pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -23,6 +23,7 @@ class SecretBackendCertArgs:
23
23
  common_name: pulumi.Input[str],
24
24
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
25
25
  auto_renew: Optional[pulumi.Input[bool]] = None,
26
+ cert_metadata: Optional[pulumi.Input[str]] = None,
26
27
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
27
28
  format: Optional[pulumi.Input[str]] = None,
28
29
  ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -30,9 +31,11 @@ class SecretBackendCertArgs:
30
31
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
31
32
  name: Optional[pulumi.Input[str]] = None,
32
33
  namespace: Optional[pulumi.Input[str]] = None,
34
+ not_after: Optional[pulumi.Input[str]] = None,
33
35
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
34
36
  private_key_format: Optional[pulumi.Input[str]] = None,
35
37
  revoke: Optional[pulumi.Input[bool]] = None,
38
+ revoke_with_key: Optional[pulumi.Input[bool]] = None,
36
39
  ttl: Optional[pulumi.Input[str]] = None,
37
40
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
38
41
  user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
@@ -42,6 +45,7 @@ class SecretBackendCertArgs:
42
45
  :param pulumi.Input[str] common_name: CN of certificate to create
43
46
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
44
47
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
48
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
45
49
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
46
50
  :param pulumi.Input[str] format: The format of data
47
51
  :param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
@@ -52,9 +56,11 @@ class SecretBackendCertArgs:
52
56
  The value should not contain leading or trailing forward slashes.
53
57
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
54
58
  *Available only for Vault Enterprise*.
59
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
55
60
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
56
61
  :param pulumi.Input[str] private_key_format: The private key format
57
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
62
+ :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
63
+ :param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
58
64
  :param pulumi.Input[str] ttl: Time to live
59
65
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
60
66
  :param pulumi.Input[Sequence[pulumi.Input[str]]] user_ids: List of Subject User IDs
@@ -65,6 +71,8 @@ class SecretBackendCertArgs:
65
71
  pulumi.set(__self__, "alt_names", alt_names)
66
72
  if auto_renew is not None:
67
73
  pulumi.set(__self__, "auto_renew", auto_renew)
74
+ if cert_metadata is not None:
75
+ pulumi.set(__self__, "cert_metadata", cert_metadata)
68
76
  if exclude_cn_from_sans is not None:
69
77
  pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
70
78
  if format is not None:
@@ -79,12 +87,16 @@ class SecretBackendCertArgs:
79
87
  pulumi.set(__self__, "name", name)
80
88
  if namespace is not None:
81
89
  pulumi.set(__self__, "namespace", namespace)
90
+ if not_after is not None:
91
+ pulumi.set(__self__, "not_after", not_after)
82
92
  if other_sans is not None:
83
93
  pulumi.set(__self__, "other_sans", other_sans)
84
94
  if private_key_format is not None:
85
95
  pulumi.set(__self__, "private_key_format", private_key_format)
86
96
  if revoke is not None:
87
97
  pulumi.set(__self__, "revoke", revoke)
98
+ if revoke_with_key is not None:
99
+ pulumi.set(__self__, "revoke_with_key", revoke_with_key)
88
100
  if ttl is not None:
89
101
  pulumi.set(__self__, "ttl", ttl)
90
102
  if uri_sans is not None:
@@ -140,6 +152,18 @@ class SecretBackendCertArgs:
140
152
  def auto_renew(self, value: Optional[pulumi.Input[bool]]):
141
153
  pulumi.set(self, "auto_renew", value)
142
154
 
155
+ @property
156
+ @pulumi.getter(name="certMetadata")
157
+ def cert_metadata(self) -> Optional[pulumi.Input[str]]:
158
+ """
159
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
160
+ """
161
+ return pulumi.get(self, "cert_metadata")
162
+
163
+ @cert_metadata.setter
164
+ def cert_metadata(self, value: Optional[pulumi.Input[str]]):
165
+ pulumi.set(self, "cert_metadata", value)
166
+
143
167
  @property
144
168
  @pulumi.getter(name="excludeCnFromSans")
145
169
  def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
@@ -227,6 +251,18 @@ class SecretBackendCertArgs:
227
251
  def namespace(self, value: Optional[pulumi.Input[str]]):
228
252
  pulumi.set(self, "namespace", value)
229
253
 
