_certificate_count_metrics.setter
279
+ def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[bool]]):
280
+ pulumi.set(self, "publish_stored_certificate_count_metrics", value)
281
+
282
+ @property
283
+ @pulumi.getter(name="revocationQueueSafetyBuffer")
284
+ def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[str]]:
285
+ """
286
+ The amount of time that must pass from the
287
+ cross-cluster revocation request being initiated to when it will be slated for removal.
288
+ """
289
+ return pulumi.get(self, "revocation_queue_safety_buffer")
290
+
291
+ @revocation_queue_safety_buffer.setter
292
+ def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[str]]):
293
+ pulumi.set(self, "revocation_queue_safety_buffer", value)
294
+
295
+ @property
296
+ @pulumi.getter(name="safetyBuffer")
297
+ def safety_buffer(self) -> Optional[pulumi.Input[str]]:
298
+ """
299
+ The amount of extra time that must have passed beyond certificate
300
+ expiration before it is removed from the backend storage and/or revocation list.
301
+ """
302
+ return pulumi.get(self, "safety_buffer")
303
+
304
+ @safety_buffer.setter
305
+ def safety_buffer(self, value: Optional[pulumi.Input[str]]):
306
+ pulumi.set(self, "safety_buffer", value)
307
+
308
+ @property
309
+ @pulumi.getter(name="tidyAcme")
310
+ def tidy_acme(self) -> Optional[pulumi.Input[bool]]:
311
+ """
312
+ Set to true to enable tidying ACME accounts, orders and authorizations.
313
+ """
314
+ return pulumi.get(self, "tidy_acme")
315
+
316
+ @tidy_acme.setter
317
+ def tidy_acme(self, value: Optional[pulumi.Input[bool]]):
318
+ pulumi.set(self, "tidy_acme", value)
319
+
320
+ @property
321
+ @pulumi.getter(name="tidyCertMetadata")
322
+ def tidy_cert_metadata(self) -> Optional[pulumi.Input[bool]]:
323
+ """
324
+ Set to true to enable tidying up certificate metadata.
325
+ """
326
+ return pulumi.get(self, "tidy_cert_metadata")
327
+
328
+ @tidy_cert_metadata.setter
329
+ def tidy_cert_metadata(self, value: Optional[pulumi.Input[bool]]):
330
+ pulumi.set(self, "tidy_cert_metadata", value)
331
+
332
+ @property
333
+ @pulumi.getter(name="tidyCertStore")
334
+ def tidy_cert_store(self) -> Optional[pulumi.Input[bool]]:
335
+ """
336
+ Set to true to enable tidying up the certificate store
337
+ """
338
+ return pulumi.get(self, "tidy_cert_store")
339
+
340
+ @tidy_cert_store.setter
341
+ def tidy_cert_store(self, value: Optional[pulumi.Input[bool]]):
342
+ pulumi.set(self, "tidy_cert_store", value)
343
+
344
+ @property
345
+ @pulumi.getter(name="tidyCmpv2NonceStore")
346
+ def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[bool]]:
347
+ """
348
+ Set to true to enable tidying up the CMPv2 nonce store.
349
+ """
350
+ return pulumi.get(self, "tidy_cmpv2_nonce_store")
351
+
352
+ @tidy_cmpv2_nonce_store.setter
353
+ def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[bool]]):
354
+ pulumi.set(self, "tidy_cmpv2_nonce_store", value)
355
+
356
+ @property
357
+ @pulumi.getter(name="tidyCrossClusterRevokedCerts")
358
+ def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
359
+ """
360
+ Set to true to enable tidying up the cross-cluster
361
+ revoked certificate store.
362
+ """
363
+ return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
364
+
365
+ @tidy_cross_cluster_revoked_certs.setter
366
+ def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
367
+ pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
368
+
369
+ @property
370
+ @pulumi.getter(name="tidyExpiredIssuers")
371
+ def tidy_expired_issuers(self) -> Optional[pulumi.Input[bool]]:
372
+ """
373
+ Set to true to automatically remove expired issuers past the
374
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
375
+ """
376
+ return pulumi.get(self, "tidy_expired_issuers")
377
+
378
+ @tidy_expired_issuers.setter
379
+ def tidy_expired_issuers(self, value: Optional[pulumi.Input[bool]]):
380
+ pulumi.set(self, "tidy_expired_issuers", value)
381
+
382
+ @property
383
+ @pulumi.getter(name="tidyMoveLegacyCaBundle")
384
+ def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[bool]]:
385
+ """
386
+ Set to true to move the legacy `ca_bundle` from
387
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
388
+ """
389
+ return pulumi.get(self, "tidy_move_legacy_ca_bundle")
390
+
391
+ @tidy_move_legacy_ca_bundle.setter
392
+ def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[bool]]):
393
+ pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
394
+
395
+ @property
396
+ @pulumi.getter(name="tidyRevocationQueue")
397
+ def tidy_revocation_queue(self) -> Optional[pulumi.Input[bool]]:
398
+ """
399
+ Set to true to remove stale revocation queue entries that
400
+ haven't been confirmed by any active cluster.
401
+ """
402
+ return pulumi.get(self, "tidy_revocation_queue")
403
+
404
+ @tidy_revocation_queue.setter
405
+ def tidy_revocation_queue(self, value: Optional[pulumi.Input[bool]]):
406
+ pulumi.set(self, "tidy_revocation_queue", value)
407
+
408
+ @property
409
+ @pulumi.getter(name="tidyRevokedCertIssuerAssociations")
410
+ def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[bool]]:
411
+ """
412
+ Set to true to validate issuer associations
413
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
414
+ """
415
+ return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
416
+
417
+ @tidy_revoked_cert_issuer_associations.setter
418
+ def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[bool]]):
419
+ pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
420
+
421
+ @property
422
+ @pulumi.getter(name="tidyRevokedCerts")
423
+ def tidy_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
424
+ """
425
+ Set to true to remove all invalid and expired certificates from
426
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
427
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
428
+ the CRL, and the CRL will be rotated.
