pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl

pulumi_vault/pkisecret/backend_config_cmpv2.py

@@ -25,6 +25,7 @@ class BackendConfigCmpv2Args:
                  audit_fields: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  authenticators: Optional[pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs']] = None,
                  default_path_policy: Optional[pulumi.Input[str]] = None,
+                 disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
                  namespace: Optional[pulumi.Input[str]] = None):
@@ -33,10 +34,11 @@ class BackendConfigCmpv2Args:
         :param pulumi.Input[str] backend: The path to the PKI secret backend to
                read the CMPv2 configuration from, with no leading or trailing `/`s.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-               
-               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs'] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
         :param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
+               
+               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
         :param pulumi.Input[str] namespace: The namespace of the target resource.
@@ -51,6 +53,8 @@ class BackendConfigCmpv2Args:
             pulumi.set(__self__, "authenticators", authenticators)
         if default_path_policy is not None:
             pulumi.set(__self__, "default_path_policy", default_path_policy)
+        if disabled_validations is not None:
+            pulumi.set(__self__, "disabled_validations", disabled_validations)
         if enable_sentinel_parsing is not None:
             pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
         if enabled is not None:
@@ -76,8 +80,6 @@ class BackendConfigCmpv2Args:
     def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
         Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-
-        <a id="nestedatt--authenticators"></a>
         """
         return pulumi.get(self, "audit_fields")
 
@@ -109,6 +111,20 @@ class BackendConfigCmpv2Args:
     def default_path_policy(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "default_path_policy", value)
 
+    @property
+    @pulumi.getter(name="disabledValidations")
+    def disabled_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A comma-separated list of validations not to perform on CMPv2 messages.
+
+        <a id="nestedatt--authenticators"></a>
+        """
+        return pulumi.get(self, "disabled_validations")
+
+    @disabled_validations.setter
+    def disabled_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "disabled_validations", value)
+
     @property
     @pulumi.getter(name="enableSentinelParsing")
     def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
@@ -156,6 +172,7 @@ class _BackendConfigCmpv2State:
                  authenticators: Optional[pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs']] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  default_path_policy: Optional[pulumi.Input[str]] = None,
+                 disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
                  last_updated: Optional[pulumi.Input[str]] = None,
@@ -163,12 +180,13 @@ class _BackendConfigCmpv2State:
         """
         Input properties used for looking up and filtering BackendConfigCmpv2 resources.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-               
-               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input['BackendConfigCmpv2AuthenticatorsArgs'] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
         :param pulumi.Input[str] backend: The path to the PKI secret backend to
                read the CMPv2 configuration from, with no leading or trailing `/`s.
         :param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
+               
+               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
         :param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
@@ -185,6 +203,8 @@ class _BackendConfigCmpv2State:
             pulumi.set(__self__, "backend", backend)
         if default_path_policy is not None:
             pulumi.set(__self__, "default_path_policy", default_path_policy)
+        if disabled_validations is not None:
+            pulumi.set(__self__, "disabled_validations", disabled_validations)
         if enable_sentinel_parsing is not None:
             pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
         if enabled is not None:
@@ -199,8 +219,6 @@ class _BackendConfigCmpv2State:
     def audit_fields(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
         Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-
-        <a id="nestedatt--authenticators"></a>
         """
         return pulumi.get(self, "audit_fields")
 
@@ -245,6 +263,20 @@ class _BackendConfigCmpv2State:
     def default_path_policy(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "default_path_policy", value)
 