254
+ @property
255
+ @pulumi.getter(name="notAfter")
256
+ def not_after(self) -> Optional[pulumi.Input[str]]:
257
+ """
258
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
259
+ """
260
+ return pulumi.get(self, "not_after")
261
+
262
+ @not_after.setter
263
+ def not_after(self, value: Optional[pulumi.Input[str]]):
264
+ pulumi.set(self, "not_after", value)
265
+
230
266
  @property
231
267
  @pulumi.getter(name="otherSans")
232
268
  def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -255,7 +291,7 @@ class SecretBackendCertArgs:
255
291
  @pulumi.getter
256
292
  def revoke(self) -> Optional[pulumi.Input[bool]]:
257
293
  """
258
- If set to `true`, the certificate will be revoked on resource destruction.
294
+ If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
259
295
  """
260
296
  return pulumi.get(self, "revoke")
261
297
 
@@ -263,6 +299,18 @@ class SecretBackendCertArgs:
263
299
  def revoke(self, value: Optional[pulumi.Input[bool]]):
264
300
  pulumi.set(self, "revoke", value)
265
301
 
302
+ @property
303
+ @pulumi.getter(name="revokeWithKey")
304
+ def revoke_with_key(self) -> Optional[pulumi.Input[bool]]:
305
+ """
306
+ If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
307
+ """
308
+ return pulumi.get(self, "revoke_with_key")
309
+
310
+ @revoke_with_key.setter
311
+ def revoke_with_key(self, value: Optional[pulumi.Input[bool]]):
312
+ pulumi.set(self, "revoke_with_key", value)
313
+
266
314
  @property
267
315
  @pulumi.getter
268
316
  def ttl(self) -> Optional[pulumi.Input[str]]:
@@ -307,6 +355,7 @@ class _SecretBackendCertState:
307
355
  auto_renew: Optional[pulumi.Input[bool]] = None,
308
356
  backend: Optional[pulumi.Input[str]] = None,
309
357
  ca_chain: Optional[pulumi.Input[str]] = None,
358
+ cert_metadata: Optional[pulumi.Input[str]] = None,
310
359
  certificate: Optional[pulumi.Input[str]] = None,
311
360
  common_name: Optional[pulumi.Input[str]] = None,
312
361
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
@@ -318,12 +367,14 @@ class _SecretBackendCertState:
318
367
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
319
368
  name: Optional[pulumi.Input[str]] = None,
320
369
  namespace: Optional[pulumi.Input[str]] = None,
370
+ not_after: Optional[pulumi.Input[str]] = None,
321
371
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
322
372
  private_key: Optional[pulumi.Input[str]] = None,
323
373
  private_key_format: Optional[pulumi.Input[str]] = None,
324
374
  private_key_type: Optional[pulumi.Input[str]] = None,
325
375
  renew_pending: Optional[pulumi.Input[bool]] = None,
326
376
  revoke: Optional[pulumi.Input[bool]] = None,
377
+ revoke_with_key: Optional[pulumi.Input[bool]] = None,
327
378
  serial_number: Optional[pulumi.Input[str]] = None,
328
379
  ttl: Optional[pulumi.Input[str]] = None,
329
380
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -334,6 +385,7 @@ class _SecretBackendCertState:
334
385
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
335
386
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
336
387
  :param pulumi.Input[str] ca_chain: The CA chain
388
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
337
389
  :param pulumi.Input[str] certificate: The certificate
338
390
  :param pulumi.Input[str] common_name: CN of certificate to create
339
391
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
@@ -348,12 +400,14 @@ class _SecretBackendCertState:
348
400
  The value should not contain leading or trailing forward slashes.
349
401
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
350
402
  *Available only for Vault Enterprise*.
403
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
351
404
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
352
405
  :param pulumi.Input[str] private_key: The private key
353
406
  :param pulumi.Input[str] private_key_format: The private key format
354
407
  :param pulumi.Input[str] private_key_type: The private key type
355
408
  :param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
356
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
409
+ :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
410
+ :param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
357
411
  :param pulumi.Input[str] serial_number: The serial number
358
412
  :param pulumi.Input[str] ttl: Time to live
359
413
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
@@ -367,6 +421,8 @@ class _SecretBackendCertState:
367
421
  pulumi.set(__self__, "backend", backend)
368
422
  if ca_chain is not None:
369
423
  pulumi.set(__self__, "ca_chain", ca_chain)
424
+ if cert_metadata is not None:
425
+ pulumi.set(__self__, "cert_metadata", cert_metadata)
370
426
  if certificate is not None:
371
427
  pulumi.set(__self__, "certificate", certificate)
372
428
  if common_name is not None:
@@ -389,6 +445,8 @@ class _SecretBackendCertState:
389
445
  pulumi.set(__self__, "name", name)
390
446
  if namespace is not None:
391
447
  pulumi.set(__self__, "namespace", namespace)
448
+ if not_after is not None:
449
+ pulumi.set(__self__, "not_after", not_after)
392
450
  if other_sans is not None:
393
451
  pulumi.set(__self__, "other_sans", other_sans)
394
452
  if private_key is not None:
@@ -401,6 +459,8 @@ class _SecretBackendCertState:
401
459
  pulumi.set(__self__, "renew_pending", renew_pending)
402
460
  if revoke is not None:
403
461
  pulumi.set(__self__, "revoke", revoke)
462
+ if revoke_with_key is not None:
463
+ pulumi.set(__self__, "revoke_with_key", revoke_with_key)
404
464
  if serial_number is not None:
405
465
  pulumi.set(__self__, "serial_number", serial_number)
406
466
  if ttl is not None:
@@ -458,6 +518,18 @@ class _SecretBackendCertState:
458
518
  def ca_chain(self, value: Optional[pulumi.Input[str]]):
459
519
  pulumi.set(self, "ca_chain", value)
460
520
 