429
+ """
430
+ return pulumi.get(self, "tidy_revoked_certs")
431
+
432
+ @tidy_revoked_certs.setter
433
+ def tidy_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
434
+ pulumi.set(self, "tidy_revoked_certs", value)
435
+
436
+
437
+ @pulumi.input_type
438
+ class _BackendConfigAutoTidyState:
439
+ def __init__(__self__, *,
440
+ acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
441
+ backend: Optional[pulumi.Input[str]] = None,
442
+ enabled: Optional[pulumi.Input[bool]] = None,
443
+ interval_duration: Optional[pulumi.Input[str]] = None,
444
+ issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
445
+ maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
446
+ max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
447
+ min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
448
+ namespace: Optional[pulumi.Input[str]] = None,
449
+ pause_duration: Optional[pulumi.Input[str]] = None,
450
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
451
+ revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
452
+ safety_buffer: Optional[pulumi.Input[str]] = None,
453
+ tidy_acme: Optional[pulumi.Input[bool]] = None,
454
+ tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
455
+ tidy_cert_store: Optional[pulumi.Input[bool]] = None,
456
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
457
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
458
+ tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
459
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
460
+ tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
461
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
462
+ tidy_revoked_certs: Optional[pulumi.Input[bool]] = None):
463
+ """
464
+ Input properties used for looking up and filtering BackendConfigAutoTidy resources.
465
+ :param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
466
+ time after being marked revoked or deactivated.
467
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
468
+ read the configuration from, with no leading or trailing `/`s.
469
+ :param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
470
+ :param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
471
+ between tidy invocations (after one finishes to the start of the next).
472
+ :param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
473
+ expiration before it is removed from the backend storage.
474
+ :param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
475
+ counted upon initialization of the backend, and whether during normal operation, a running count
476
+ of certificates stored is maintained.
477
+ :param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
478
+ after startup.
479
+ :param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
480
+ after startup.
481
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
482
+ The value should not contain leading or trailing forward slashes.
483
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
484
+ *Available only for Vault Enterprise*.
485
+ :param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
486
+ :param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
487
+ certificate count is published to the metrics consumer.
488
+ :param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
489
+ cross-cluster revocation request being initiated to when it will be slated for removal.
490
+ :param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
491
+ expiration before it is removed from the backend storage and/or revocation list.
492
+ :param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
493
+ :param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
494
+ :param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
495
+ :param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
496
+ :param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
497
+ revoked certificate store.
498
+ :param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
499
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
500
+ :param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
501
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
502
+ :param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
503
+ haven't been confirmed by any active cluster.
504
+ :param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
505
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
506
+ :param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
507
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
508
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
509
+ the CRL, and the CRL will be rotated.
510
+ """
511
+ if acme_account_safety_buffer is not None:
512
+ pulumi.set(__self__, "acme_account_safety_buffer", acme_account_safety_buffer)
513
+ if backend is not None:
514
+ pulumi.set(__self__, "backend", backend)
515
+ if enabled is not None:
516
+ pulumi.set(__self__, "enabled", enabled)
517
+ if interval_duration is not None:
518
+ pulumi.set(__self__, "interval_duration", interval_duration)
519
+ if issuer_safety_buffer is not None:
520
+ pulumi.set(__self__, "issuer_safety_buffer", issuer_safety_buffer)
521
+ if maintain_stored_certificate_counts is not None:
522
+ pulumi.set(__self__, "maintain_stored_certificate_counts", maintain_stored_certificate_counts)
523
+ if max_startup_backoff_duration is not None:
524
+ pulumi.set(__self__, "max_startup_backoff_duration", max_startup_backoff_duration)
525
+ if min_startup_backoff_duration is not None:
526
+ pulumi.set(__self__, "min_startup_backoff_duration", min_startup_backoff_duration)
527
+ if namespace is not None:
528
+ pulumi.set(__self__, "namespace", namespace)
529
+ if pause_duration is not None:
530
+ pulumi.set(__self__, "pause_duration", pause_duration)
531
+ if publish_stored_certificate_count_metrics is not None:
532
+ pulumi.set(__self__, "publish_stored_certificate_count_metrics", publish_stored_certificate_count_metrics)
533
+ if revocation_queue_safety_buffer is not None:
534
+ pulumi.set(__self__, "revocation_queue_safety_buffer", revocation_queue_safety_buffer)
535
+ if safety_buffer is not None:
536
+ pulumi.set(__self__, "safety_buffer", safety_buffer)
537
+ if tidy_acme is not None:
538
+ pulumi.set(__self__, "tidy_acme", tidy_acme)
539
+ if tidy_cert_metadata is not None:
540
+ pulumi.set(__self__, "tidy_cert_metadata", tidy_cert_metadata)
541
+ if tidy_cert_store is not None:
542
+ pulumi.set(__self__, "tidy_cert_store", tidy_cert_store)
543
+ if tidy_cmpv2_nonce_store is not None:
544
+ pulumi.set(__self__, "tidy_cmpv2_nonce_store", tidy_cmpv2_nonce_store)
545
+ if tidy_cross_cluster_revoked_certs is not None:
546
+ pulumi.set(__self__, "tidy_cross_cluster_revoked_certs", tidy_cross_cluster_revoked_certs)
547
+ if tidy_expired_issuers is not None:
548
+ pulumi.set(__self__, "tidy_expired_issuers", tidy_expired_issuers)
549
+ if tidy_move_legacy_ca_bundle is not None:
550
+ pulumi.set(__self__, "tidy_move_legacy_ca_bundle", tidy_move_legacy_ca_bundle)
551
+ if tidy_revocation_queue is not None:
552
+ pulumi.set(__self__, "tidy_revocation_queue", tidy_revocation_queue)
553
+ if tidy_revoked_cert_issuer_associations is not None:
554
+ pulumi.set(__self__, "tidy_revoked_cert_issuer_associations", tidy_revoked_cert_issuer_associations)
555
+ if tidy_revoked_certs is not None:
556
+ pulumi.set(__self__, "tidy_revoked_certs", tidy_revoked_certs)
557
+
558
+ @property
559
+ @pulumi.getter(name="acmeAccountSafetyBuffer")
560
+ def acme_account_safety_buffer(self) -> Optional[pulumi.Input[str]]:
561
+ """
562
+ The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
563
+ time after being marked revoked or deactivated.