+    @property
+    @pulumi.getter(name="disabledValidations")
+    def disabled_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A comma-separated list of validations not to perform on CMPv2 messages.
+
+        <a id="nestedatt--authenticators"></a>
+        """
+        return pulumi.get(self, "disabled_validations")
+
+    @disabled_validations.setter
+    def disabled_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "disabled_validations", value)
+
     @property
     @pulumi.getter(name="enableSentinelParsing")
     def enable_sentinel_parsing(self) -> Optional[pulumi.Input[bool]]:
@@ -306,6 +338,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
                  authenticators: Optional[pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  default_path_policy: Optional[pulumi.Input[str]] = None,
+                 disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -326,12 +359,13 @@ class BackendConfigCmpv2(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-               
-               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
         :param pulumi.Input[str] backend: The path to the PKI secret backend to
                read the CMPv2 configuration from, with no leading or trailing `/`s.
         :param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
+               
+               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
         :param pulumi.Input[str] namespace: The namespace of the target resource.
@@ -377,6 +411,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
                  authenticators: Optional[pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']]] = None,
                  backend: Optional[pulumi.Input[str]] = None,
                  default_path_policy: Optional[pulumi.Input[str]] = None,
+                 disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
                  enabled: Optional[pulumi.Input[bool]] = None,
                  namespace: Optional[pulumi.Input[str]] = None,
@@ -395,6 +430,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
                 raise TypeError("Missing required property 'backend'")
             __props__.__dict__["backend"] = backend
             __props__.__dict__["default_path_policy"] = default_path_policy
+            __props__.__dict__["disabled_validations"] = disabled_validations
             __props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
             __props__.__dict__["enabled"] = enabled
             __props__.__dict__["namespace"] = namespace
@@ -413,6 +449,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
             authenticators: Optional[pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']]] = None,
             backend: Optional[pulumi.Input[str]] = None,
             default_path_policy: Optional[pulumi.Input[str]] = None,
+            disabled_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             enable_sentinel_parsing: Optional[pulumi.Input[bool]] = None,
             enabled: Optional[pulumi.Input[bool]] = None,
             last_updated: Optional[pulumi.Input[str]] = None,
@@ -425,12 +462,13 @@ class BackendConfigCmpv2(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] audit_fields: Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-               
-               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input[Union['BackendConfigCmpv2AuthenticatorsArgs', 'BackendConfigCmpv2AuthenticatorsArgsDict']] authenticators: Lists the mount accessors CMPv2 should delegate authentication requests towards (see below for nested schema).
         :param pulumi.Input[str] backend: The path to the PKI secret backend to
                read the CMPv2 configuration from, with no leading or trailing `/`s.
         :param pulumi.Input[str] default_path_policy: Specifies the behavior for requests using the non-role-qualified CMPv2 requests. Can be sign-verbatim or a role given by role:<role_name>.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
+               
+               <a id="nestedatt--authenticators"></a>
         :param pulumi.Input[bool] enable_sentinel_parsing: If set, parse out fields from the provided CSR making them available for Sentinel policies.
         :param pulumi.Input[bool] enabled: Specifies whether CMPv2 is enabled.
         :param pulumi.Input[str] last_updated: A read-only timestamp representing the last time the configuration was updated.
@@ -447,6 +485,7 @@ class BackendConfigCmpv2(pulumi.CustomResource):
         __props__.__dict__["authenticators"] = authenticators
         __props__.__dict__["backend"] = backend
         __props__.__dict__["default_path_policy"] = default_path_policy
+        __props__.__dict__["disabled_validations"] = disabled_validations
         __props__.__dict__["enable_sentinel_parsing"] = enable_sentinel_parsing
         __props__.__dict__["enabled"] = enabled
         __props__.__dict__["last_updated"] = last_updated
@@ -458,8 +497,6 @@ class BackendConfigCmpv2(pulumi.CustomResource):
     def audit_fields(self) -> pulumi.Output[Sequence[str]]:
         """
         Fields parsed from the CSR that appear in the audit and can be used by sentinel policies.
-
-        <a id="nestedatt--authenticators"></a>
         """
         return pulumi.get(self, "audit_fields")
 
@@ -488,6 +525,16 @@ class BackendConfigCmpv2(pulumi.CustomResource):
         """
         return pulumi.get(self, "default_path_policy")
 