521
+ @property
522
+ @pulumi.getter(name="certMetadata")
523
+ def cert_metadata(self) -> Optional[pulumi.Input[str]]:
524
+ """
525
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
526
+ """
527
+ return pulumi.get(self, "cert_metadata")
528
+
529
+ @cert_metadata.setter
530
+ def cert_metadata(self, value: Optional[pulumi.Input[str]]):
531
+ pulumi.set(self, "cert_metadata", value)
532
+
461
533
  @property
462
534
  @pulumi.getter
463
535
  def certificate(self) -> Optional[pulumi.Input[str]]:
@@ -593,6 +665,18 @@ class _SecretBackendCertState:
593
665
  def namespace(self, value: Optional[pulumi.Input[str]]):
594
666
  pulumi.set(self, "namespace", value)
595
667
 
668
+ @property
669
+ @pulumi.getter(name="notAfter")
670
+ def not_after(self) -> Optional[pulumi.Input[str]]:
671
+ """
672
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
673
+ """
674
+ return pulumi.get(self, "not_after")
675
+
676
+ @not_after.setter
677
+ def not_after(self, value: Optional[pulumi.Input[str]]):
678
+ pulumi.set(self, "not_after", value)
679
+
596
680
  @property
597
681
  @pulumi.getter(name="otherSans")
598
682
  def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -657,7 +741,7 @@ class _SecretBackendCertState:
657
741
  @pulumi.getter
658
742
  def revoke(self) -> Optional[pulumi.Input[bool]]:
659
743
  """
660
- If set to `true`, the certificate will be revoked on resource destruction.
744
+ If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
661
745
  """
662
746
  return pulumi.get(self, "revoke")
663
747
 
@@ -665,6 +749,18 @@ class _SecretBackendCertState:
665
749
  def revoke(self, value: Optional[pulumi.Input[bool]]):
666
750
  pulumi.set(self, "revoke", value)
667
751
 