564
+ """
565
+ return pulumi.get(self, "acme_account_safety_buffer")
566
+
567
+ @acme_account_safety_buffer.setter
568
+ def acme_account_safety_buffer(self, value: Optional[pulumi.Input[str]]):
569
+ pulumi.set(self, "acme_account_safety_buffer", value)
570
+
571
+ @property
572
+ @pulumi.getter
573
+ def backend(self) -> Optional[pulumi.Input[str]]:
574
+ """
575
+ The path to the PKI secret backend to
576
+ read the configuration from, with no leading or trailing `/`s.
577
+ """
578
+ return pulumi.get(self, "backend")
579
+
580
+ @backend.setter
581
+ def backend(self, value: Optional[pulumi.Input[str]]):
582
+ pulumi.set(self, "backend", value)
583
+
584
+ @property
585
+ @pulumi.getter
586
+ def enabled(self) -> Optional[pulumi.Input[bool]]:
587
+ """
588
+ Specifies whether automatic tidy is enabled or not.
589
+ """
590
+ return pulumi.get(self, "enabled")
591
+
592
+ @enabled.setter
593
+ def enabled(self, value: Optional[pulumi.Input[bool]]):
594
+ pulumi.set(self, "enabled", value)
595
+
596
+ @property
597
+ @pulumi.getter(name="intervalDuration")
598
+ def interval_duration(self) -> Optional[pulumi.Input[str]]:
599
+ """
600
+ Interval at which to run an auto-tidy operation. This is the time
601
+ between tidy invocations (after one finishes to the start of the next).
602
+ """
603
+ return pulumi.get(self, "interval_duration")
604
+
605
+ @interval_duration.setter
606
+ def interval_duration(self, value: Optional[pulumi.Input[str]]):
607
+ pulumi.set(self, "interval_duration", value)
608
+
609
+ @property
610
+ @pulumi.getter(name="issuerSafetyBuffer")
611
+ def issuer_safety_buffer(self) -> Optional[pulumi.Input[str]]:
612
+ """
613
+ The amount of extra time that must have passed beyond issuer's
614
+ expiration before it is removed from the backend storage.
615
+ """
616
+ return pulumi.get(self, "issuer_safety_buffer")
617
+
618
+ @issuer_safety_buffer.setter
619
+ def issuer_safety_buffer(self, value: Optional[pulumi.Input[str]]):
620
+ pulumi.set(self, "issuer_safety_buffer", value)
621
+
622
+ @property
623
+ @pulumi.getter(name="maintainStoredCertificateCounts")
624
+ def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[bool]]:
625
+ """
626
+ This configures whether stored certificate are
627
+ counted upon initialization of the backend, and whether during normal operation, a running count
628
+ of certificates stored is maintained.
629
+ """
630
+ return pulumi.get(self, "maintain_stored_certificate_counts")
631
+
632
+ @maintain_stored_certificate_counts.setter
633
+ def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[bool]]):
634
+ pulumi.set(self, "maintain_stored_certificate_counts", value)
635
+
636
+ @property
637
+ @pulumi.getter(name="maxStartupBackoffDuration")
638
+ def max_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
639
+ """
640
+ The maximum amount of time auto-tidy will be delayed
641
+ after startup.
642
+ """
643
+ return pulumi.get(self, "max_startup_backoff_duration")
644
+
645
+ @max_startup_backoff_duration.setter
646
+ def max_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
647
+ pulumi.set(self, "max_startup_backoff_duration", value)
648
+
649
+ @property
650
+ @pulumi.getter(name="minStartupBackoffDuration")
651
+ def min_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
652
+ """
653
+ The minimum amount of time auto-tidy will be delayed
654
+ after startup.
655
+ """
656
+ return pulumi.get(self, "min_startup_backoff_duration")
657
+
658
+ @min_startup_backoff_duration.setter
659
+ def min_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
660
+ pulumi.set(self, "min_startup_backoff_duration", value)
661
+
662
+ @property
663
+ @pulumi.getter
664
+ def namespace(self) -> Optional[pulumi.Input[str]]:
665
+ """
666
+ The namespace of the target resource.
667
+ The value should not contain leading or trailing forward slashes.
668
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
669
+ *Available only for Vault Enterprise*.
670
+ """
671
+ return pulumi.get(self, "namespace")
672
+
673
+ @namespace.setter
674
+ def namespace(self, value: Optional[pulumi.Input[str]]):
675
+ pulumi.set(self, "namespace", value)
676
+
677
+ @property
678
+ @pulumi.getter(name="pauseDuration")
679
+ def pause_duration(self) -> Optional[pulumi.Input[str]]:
680
+ """
681
+ The amount of time to wait between processing certificates.
682
+ """
683
+ return pulumi.get(self, "pause_duration")
684
+
685
+ @pause_duration.setter
686
+ def pause_duration(self, value: Optional[pulumi.Input[str]]):
687
+ pulumi.set(self, "pause_duration", value)
688
+
689
+ @property
690
+ @pulumi.getter(name="publishStoredCertificateCountMetrics")
691
+ def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[bool]]:
692
+ """
693
+ This configures whether the stored
694
+ certificate count is published to the metrics consumer.
695
+ """
696
+ return pulumi.get(self, "publish_stored_certificate_count_metrics")
697
+
698
+ @publish_stored_certificate_count_metrics.setter
699
+ def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[bool]]):
700
+ pulumi.set(self, "publish_stored_certificate_count_metrics", value)
701
+
702
+ @property
703
+ @pulumi.getter(name="revocationQueueSafetyBuffer")
704
+ def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[str]]:
705
+ """
706
+ The amount of time that must pass from the
707
+ cross-cluster revocation request being initiated to when it will be slated for removal.