+    @property
+    @pulumi.getter(name="disabledValidations")
+    def disabled_validations(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        A comma-separated list of validations not to perform on CMPv2 messages.
+
+        <a id="nestedatt--authenticators"></a>
+        """
+        return pulumi.get(self, "disabled_validations")
+
     @property
     @pulumi.getter(name="enableSentinelParsing")
     def enable_sentinel_parsing(self) -> pulumi.Output[Optional[bool]]:

pulumi_vault/pkisecret/get_backend_cert_metadata.py

@@ -0,0 +1,277 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+
+__all__ = [
+    'GetBackendCertMetadataResult',
+    'AwaitableGetBackendCertMetadataResult',
+    'get_backend_cert_metadata',
+    'get_backend_cert_metadata_output',
+]
+
+@pulumi.output_type
+class GetBackendCertMetadataResult:
+    """
+    A collection of values returned by getBackendCertMetadata.
+    """
+    def __init__(__self__, cert_metadata=None, expiration=None, id=None, issuer_id=None, namespace=None, path=None, role=None, serial=None, serial_number=None):
+        if cert_metadata and not isinstance(cert_metadata, str):
+            raise TypeError("Expected argument 'cert_metadata' to be a str")
+        pulumi.set(__self__, "cert_metadata", cert_metadata)
+        if expiration and not isinstance(expiration, str):
+            raise TypeError("Expected argument 'expiration' to be a str")
+        pulumi.set(__self__, "expiration", expiration)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if issuer_id and not isinstance(issuer_id, str):
+            raise TypeError("Expected argument 'issuer_id' to be a str")
+        pulumi.set(__self__, "issuer_id", issuer_id)
+        if namespace and not isinstance(namespace, str):
+            raise TypeError("Expected argument 'namespace' to be a str")
+        pulumi.set(__self__, "namespace", namespace)
+        if path and not isinstance(path, str):
+            raise TypeError("Expected argument 'path' to be a str")
+        pulumi.set(__self__, "path", path)
+        if role and not isinstance(role, str):
+            raise TypeError("Expected argument 'role' to be a str")
+        pulumi.set(__self__, "role", role)
+        if serial and not isinstance(serial, str):
+            raise TypeError("Expected argument 'serial' to be a str")
+        pulumi.set(__self__, "serial", serial)
+        if serial_number and not isinstance(serial_number, str):
+            raise TypeError("Expected argument 'serial_number' to be a str")
+        pulumi.set(__self__, "serial_number", serial_number)
+
+    @property
+    @pulumi.getter(name="certMetadata")
+    def cert_metadata(self) -> str:
+        """
+        The metadata associated with the certificate
+        """
+        return pulumi.get(self, "cert_metadata")
+
+    @property
+    @pulumi.getter
+    def expiration(self) -> str:
+        """
+        The expiration date of the certificate in unix epoch format
+        """
+        return pulumi.get(self, "expiration")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="issuerId")
+    def issuer_id(self) -> str:
+        """
+        ID of the issuer.
+        """
+        return pulumi.get(self, "issuer_id")
+
+    @property
+    @pulumi.getter
+    def namespace(self) -> Optional[str]:
+        return pulumi.get(self, "namespace")
+
+    @property
+    @pulumi.getter
+    def path(self) -> str:
+        return pulumi.get(self, "path")
+
+    @property
+    @pulumi.getter
+    def role(self) -> str:
+        """
+        The role used to create the certificate
+        """
+        return pulumi.get(self, "role")
+
+    @property
+    @pulumi.getter
+    def serial(self) -> str:
+        return pulumi.get(self, "serial")
+
+    @property
+    @pulumi.getter(name="serialNumber")
+    def serial_number(self) -> str:
+        """
+        The serial number
+        """
+        return pulumi.get(self, "serial_number")
+
+
+class AwaitableGetBackendCertMetadataResult(GetBackendCertMetadataResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetBackendCertMetadataResult(
+            cert_metadata=self.cert_metadata,
+            expiration=self.expiration,
+            id=self.id,
+            issuer_id=self.issuer_id,
+            namespace=self.namespace,
+            path=self.path,
+            role=self.role,
+            serial=self.serial,
+            serial_number=self.serial_number)
+
+
+def get_backend_cert_metadata(namespace: Optional[str] = None,
+                              path: Optional[str] = None,
+                              serial: Optional[str] = None,
+                              opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendCertMetadataResult:
+    """
+    ## Example Usage
+
+    ```python
+    import pulumi
+    import pulumi_vault as vault
+
+    pki = vault.Mount("pki",
+        path="pki",
+        type="pki",
+        description="PKI secret engine mount")
+    root = vault.pki_secret.SecretBackendRootCert("root",
+        backend=pki.path,
+        type="internal",
+        common_name="example",
+        ttl="86400",
+        issuer_name="example")
+    test_secret_backend_role = vault.pki_secret.SecretBackendRole("test",