752
+ @property
753
+ @pulumi.getter(name="revokeWithKey")
754
+ def revoke_with_key(self) -> Optional[pulumi.Input[bool]]:
755
+ """
756
+ If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
757
+ """
758
+ return pulumi.get(self, "revoke_with_key")
759
+
760
+ @revoke_with_key.setter
761
+ def revoke_with_key(self, value: Optional[pulumi.Input[bool]]):
762
+ pulumi.set(self, "revoke_with_key", value)
763
+
668
764
  @property
669
765
  @pulumi.getter(name="serialNumber")
670
766
  def serial_number(self) -> Optional[pulumi.Input[str]]:
@@ -722,6 +818,7 @@ class SecretBackendCert(pulumi.CustomResource):
722
818
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
723
819
  auto_renew: Optional[pulumi.Input[bool]] = None,
724
820
  backend: Optional[pulumi.Input[str]] = None,
821
+ cert_metadata: Optional[pulumi.Input[str]] = None,
725
822
  common_name: Optional[pulumi.Input[str]] = None,
726
823
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
727
824
  format: Optional[pulumi.Input[str]] = None,
@@ -730,9 +827,11 @@ class SecretBackendCert(pulumi.CustomResource):
730
827
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
731
828
  name: Optional[pulumi.Input[str]] = None,
732
829
  namespace: Optional[pulumi.Input[str]] = None,
830
+ not_after: Optional[pulumi.Input[str]] = None,
733
831
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
734
832
  private_key_format: Optional[pulumi.Input[str]] = None,
735
833
  revoke: Optional[pulumi.Input[bool]] = None,
834
+ revoke_with_key: Optional[pulumi.Input[bool]] = None,
736
835
  ttl: Optional[pulumi.Input[str]] = None,
737
836
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
738
837
  user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -756,6 +855,7 @@ class SecretBackendCert(pulumi.CustomResource):
756
855
  :param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
757
856
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
758
857
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
858
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
759
859
  :param pulumi.Input[str] common_name: CN of certificate to create
760
860
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
761
861
  :param pulumi.Input[str] format: The format of data
@@ -767,9 +867,11 @@ class SecretBackendCert(pulumi.CustomResource):
767
867
  The value should not contain leading or trailing forward slashes.
768
868
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
769
869
  *Available only for Vault Enterprise*.
870
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
770
871
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
771
872
  :param pulumi.Input[str] private_key_format: The private key format
772
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
873
+ :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
874
+ :param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
773
875
  :param pulumi.Input[str] ttl: Time to live
774
876
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
775
877
  :param pulumi.Input[Sequence[pulumi.Input[str]]] user_ids: List of Subject User IDs
@@ -812,6 +914,7 @@ class SecretBackendCert(pulumi.CustomResource):
812
914
  alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
813
915
  auto_renew: Optional[pulumi.Input[bool]] = None,
814
916
  backend: Optional[pulumi.Input[str]] = None,
917
+ cert_metadata: Optional[pulumi.Input[str]] = None,
815
918
  common_name: Optional[pulumi.Input[str]] = None,
816
919
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
817
920
  format: Optional[pulumi.Input[str]] = None,
@@ -820,9 +923,11 @@ class SecretBackendCert(pulumi.CustomResource):
820
923
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
821
924
  name: Optional[pulumi.Input[str]] = None,
822
925
  namespace: Optional[pulumi.Input[str]] = None,
926
+ not_after: Optional[pulumi.Input[str]] = None,
823
927
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
824
928
  private_key_format: Optional[pulumi.Input[str]] = None,
825
929
  revoke: Optional[pulumi.Input[bool]] = None,
930
+ revoke_with_key: Optional[pulumi.Input[bool]] = None,
826
931
  ttl: Optional[pulumi.Input[str]] = None,
827
932
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
828
933
  user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -840,6 +945,7 @@ class SecretBackendCert(pulumi.CustomResource):
840
945
  if backend is None and not opts.urn:
841
946
  raise TypeError("Missing required property 'backend'")
842
947
  __props__.__dict__["backend"] = backend
948
+ __props__.__dict__["cert_metadata"] = cert_metadata
843
949
  if common_name is None and not opts.urn:
844
950
  raise TypeError("Missing required property 'common_name'")
845
951
  __props__.__dict__["common_name"] = common_name
@@ -850,9 +956,11 @@ class SecretBackendCert(pulumi.CustomResource):
850
956
  __props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
851
957
  __props__.__dict__["name"] = name
852
958
  __props__.__dict__["namespace"] = namespace
959