708
+ """
709
+ return pulumi.get(self, "revocation_queue_safety_buffer")
710
+
711
+ @revocation_queue_safety_buffer.setter
712
+ def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[str]]):
713
+ pulumi.set(self, "revocation_queue_safety_buffer", value)
714
+
715
+ @property
716
+ @pulumi.getter(name="safetyBuffer")
717
+ def safety_buffer(self) -> Optional[pulumi.Input[str]]:
718
+ """
719
+ The amount of extra time that must have passed beyond certificate
720
+ expiration before it is removed from the backend storage and/or revocation list.
721
+ """
722
+ return pulumi.get(self, "safety_buffer")
723
+
724
+ @safety_buffer.setter
725
+ def safety_buffer(self, value: Optional[pulumi.Input[str]]):
726
+ pulumi.set(self, "safety_buffer", value)
727
+
728
+ @property
729
+ @pulumi.getter(name="tidyAcme")
730
+ def tidy_acme(self) -> Optional[pulumi.Input[bool]]:
731
+ """
732
+ Set to true to enable tidying ACME accounts, orders and authorizations.
733
+ """
734
+ return pulumi.get(self, "tidy_acme")
735
+
736
+ @tidy_acme.setter
737
+ def tidy_acme(self, value: Optional[pulumi.Input[bool]]):
738
+ pulumi.set(self, "tidy_acme", value)
739
+
740
+ @property
741
+ @pulumi.getter(name="tidyCertMetadata")
742
+ def tidy_cert_metadata(self) -> Optional[pulumi.Input[bool]]:
743
+ """
744
+ Set to true to enable tidying up certificate metadata.
745
+ """
746
+ return pulumi.get(self, "tidy_cert_metadata")
747
+
748
+ @tidy_cert_metadata.setter
749
+ def tidy_cert_metadata(self, value: Optional[pulumi.Input[bool]]):
750
+ pulumi.set(self, "tidy_cert_metadata", value)
751
+
752
+ @property
753
+ @pulumi.getter(name="tidyCertStore")
754
+ def tidy_cert_store(self) -> Optional[pulumi.Input[bool]]:
755
+ """
756
+ Set to true to enable tidying up the certificate store
757
+ """
758
+ return pulumi.get(self, "tidy_cert_store")
759
+
760
+ @tidy_cert_store.setter
761
+ def tidy_cert_store(self, value: Optional[pulumi.Input[bool]]):
762
+ pulumi.set(self, "tidy_cert_store", value)
763
+
764
+ @property
765
+ @pulumi.getter(name="tidyCmpv2NonceStore")
766
+ def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[bool]]:
767
+ """
768
+ Set to true to enable tidying up the CMPv2 nonce store.
769
+ """
770
+ return pulumi.get(self, "tidy_cmpv2_nonce_store")
771
+
772
+ @tidy_cmpv2_nonce_store.setter
773
+ def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[bool]]):
774
+ pulumi.set(self, "tidy_cmpv2_nonce_store", value)
775
+
776
+ @property
777
+ @pulumi.getter(name="tidyCrossClusterRevokedCerts")
778
+ def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
779
+ """
780
+ Set to true to enable tidying up the cross-cluster
781
+ revoked certificate store.
782
+ """
783
+ return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
784
+
785
+ @tidy_cross_cluster_revoked_certs.setter
786
+ def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
787
+ pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
788
+
789
+ @property
790
+ @pulumi.getter(name="tidyExpiredIssuers")
791
+ def tidy_expired_issuers(self) -> Optional[pulumi.Input[bool]]:
792
+ """
793
+ Set to true to automatically remove expired issuers past the
794
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
795
+ """
796
+ return pulumi.get(self, "tidy_expired_issuers")
797
+
798
+ @tidy_expired_issuers.setter
799
+ def tidy_expired_issuers(self, value: Optional[pulumi.Input[bool]]):
800
+ pulumi.set(self, "tidy_expired_issuers", value)
801
+
802
+ @property
803
+ @pulumi.getter(name="tidyMoveLegacyCaBundle")
804
+ def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[bool]]:
805
+ """
806
+ Set to true to move the legacy `ca_bundle` from
807
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
808
+ """
809
+ return pulumi.get(self, "tidy_move_legacy_ca_bundle")
810
+
811
+ @tidy_move_legacy_ca_bundle.setter
812
+ def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[bool]]):
813
+ pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
814
+
815
+ @property
816
+ @pulumi.getter(name="tidyRevocationQueue")
817
+ def tidy_revocation_queue(self) -> Optional[pulumi.Input[bool]]:
818
+ """
819
+ Set to true to remove stale revocation queue entries that
820
+ haven't been confirmed by any active cluster.
821
+ """
822
+ return pulumi.get(self, "tidy_revocation_queue")
823
+
824
+ @tidy_revocation_queue.setter
825
+ def tidy_revocation_queue(self, value: Optional[pulumi.Input[bool]]):
826
+ pulumi.set(self, "tidy_revocation_queue", value)
827
+
828
+ @property
829
+ @pulumi.getter(name="tidyRevokedCertIssuerAssociations")
830
+ def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[bool]]:
831
+ """
832
+ Set to true to validate issuer associations
833
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
834
+ """
835
+ return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
836
+
837
+ @tidy_revoked_cert_issuer_associations.setter
838
+ def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[bool]]):
839
+ pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
840
+
841
+ @property
842
+ @pulumi.getter(name="tidyRevokedCerts")
843
+ def tidy_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
844
+ """
845
+ Set to true to remove all invalid and expired certificates from
846
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
847
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
848
+ the CRL, and the CRL will be rotated.