+        backend=test_vault_pki_secret_backend_root_cert["backend"],
+        name="test",
+        allowed_domains=["test.my.domain"],
+        allow_subdomains=True,
+        max_ttl="3600",
+        key_usages=[
+            "DigitalSignature",
+            "KeyAgreement",
+            "KeyEncipherment",
+        ],
+        no_store_metadata=False)
+    test_secret_backend_cert = vault.pki_secret.SecretBackendCert("test",
+        backend=test_secret_backend_role.backend,
+        name=test_secret_backend_role.name,
+        common_name="cert.test.my.domain",
+        ttl="720h",
+        min_seconds_remaining=60,
+        cert_metadata="dGVzdCBtZXRhZGF0YQ==")
+    test = test_secret_backend_cert.serial_number.apply(lambda serial_number: vault.pkiSecret.get_backend_cert_metadata_output(path=test_root["path"],
+        serial=serial_number))
+    ```
+
+
+    :param str namespace: The namespace of the target resource.
+           The value should not contain leading or trailing forward slashes.
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+           *Available only for Vault Enterprise*.
+    :param str path: The path to the PKI secret backend to
+           read the cert metadata from, with no leading or trailing `/`s.
+    :param str serial: Specifies the serial of the certificate whose metadata to read.
+    """
+    __args__ = dict()
+    __args__['namespace'] = namespace
+    __args__['path'] = path
+    __args__['serial'] = serial
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('vault:pkiSecret/getBackendCertMetadata:getBackendCertMetadata', __args__, opts=opts, typ=GetBackendCertMetadataResult).value
+
+    return AwaitableGetBackendCertMetadataResult(
+        cert_metadata=pulumi.get(__ret__, 'cert_metadata'),
+        expiration=pulumi.get(__ret__, 'expiration'),
+        id=pulumi.get(__ret__, 'id'),
+        issuer_id=pulumi.get(__ret__, 'issuer_id'),
+        namespace=pulumi.get(__ret__, 'namespace'),
+        path=pulumi.get(__ret__, 'path'),
+        role=pulumi.get(__ret__, 'role'),
+        serial=pulumi.get(__ret__, 'serial'),
+        serial_number=pulumi.get(__ret__, 'serial_number'))
+def get_backend_cert_metadata_output(namespace: Optional[pulumi.Input[Optional[str]]] = None,
+                                     path: Optional[pulumi.Input[str]] = None,
+                                     serial: Optional[pulumi.Input[str]] = None,
+                                     opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendCertMetadataResult]:
+    """
+    ## Example Usage
+
+    ```python
+    import pulumi
+    import pulumi_vault as vault
+
+    pki = vault.Mount("pki",
+        path="pki",
+        type="pki",
+        description="PKI secret engine mount")
+    root = vault.pki_secret.SecretBackendRootCert("root",
+        backend=pki.path,
+        type="internal",
+        common_name="example",
+        ttl="86400",
+        issuer_name="example")
+    test_secret_backend_role = vault.pki_secret.SecretBackendRole("test",
+        backend=test_vault_pki_secret_backend_root_cert["backend"],
+        name="test",
+        allowed_domains=["test.my.domain"],
+        allow_subdomains=True,
+        max_ttl="3600",
+        key_usages=[
+            "DigitalSignature",
+            "KeyAgreement",
+            "KeyEncipherment",
+        ],
+        no_store_metadata=False)
+    test_secret_backend_cert = vault.pki_secret.SecretBackendCert("test",
+        backend=test_secret_backend_role.backend,
+        name=test_secret_backend_role.name,
+        common_name="cert.test.my.domain",
+        ttl="720h",
+        min_seconds_remaining=60,
+        cert_metadata="dGVzdCBtZXRhZGF0YQ==")
+    test = test_secret_backend_cert.serial_number.apply(lambda serial_number: vault.pkiSecret.get_backend_cert_metadata_output(path=test_root["path"],
+        serial=serial_number))
+    ```
+
+
+    :param str namespace: The namespace of the target resource.
+           The value should not contain leading or trailing forward slashes.
+           The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
+           *Available only for Vault Enterprise*.
+    :param str path: The path to the PKI secret backend to
+           read the cert metadata from, with no leading or trailing `/`s.
+    :param str serial: Specifies the serial of the certificate whose metadata to read.
+    """
+    __args__ = dict()
+    __args__['namespace'] = namespace
+    __args__['path'] = path
+    __args__['serial'] = serial
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('vault:pkiSecret/getBackendCertMetadata:getBackendCertMetadata', __args__, opts=opts, typ=GetBackendCertMetadataResult)
+    return __ret__.apply(lambda __response__: GetBackendCertMetadataResult(
+        cert_metadata=pulumi.get(__response__, 'cert_metadata'),
+        expiration=pulumi.get(__response__, 'expiration'),
+        id=pulumi.get(__response__, 'id'),
+        issuer_id=pulumi.get(__response__, 'issuer_id'),
+        namespace=pulumi.get(__response__, 'namespace'),
+        path=pulumi.get(__response__, 'path'),
+        role=pulumi.get(__response__, 'role'),
+        serial=pulumi.get(__response__, 'serial'),
+        serial_number=pulumi.get(__response__, 'serial_number')))