+ __props__.__dict__["not_after"] = not_after
853
960
  __props__.__dict__["other_sans"] = other_sans
854
961
  __props__.__dict__["private_key_format"] = private_key_format
855
962
  __props__.__dict__["revoke"] = revoke
963
+ __props__.__dict__["revoke_with_key"] = revoke_with_key
856
964
  __props__.__dict__["ttl"] = ttl
857
965
  __props__.__dict__["uri_sans"] = uri_sans
858
966
  __props__.__dict__["user_ids"] = user_ids
@@ -880,6 +988,7 @@ class SecretBackendCert(pulumi.CustomResource):
880
988
  auto_renew: Optional[pulumi.Input[bool]] = None,
881
989
  backend: Optional[pulumi.Input[str]] = None,
882
990
  ca_chain: Optional[pulumi.Input[str]] = None,
991
+ cert_metadata: Optional[pulumi.Input[str]] = None,
883
992
  certificate: Optional[pulumi.Input[str]] = None,
884
993
  common_name: Optional[pulumi.Input[str]] = None,
885
994
  exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
@@ -891,12 +1000,14 @@ class SecretBackendCert(pulumi.CustomResource):
891
1000
  min_seconds_remaining: Optional[pulumi.Input[int]] = None,
892
1001
  name: Optional[pulumi.Input[str]] = None,
893
1002
  namespace: Optional[pulumi.Input[str]] = None,
1003
+ not_after: Optional[pulumi.Input[str]] = None,
894
1004
  other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
895
1005
  private_key: Optional[pulumi.Input[str]] = None,
896
1006
  private_key_format: Optional[pulumi.Input[str]] = None,
897
1007
  private_key_type: Optional[pulumi.Input[str]] = None,
898
1008
  renew_pending: Optional[pulumi.Input[bool]] = None,
899
1009
  revoke: Optional[pulumi.Input[bool]] = None,
1010
+ revoke_with_key: Optional[pulumi.Input[bool]] = None,
900
1011
  serial_number: Optional[pulumi.Input[str]] = None,
901
1012
  ttl: Optional[pulumi.Input[str]] = None,
902
1013
  uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -912,6 +1023,7 @@ class SecretBackendCert(pulumi.CustomResource):
912
1023
  :param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
913
1024
  :param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
914
1025
  :param pulumi.Input[str] ca_chain: The CA chain
1026
+ :param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
915
1027
  :param pulumi.Input[str] certificate: The certificate
916
1028
  :param pulumi.Input[str] common_name: CN of certificate to create
917
1029
  :param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
@@ -926,12 +1038,14 @@ class SecretBackendCert(pulumi.CustomResource):
926
1038
  The value should not contain leading or trailing forward slashes.
927
1039
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
928
1040
  *Available only for Vault Enterprise*.
1041
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
929
1042
  :param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
930
1043
  :param pulumi.Input[str] private_key: The private key
931
1044
  :param pulumi.Input[str] private_key_format: The private key format
932
1045
  :param pulumi.Input[str] private_key_type: The private key type
933
1046
  :param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
934
- :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
1047
+ :param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
1048
+ :param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
935
1049
  :param pulumi.Input[str] serial_number: The serial number
936
1050
  :param pulumi.Input[str] ttl: Time to live
937
1051
  :param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
@@ -945,6 +1059,7 @@ class SecretBackendCert(pulumi.CustomResource):
945
1059
  __props__.__dict__["auto_renew"] = auto_renew
946
1060
  __props__.__dict__["backend"] = backend
947
1061
  __props__.__dict__["ca_chain"] = ca_chain
1062
+ __props__.__dict__["cert_metadata"] = cert_metadata
948
1063
  __props__.__dict__["certificate"] = certificate
949
1064
  __props__.__dict__["common_name"] = common_name
950
1065
  __props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
@@ -956,12 +1071,14 @@ class SecretBackendCert(pulumi.CustomResource):
956
1071
  __props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
957
1072
  __props__.__dict__["name"] = name
958
1073
  __props__.__dict__["namespace"] = namespace
1074
+ __props__.__dict__["not_after"] = not_after
959
1075
  __props__.__dict__["other_sans"] = other_sans
960
1076
  __props__.__dict__["private_key"] = private_key
961
1077
  __props__.__dict__["private_key_format"] = private_key_format
962
1078
  __props__.__dict__["private_key_type"] = private_key_type
963
1079
  __props__.__dict__["renew_pending"] = renew_pending
964
1080
  __props__.__dict__["revoke"] = revoke
1081
+ __props__.__dict__["revoke_with_key"] = revoke_with_key
965
1082
  __props__.__dict__["serial_number"] = serial_number
966
1083
  __props__.__dict__["ttl"] = ttl
967
1084
  __props__.__dict__["uri_sans"] = uri_sans
@@ -1000,6 +1117,14 @@ class SecretBackendCert(pulumi.CustomResource):
1000
1117
  """
1001
1118
  return pulumi.get(self, "ca_chain")
1002
1119
 