849
+ """
850
+ return pulumi.get(self, "tidy_revoked_certs")
851
+
852
+ @tidy_revoked_certs.setter
853
+ def tidy_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
854
+ pulumi.set(self, "tidy_revoked_certs", value)
855
+
856
+
857
+ class BackendConfigAutoTidy(pulumi.CustomResource):
858
+ @overload
859
+ def __init__(__self__,
860
+ resource_name: str,
861
+ opts: Optional[pulumi.ResourceOptions] = None,
862
+ acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
863
+ backend: Optional[pulumi.Input[str]] = None,
864
+ enabled: Optional[pulumi.Input[bool]] = None,
865
+ interval_duration: Optional[pulumi.Input[str]] = None,
866
+ issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
867
+ maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
868
+ max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
869
+ min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
870
+ namespace: Optional[pulumi.Input[str]] = None,
871
+ pause_duration: Optional[pulumi.Input[str]] = None,
872
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
873
+ revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
874
+ safety_buffer: Optional[pulumi.Input[str]] = None,
875
+ tidy_acme: Optional[pulumi.Input[bool]] = None,
876
+ tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
877
+ tidy_cert_store: Optional[pulumi.Input[bool]] = None,
878
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
879
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
880
+ tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
881
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
882
+ tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
883
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
884
+ tidy_revoked_certs: Optional[pulumi.Input[bool]] = None,
885
+ __props__=None):
886
+ """
887
+ Allows setting the Auto Tidy configuration on a PKI Secret Backend
888
+
889
+ ## Example Usage
890
+
891
+ ```python
892
+ import pulumi
893
+ import pulumi_vault as vault
894
+
895
+ pki = vault.Mount("pki",
896
+ path="pki",
897
+ type="pki",
898
+ default_lease_ttl_seconds=3600,
899
+ max_lease_ttl_seconds=86400)
900
+ test = vault.pki_secret.BackendConfigAutoTidy("test",
901
+ backend=pki.path,
902
+ enabled=True,
903
+ tidy_cert_store=True,
904
+ interval_duration="1h")
905
+ ```
906
+
907
+ :param str resource_name: The name of the resource.
908
+ :param pulumi.ResourceOptions opts: Options for the resource.
909
+ :param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
910
+ time after being marked revoked or deactivated.
911
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
912
+ read the configuration from, with no leading or trailing `/`s.
913
+ :param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
914
+ :param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
915
+ between tidy invocations (after one finishes to the start of the next).
916
+ :param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
917
+ expiration before it is removed from the backend storage.
918
+ :param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
919
+ counted upon initialization of the backend, and whether during normal operation, a running count
920
+ of certificates stored is maintained.
921
+ :param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
922
+ after startup.
923
+ :param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
924
+ after startup.
925
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
926
+ The value should not contain leading or trailing forward slashes.
927
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
928
+ *Available only for Vault Enterprise*.
929
+ :param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
930
+ :param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
931
+ certificate count is published to the metrics consumer.
932
+ :param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
933
+ cross-cluster revocation request being initiated to when it will be slated for removal.
934
+ :param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
935
+ expiration before it is removed from the backend storage and/or revocation list.
936
+ :param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
937
+ :param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
938
+ :param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
939
+ :param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
940
+ :param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
941
+ revoked certificate store.
942
+ :param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
943
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
944
+ :param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
945
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
946
+ :param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
947
+ haven't been confirmed by any active cluster.
948
+ :param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
949
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
950
+ :param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
951
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
952
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
953
+ the CRL, and the CRL will be rotated.
954
+ """
955
+ ...
956
+ @overload
957
+ def __init__(__self__,
958
+ resource_name: str,
959
+ args: BackendConfigAutoTidyArgs,
960
+ opts: Optional[pulumi.ResourceOptions] = None):
961
+ """
962
+ Allows setting the Auto Tidy configuration on a PKI Secret Backend
963
+
964
+ ## Example Usage
965
+
966
+ ```python
967
+ import pulumi
968
+ import pulumi_vault as vault
969
+
970
+ pki = vault.Mount("pki",
971
+ path="pki",
972
+ type="pki",
973
+ default_lease_ttl_seconds=3600,
974
+ max_lease_ttl_seconds=86400)
975
+ test = vault.pki_secret.BackendConfigAutoTidy("test",
976
+ backend=pki.path,
977
+ enabled=True,
978
+ tidy_cert_store=True,
979
+ interval_duration="1h")
980
+ ```
981
+
982
+ :param str resource_name: The name of the resource.
983
+ :param BackendConfigAutoTidyArgs args: The arguments to use to populate this resource's properties.
984
+ :param pulumi.ResourceOptions opts: Options for the resource.
985
+ """
986
+ ...