pulumi_vault/pkisecret/get_backend_config_cmpv2.py

@@ -27,7 +27,7 @@ class GetBackendConfigCmpv2Result:
     """
     A collection of values returned by getBackendConfigCmpv2.
     """
-    def __init__(__self__, audit_fields=None, authenticators=None, backend=None, default_path_policy=None, enable_sentinel_parsing=None, enabled=None, id=None, last_updated=None, namespace=None):
+    def __init__(__self__, audit_fields=None, authenticators=None, backend=None, default_path_policy=None, disabled_validations=None, enable_sentinel_parsing=None, enabled=None, id=None, last_updated=None, namespace=None):
         if audit_fields and not isinstance(audit_fields, list):
             raise TypeError("Expected argument 'audit_fields' to be a list")
         pulumi.set(__self__, "audit_fields", audit_fields)
@@ -40,6 +40,9 @@ class GetBackendConfigCmpv2Result:
         if default_path_policy and not isinstance(default_path_policy, str):
             raise TypeError("Expected argument 'default_path_policy' to be a str")
         pulumi.set(__self__, "default_path_policy", default_path_policy)
+        if disabled_validations and not isinstance(disabled_validations, list):
+            raise TypeError("Expected argument 'disabled_validations' to be a list")
+        pulumi.set(__self__, "disabled_validations", disabled_validations)
         if enable_sentinel_parsing and not isinstance(enable_sentinel_parsing, bool):
             raise TypeError("Expected argument 'enable_sentinel_parsing' to be a bool")
         pulumi.set(__self__, "enable_sentinel_parsing", enable_sentinel_parsing)
@@ -76,6 +79,11 @@ class GetBackendConfigCmpv2Result:
     def default_path_policy(self) -> str:
         return pulumi.get(self, "default_path_policy")
 