1120
+ @property
1121
+ @pulumi.getter(name="certMetadata")
1122
+ def cert_metadata(self) -> pulumi.Output[Optional[str]]:
1123
+ """
1124
+ A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
1125
+ """
1126
+ return pulumi.get(self, "cert_metadata")
1127
+
1003
1128
  @property
1004
1129
  @pulumi.getter
1005
1130
  def certificate(self) -> pulumi.Output[str]:
@@ -1091,6 +1216,14 @@ class SecretBackendCert(pulumi.CustomResource):
1091
1216
  """
1092
1217
  return pulumi.get(self, "namespace")
1093
1218
 
1219
+ @property
1220
+ @pulumi.getter(name="notAfter")
1221
+ def not_after(self) -> pulumi.Output[Optional[str]]:
1222
+ """
1223
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1224
+ """
1225
+ return pulumi.get(self, "not_after")
1226
+
1094
1227
  @property
1095
1228
  @pulumi.getter(name="otherSans")
1096
1229
  def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -1135,10 +1268,18 @@ class SecretBackendCert(pulumi.CustomResource):
1135
1268
  @pulumi.getter
1136
1269
  def revoke(self) -> pulumi.Output[Optional[bool]]:
1137
1270
  """
1138
- If set to `true`, the certificate will be revoked on resource destruction.
1271
+ If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
1139
1272
  """
1140
1273
  return pulumi.get(self, "revoke")
1141
1274
 
1275
+ @property
1276
+ @pulumi.getter(name="revokeWithKey")
1277
+ def revoke_with_key(self) -> pulumi.Output[Optional[bool]]:
1278
+ """
1279
+ If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
1280
+ """
1281
+ return pulumi.get(self, "revoke_with_key")
1282
+
1142
1283
  @property
1143
1284
  @pulumi.getter(name="serialNumber")
1144
1285
  def serial_number(self) -> pulumi.Output[str]:
@@ -27,6 +27,7 @@ class SecretBackendCrlConfigArgs:
27
27
  disable: Optional[pulumi.Input[bool]] = None,
28
28
  enable_delta: Optional[pulumi.Input[bool]] = None,
29
29
  expiry: Optional[pulumi.Input[str]] = None,
30
+ max_crl_entries: Optional[pulumi.Input[int]] = None,
30
31
  namespace: Optional[pulumi.Input[str]] = None,
31
32
  ocsp_disable: Optional[pulumi.Input[bool]] = None,
32
33
  ocsp_expiry: Optional[pulumi.Input[str]] = None,
@@ -43,6 +44,8 @@ class SecretBackendCrlConfigArgs:
43
44
  :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
44
45
  augmenting the last complete CRL. **Vault 1.12+**
45
46
  :param pulumi.Input[str] expiry: Specifies the time until expiration.
47
+ :param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
48
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
46
49
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
47
50
  The value should not contain leading or trailing forward slashes.
48
51
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -69,6 +72,8 @@ class SecretBackendCrlConfigArgs:
69
72
  pulumi.set(__self__, "enable_delta", enable_delta)
70
73
  if expiry is not None:
71
74
  pulumi.set(__self__, "expiry", expiry)
75
+ if max_crl_entries is not None:
76
+ pulumi.set(__self__, "max_crl_entries", max_crl_entries)
72
77
  if namespace is not None:
73
78
  pulumi.set(__self__, "namespace", namespace)
74
79
  if ocsp_disable is not None:
@@ -177,6 +182,19 @@ class SecretBackendCrlConfigArgs:
177
182
  def expiry(self, value: Optional[pulumi.Input[str]]):
178
183
  pulumi.set(self, "expiry", value)
179
184
 