987
+ def __init__(__self__, resource_name: str, *args, **kwargs):
988
+ resource_args, opts = _utilities.get_resource_args_opts(BackendConfigAutoTidyArgs, pulumi.ResourceOptions, *args, **kwargs)
989
+ if resource_args is not None:
990
+ __self__._internal_init(resource_name, opts, **resource_args.__dict__)
991
+ else:
992
+ __self__._internal_init(resource_name, *args, **kwargs)
993
+
994
+ def _internal_init(__self__,
995
+ resource_name: str,
996
+ opts: Optional[pulumi.ResourceOptions] = None,
997
+ acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
998
+ backend: Optional[pulumi.Input[str]] = None,
999
+ enabled: Optional[pulumi.Input[bool]] = None,
1000
+ interval_duration: Optional[pulumi.Input[str]] = None,
1001
+ issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
1002
+ maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
1003
+ max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
1004
+ min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
1005
+ namespace: Optional[pulumi.Input[str]] = None,
1006
+ pause_duration: Optional[pulumi.Input[str]] = None,
1007
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
1008
+ revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
1009
+ safety_buffer: Optional[pulumi.Input[str]] = None,
1010
+ tidy_acme: Optional[pulumi.Input[bool]] = None,
1011
+ tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
1012
+ tidy_cert_store: Optional[pulumi.Input[bool]] = None,
1013
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
1014
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
1015
+ tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
1016
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
1017
+ tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
1018
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
1019
+ tidy_revoked_certs: Optional[pulumi.Input[bool]] = None,
1020
+ __props__=None):
1021
+ opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1022
+ if not isinstance(opts, pulumi.ResourceOptions):
1023
+ raise TypeError('Expected resource options to be a ResourceOptions instance')
1024
+ if opts.id is None:
1025
+ if __props__ is not None:
1026
+ raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
1027
+ __props__ = BackendConfigAutoTidyArgs.__new__(BackendConfigAutoTidyArgs)
1028
+
1029
+ __props__.__dict__["acme_account_safety_buffer"] = acme_account_safety_buffer
1030
+ if backend is None and not opts.urn:
1031
+ raise TypeError("Missing required property 'backend'")
1032
+ __props__.__dict__["backend"] = backend
1033
+ if enabled is None and not opts.urn:
1034
+ raise TypeError("Missing required property 'enabled'")
1035
+ __props__.__dict__["enabled"] = enabled
1036
+ __props__.__dict__["interval_duration"] = interval_duration
1037
+ __props__.__dict__["issuer_safety_buffer"] = issuer_safety_buffer
1038
+ __props__.__dict__["maintain_stored_certificate_counts"] = maintain_stored_certificate_counts
1039
+ __props__.__dict__["max_startup_backoff_duration"] = max_startup_backoff_duration
1040
+ __props__.__dict__["min_startup_backoff_duration"] = min_startup_backoff_duration
1041
+ __props__.__dict__["namespace"] = namespace
1042
+ __props__.__dict__["pause_duration"] = pause_duration
1043
+ __props__.__dict__["publish_stored_certificate_count_metrics"] = publish_stored_certificate_count_metrics
1044
+ __props__.__dict__["revocation_queue_safety_buffer"] = revocation_queue_safety_buffer
1045
+ __props__.__dict__["safety_buffer"] = safety_buffer
1046
+ __props__.__dict__["tidy_acme"] = tidy_acme
1047
+ __props__.__dict__["tidy_cert_metadata"] = tidy_cert_metadata
1048
+ __props__.__dict__["tidy_cert_store"] = tidy_cert_store
1049
+ __props__.__dict__["tidy_cmpv2_nonce_store"] = tidy_cmpv2_nonce_store
1050
+ __props__.__dict__["tidy_cross_cluster_revoked_certs"] = tidy_cross_cluster_revoked_certs
1051
+ __props__.__dict__["tidy_expired_issuers"] = tidy_expired_issuers
1052
+ __props__.__dict__["tidy_move_legacy_ca_bundle"] = tidy_move_legacy_ca_bundle
1053
+ __props__.__dict__["tidy_revocation_queue"] = tidy_revocation_queue
1054
+ __props__.__dict__["tidy_revoked_cert_issuer_associations"] = tidy_revoked_cert_issuer_associations
1055
+ __props__.__dict__["tidy_revoked_certs"] = tidy_revoked_certs
1056
+ super(BackendConfigAutoTidy, __self__).__init__(
1057
+ 'vault:pkiSecret/backendConfigAutoTidy:BackendConfigAutoTidy',
1058
+ resource_name,
1059
+ __props__,
1060
+ opts)
1061
+
1062
+ @staticmethod
1063
+ def get(resource_name: str,
1064
+ id: pulumi.Input[str],
1065
+ opts: Optional[pulumi.ResourceOptions] = None,
1066
+ acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
1067
+ backend: Optional[pulumi.Input[str]] = None,
1068
+ enabled: Optional[pulumi.Input[bool]] = None,
1069
+ interval_duration: Optional[pulumi.Input[str]] = None,
1070
+ issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
1071
+ maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
1072
+ max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
1073
+ min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
1074
+ namespace: Optional[pulumi.Input[str]] = None,
1075
+ pause_duration: Optional[pulumi.Input[str]] = None,
1076
+ publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
1077
+ revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
1078
+ safety_buffer: Optional[pulumi.Input[str]] = None,
1079
+ tidy_acme: Optional[pulumi.Input[bool]] = None,
1080
+ tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
1081
+ tidy_cert_store: Optional[pulumi.Input[bool]] = None,
1082
+ tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
1083
+ tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
1084
+ tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
1085
+ tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
1086
+ tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
1087
+ tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
1088
+ tidy_revoked_certs: Optional[pulumi.Input[bool]] = None) -> 'BackendConfigAutoTidy':
1089
+ """
1090
+ Get an existing BackendConfigAutoTidy resource's state with the given name, id, and optional extra
1091
+ properties used to qualify the lookup.
1092
+
1093
+ :param str resource_name: The unique name of the resulting resource.
1094
+ :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
1095
+ :param pulumi.ResourceOptions opts: Options for the resource.
1096
+ :param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
1097
+ time after being marked revoked or deactivated.
1098
+ :param pulumi.Input[str] backend: The path to the PKI secret backend to
1099
+ read the configuration from, with no leading or trailing `/`s.
1100
+ :param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
1101
+ :param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
1102
+ between tidy invocations (after one finishes to the start of the next).
1103
+ :param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
1104
+ expiration before it is removed from the backend storage.
1105
+ :param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
1106
+ counted upon initialization of the backend, and whether during normal operation, a running count
1107
+ of certificates stored is maintained.
1108
+ :param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
1109
+ after startup.
1110
+ :param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
1111
+ after startup.
1112
+ :param pulumi.Input[str] namespace: The namespace of the target resource.
1113
+ The value should not contain leading or trailing forward slashes.
1114
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1115
+ *Available only for Vault Enterprise*.
1116
+ :param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
1117
+ :param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
1118
+ certificate count is published to the metrics consumer.
1119
+ :param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
1120
+ cross-cluster revocation request being initiated to when it will be slated for removal.
1121
+ :param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
1122
+ expiration before it is removed from the backend storage and/or revocation list.