+    @property
+    @pulumi.getter(name="disabledValidations")
+    def disabled_validations(self) -> Optional[Sequence[str]]:
+        return pulumi.get(self, "disabled_validations")
+
     @property
     @pulumi.getter(name="enableSentinelParsing")
     def enable_sentinel_parsing(self) -> bool:
@@ -115,6 +123,7 @@ class AwaitableGetBackendConfigCmpv2Result(GetBackendConfigCmpv2Result):
             authenticators=self.authenticators,
             backend=self.backend,
             default_path_policy=self.default_path_policy,
+            disabled_validations=self.disabled_validations,
             enable_sentinel_parsing=self.enable_sentinel_parsing,
             enabled=self.enabled,
             id=self.id,
@@ -123,6 +132,7 @@ class AwaitableGetBackendConfigCmpv2Result(GetBackendConfigCmpv2Result):
 
 
 def get_backend_config_cmpv2(backend: Optional[str] = None,
+                             disabled_validations: Optional[Sequence[str]] = None,
                              namespace: Optional[str] = None,
                              opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetBackendConfigCmpv2Result:
     """
@@ -144,6 +154,7 @@ def get_backend_config_cmpv2(backend: Optional[str] = None,
            read the CMPv2 configuration from, with no leading or trailing `/`s.
            
            # Attributes Reference
+    :param Sequence[str] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
     :param str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -151,6 +162,7 @@ def get_backend_config_cmpv2(backend: Optional[str] = None,
     """
     __args__ = dict()
     __args__['backend'] = backend
+    __args__['disabledValidations'] = disabled_validations
     __args__['namespace'] = namespace
     opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
     __ret__ = pulumi.runtime.invoke('vault:pkiSecret/getBackendConfigCmpv2:getBackendConfigCmpv2', __args__, opts=opts, typ=GetBackendConfigCmpv2Result).value
@@ -160,12 +172,14 @@ def get_backend_config_cmpv2(backend: Optional[str] = None,
         authenticators=pulumi.get(__ret__, 'authenticators'),
         backend=pulumi.get(__ret__, 'backend'),
         default_path_policy=pulumi.get(__ret__, 'default_path_policy'),
+        disabled_validations=pulumi.get(__ret__, 'disabled_validations'),
         enable_sentinel_parsing=pulumi.get(__ret__, 'enable_sentinel_parsing'),
         enabled=pulumi.get(__ret__, 'enabled'),
         id=pulumi.get(__ret__, 'id'),
         last_updated=pulumi.get(__ret__, 'last_updated'),
         namespace=pulumi.get(__ret__, 'namespace'))
 def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
+                                    disabled_validations: Optional[pulumi.Input[Optional[Sequence[str]]]] = None,
                                     namespace: Optional[pulumi.Input[Optional[str]]] = None,
                                     opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetBackendConfigCmpv2Result]:
     """
@@ -187,6 +201,7 @@ def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
            read the CMPv2 configuration from, with no leading or trailing `/`s.
            
            # Attributes Reference
+    :param Sequence[str] disabled_validations: A comma-separated list of validations not to perform on CMPv2 messages.
     :param str namespace: The namespace of the target resource.
            The value should not contain leading or trailing forward slashes.
            The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -194,6 +209,7 @@ def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
     """
     __args__ = dict()
     __args__['backend'] = backend
+    __args__['disabledValidations'] = disabled_validations
     __args__['namespace'] = namespace
     opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
     __ret__ = pulumi.runtime.invoke_output('vault:pkiSecret/getBackendConfigCmpv2:getBackendConfigCmpv2', __args__, opts=opts, typ=GetBackendConfigCmpv2Result)
@@ -202,6 +218,7 @@ def get_backend_config_cmpv2_output(backend: Optional[pulumi.Input[str]] = None,
         authenticators=pulumi.get(__response__, 'authenticators'),
         backend=pulumi.get(__response__, 'backend'),
         default_path_policy=pulumi.get(__response__, 'default_path_policy'),
+        disabled_validations=pulumi.get(__response__, 'disabled_validations'),
         enable_sentinel_parsing=pulumi.get(__response__, 'enable_sentinel_parsing'),
         enabled=pulumi.get(__response__, 'enabled'),
         id=pulumi.get(__response__, 'id'),