1123
+ :param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
1124
+ :param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
1125
+ :param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
1126
+ :param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
1127
+ :param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
1128
+ revoked certificate store.
1129
+ :param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
1130
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
1131
+ :param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
1132
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
1133
+ :param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
1134
+ haven't been confirmed by any active cluster.
1135
+ :param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
1136
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
1137
+ :param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
1138
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
1139
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
1140
+ the CRL, and the CRL will be rotated.
1141
+ """
1142
+ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
1143
+
1144
+ __props__ = _BackendConfigAutoTidyState.__new__(_BackendConfigAutoTidyState)
1145
+
1146
+ __props__.__dict__["acme_account_safety_buffer"] = acme_account_safety_buffer
1147
+ __props__.__dict__["backend"] = backend
1148
+ __props__.__dict__["enabled"] = enabled
1149
+ __props__.__dict__["interval_duration"] = interval_duration
1150
+ __props__.__dict__["issuer_safety_buffer"] = issuer_safety_buffer
1151
+ __props__.__dict__["maintain_stored_certificate_counts"] = maintain_stored_certificate_counts
1152
+ __props__.__dict__["max_startup_backoff_duration"] = max_startup_backoff_duration
1153
+ __props__.__dict__["min_startup_backoff_duration"] = min_startup_backoff_duration
1154
+ __props__.__dict__["namespace"] = namespace
1155
+ __props__.__dict__["pause_duration"] = pause_duration
1156
+ __props__.__dict__["publish_stored_certificate_count_metrics"] = publish_stored_certificate_count_metrics
1157
+ __props__.__dict__["revocation_queue_safety_buffer"] = revocation_queue_safety_buffer
1158
+ __props__.__dict__["safety_buffer"] = safety_buffer
1159
+ __props__.__dict__["tidy_acme"] = tidy_acme
1160
+ __props__.__dict__["tidy_cert_metadata"] = tidy_cert_metadata
1161
+ __props__.__dict__["tidy_cert_store"] = tidy_cert_store
1162
+ __props__.__dict__["tidy_cmpv2_nonce_store"] = tidy_cmpv2_nonce_store
1163
+ __props__.__dict__["tidy_cross_cluster_revoked_certs"] = tidy_cross_cluster_revoked_certs
1164
+ __props__.__dict__["tidy_expired_issuers"] = tidy_expired_issuers
1165
+ __props__.__dict__["tidy_move_legacy_ca_bundle"] = tidy_move_legacy_ca_bundle
1166
+ __props__.__dict__["tidy_revocation_queue"] = tidy_revocation_queue
1167
+ __props__.__dict__["tidy_revoked_cert_issuer_associations"] = tidy_revoked_cert_issuer_associations
1168
+ __props__.__dict__["tidy_revoked_certs"] = tidy_revoked_certs
1169
+ return BackendConfigAutoTidy(resource_name, opts=opts, __props__=__props__)
1170
+
1171
+ @property
1172
+ @pulumi.getter(name="acmeAccountSafetyBuffer")
1173
+ def acme_account_safety_buffer(self) -> pulumi.Output[str]:
1174
+ """
1175
+ The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
1176
+ time after being marked revoked or deactivated.
1177
+ """
1178
+ return pulumi.get(self, "acme_account_safety_buffer")
1179
+
1180
+ @property
1181
+ @pulumi.getter
1182
+ def backend(self) -> pulumi.Output[str]:
1183
+ """
1184
+ The path to the PKI secret backend to
1185
+ read the configuration from, with no leading or trailing `/`s.
1186
+ """
1187
+ return pulumi.get(self, "backend")
1188
+
1189
+ @property
1190
+ @pulumi.getter
1191
+ def enabled(self) -> pulumi.Output[bool]:
1192
+ """
1193
+ Specifies whether automatic tidy is enabled or not.
1194
+ """
1195
+ return pulumi.get(self, "enabled")
1196
+
1197
+ @property
1198
+ @pulumi.getter(name="intervalDuration")
1199
+ def interval_duration(self) -> pulumi.Output[str]:
1200
+ """
1201
+ Interval at which to run an auto-tidy operation. This is the time
1202
+ between tidy invocations (after one finishes to the start of the next).
1203
+ """
1204
+ return pulumi.get(self, "interval_duration")
1205
+
1206
+ @property
1207
+ @pulumi.getter(name="issuerSafetyBuffer")
1208
+ def issuer_safety_buffer(self) -> pulumi.Output[str]:
1209
+ """
1210
+ The amount of extra time that must have passed beyond issuer's
1211
+ expiration before it is removed from the backend storage.
1212
+ """
1213
+ return pulumi.get(self, "issuer_safety_buffer")
1214
+
1215
+ @property
1216
+ @pulumi.getter(name="maintainStoredCertificateCounts")
1217
+ def maintain_stored_certificate_counts(self) -> pulumi.Output[Optional[bool]]:
1218
+ """
1219
+ This configures whether stored certificate are
1220
+ counted upon initialization of the backend, and whether during normal operation, a running count
1221
+ of certificates stored is maintained.
1222
+ """
1223
+ return pulumi.get(self, "maintain_stored_certificate_counts")
1224
+
1225
+ @property
1226
+ @pulumi.getter(name="maxStartupBackoffDuration")
1227
+ def max_startup_backoff_duration(self) -> pulumi.Output[str]:
1228
+ """
1229
+ The maximum amount of time auto-tidy will be delayed
1230
+ after startup.
1231
+ """
1232
+ return pulumi.get(self, "max_startup_backoff_duration")
1233
+
1234
+ @property
1235
+ @pulumi.getter(name="minStartupBackoffDuration")
1236
+ def min_startup_backoff_duration(self) -> pulumi.Output[str]:
1237
+ """
1238
+ The minimum amount of time auto-tidy will be delayed
1239
+ after startup.
1240
+ """
1241
+ return pulumi.get(self, "min_startup_backoff_duration")
1242
+
1243
+ @property
1244
+ @pulumi.getter
1245
+ def namespace(self) -> pulumi.Output[Optional[str]]:
1246
+ """
1247
+ The namespace of the target resource.
1248
+ The value should not contain leading or trailing forward slashes.
1249
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1250
+ *Available only for Vault Enterprise*.
1251
+ """
1252
+ return pulumi.get(self, "namespace")
1253
+
1254
+ @property
1255
+ @pulumi.getter(name="pauseDuration")
1256
+ def pause_duration(self) -> pulumi.Output[str]:
1257
+ """
1258
+ The amount of time to wait between processing certificates.
1259
+ """
1260
+ return pulumi.get(self, "pause_duration")
1261
+
1262
+ @property
1263
+ @pulumi.getter(name="publishStoredCertificateCountMetrics")
1264
+ def publish_stored_certificate_count_metrics(self) -> pulumi.Output[Optional[bool]]:
1265
+ """
1266
+ This configures whether the stored
1267
+ certificate count is published to the metrics consumer.
1268
+ """
1269
+ return pulumi.get(self, "publish_stored_certificate_count_metrics")
1270
+
1271
+ @property
1272
+ @pulumi.getter(name="revocationQueueSafetyBuffer")
1273
+ def revocation_queue_safety_buffer(self) -> pulumi.Output[str]:
1274
+ """
1275
+ The amount of time that must pass from the
1276
+ cross-cluster revocation request being initiated to when it will be slated for removal.
1277
+ """
1278
+ return pulumi.get(self, "revocation_queue_safety_buffer")
1279
+
1280
+ @property
1281
+ @pulumi.getter(name="safetyBuffer")
1282
+ def safety_buffer(self) -> pulumi.Output[str]:
1283
+ """
1284
+ The amount of extra time that must have passed beyond certificate
1285
+ expiration before it is removed from the backend storage and/or revocation list.
1286
+ """
1287
+ return pulumi.get(self, "safety_buffer")
1288
+
1289
+ @property
1290
+ @pulumi.getter(name="tidyAcme")
1291
+ def tidy_acme(self) -> pulumi.Output[Optional[bool]]:
1292
+ """
1293
+ Set to true to enable tidying ACME accounts, orders and authorizations.
1294
+ """
1295
+ return pulumi.get(self, "tidy_acme")
1296
+
1297
+ @property
1298
+ @pulumi.getter(name="tidyCertMetadata")
1299
+ def tidy_cert_metadata(self) -> pulumi.Output[Optional[bool]]:
1300
+ """
1301
+ Set to true to enable tidying up certificate metadata.
1302
+ """
1303
+ return pulumi.get(self, "tidy_cert_metadata")
1304
+
1305
+ @property
1306
+ @pulumi.getter(name="tidyCertStore")
1307
+ def tidy_cert_store(self) -> pulumi.Output[Optional[bool]]:
1308
+ """
1309
+ Set to true to enable tidying up the certificate store
1310
+ """
1311
+ return pulumi.get(self, "tidy_cert_store")
1312
+
1313
+ @property
1314
+ @pulumi.getter(name="tidyCmpv2NonceStore")
1315
+ def tidy_cmpv2_nonce_store(self) -> pulumi.Output[Optional[bool]]:
1316
+ """
1317
+ Set to true to enable tidying up the CMPv2 nonce store.
1318
+ """
1319
+ return pulumi.get(self, "tidy_cmpv2_nonce_store")
1320
+
1321
+ @property
1322
+ @pulumi.getter(name="tidyCrossClusterRevokedCerts")
1323
+ def tidy_cross_cluster_revoked_certs(self) -> pulumi.Output[Optional[bool]]:
1324
+ """
1325
+ Set to true to enable tidying up the cross-cluster
1326
+ revoked certificate store.
1327
+ """
1328
+ return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
1329
+
1330
+ @property
1331
+ @pulumi.getter(name="tidyExpiredIssuers")
1332
+ def tidy_expired_issuers(self) -> pulumi.Output[Optional[bool]]:
1333
+ """
1334
+ Set to true to automatically remove expired issuers past the
1335
+ `issuer_safety_buffer`. No keys will be removed as part of this operation.
1336
+ """
1337
+ return pulumi.get(self, "tidy_expired_issuers")
1338
+
1339
+ @property
1340
+ @pulumi.getter(name="tidyMoveLegacyCaBundle")
1341
+ def tidy_move_legacy_ca_bundle(self) -> pulumi.Output[Optional[bool]]:
1342
+ """
1343
+ Set to true to move the legacy `ca_bundle` from
1344
+ `/config/ca_bundle` to `/config/ca_bundle.bak`.
1345
+ """
1346
+ return pulumi.get(self, "tidy_move_legacy_ca_bundle")
1347
+
1348
+ @property
1349
+ @pulumi.getter(name="tidyRevocationQueue")
1350
+ def tidy_revocation_queue(self) -> pulumi.Output[Optional[bool]]:
1351
+ """
1352
+ Set to true to remove stale revocation queue entries that
1353
+ haven't been confirmed by any active cluster.
1354
+ """
1355
+ return pulumi.get(self, "tidy_revocation_queue")
1356
+
1357
+ @property
1358
+ @pulumi.getter(name="tidyRevokedCertIssuerAssociations")
1359
+ def tidy_revoked_cert_issuer_associations(self) -> pulumi.Output[Optional[bool]]:
1360
+ """
1361
+ Set to true to validate issuer associations
1362
+ on revocation entries. This helps increase the performance of CRL building and OCSP responses.
1363
+ """
1364
+ return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
1365
+
1366
+ @property
1367
+ @pulumi.getter(name="tidyRevokedCerts")
1368
+ def tidy_revoked_certs(self) -> pulumi.Output[Optional[bool]]:
1369
+ """
1370
+ Set to true to remove all invalid and expired certificates from
1371
+ storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
1372
+ the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
1373
+ the CRL, and the CRL will be rotated.
1374
+ """
1375
+ return pulumi.get(self, "tidy_revoked_certs")
1376
+