185
+ @property
186
+ @pulumi.getter(name="maxCrlEntries")
187
+ def max_crl_entries(self) -> Optional[pulumi.Input[int]]:
188
+ """
189
+ The maximum number of entries a CRL can contain. This option exists to prevent
190
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
191
+ """
192
+ return pulumi.get(self, "max_crl_entries")
193
+
194
+ @max_crl_entries.setter
195
+ def max_crl_entries(self, value: Optional[pulumi.Input[int]]):
196
+ pulumi.set(self, "max_crl_entries", value)
197
+
180
198
  @property
181
199
  @pulumi.getter
182
200
  def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -254,6 +272,7 @@ class _SecretBackendCrlConfigState:
254
272
  disable: Optional[pulumi.Input[bool]] = None,
255
273
  enable_delta: Optional[pulumi.Input[bool]] = None,
256
274
  expiry: Optional[pulumi.Input[str]] = None,
275
+ max_crl_entries: Optional[pulumi.Input[int]] = None,
257
276
  namespace: Optional[pulumi.Input[str]] = None,
258
277
  ocsp_disable: Optional[pulumi.Input[bool]] = None,
259
278
  ocsp_expiry: Optional[pulumi.Input[str]] = None,
@@ -270,6 +289,8 @@ class _SecretBackendCrlConfigState:
270
289
  :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
271
290
  augmenting the last complete CRL. **Vault 1.12+**
272
291
  :param pulumi.Input[str] expiry: Specifies the time until expiration.
292
+ :param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
293
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
273
294
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
274
295
  The value should not contain leading or trailing forward slashes.
275
296
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -297,6 +318,8 @@ class _SecretBackendCrlConfigState:
297
318
  pulumi.set(__self__, "enable_delta", enable_delta)
298
319
  if expiry is not None:
299
320
  pulumi.set(__self__, "expiry", expiry)
321
+ if max_crl_entries is not None:
322
+ pulumi.set(__self__, "max_crl_entries", max_crl_entries)
300
323
  if namespace is not None:
301
324
  pulumi.set(__self__, "namespace", namespace)
302
325
  if ocsp_disable is not None:
@@ -405,6 +428,19 @@ class _SecretBackendCrlConfigState:
405
428
  def expiry(self, value: Optional[pulumi.Input[str]]):
406
429
  pulumi.set(self, "expiry", value)
407
430
 
431
+ @property
432
+ @pulumi.getter(name="maxCrlEntries")
433
+ def max_crl_entries(self) -> Optional[pulumi.Input[int]]:
434
+ """
435
+ The maximum number of entries a CRL can contain. This option exists to prevent
436
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
437
+ """
438
+ return pulumi.get(self, "max_crl_entries")
439
+
440
+ @max_crl_entries.setter
441
+ def max_crl_entries(self, value: Optional[pulumi.Input[int]]):
442
+ pulumi.set(self, "max_crl_entries", value)
443
+
408
444
  @property
409
445
  @pulumi.getter
410
446
  def namespace(self) -> Optional[pulumi.Input[str]]:
@@ -484,6 +520,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
484
520
  disable: Optional[pulumi.Input[bool]] = None,
485
521
  enable_delta: Optional[pulumi.Input[bool]] = None,
486
522
  expiry: Optional[pulumi.Input[str]] = None,
523
+ max_crl_entries: Optional[pulumi.Input[int]] = None,
487
524
  namespace: Optional[pulumi.Input[str]] = None,
488
525
  ocsp_disable: Optional[pulumi.Input[bool]] = None,
489
526
  ocsp_expiry: Optional[pulumi.Input[str]] = None,
@@ -521,6 +558,8 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
521
558
  :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
522
559
  augmenting the last complete CRL. **Vault 1.12+**
523
560
  :param pulumi.Input[str] expiry: Specifies the time until expiration.
561
+ :param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
562
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
524
563
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
525
564
  The value should not contain leading or trailing forward slashes.
526
565
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -581,6 +620,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
581
620
  disable: Optional[pulumi.Input[bool]] = None,
582
621
  enable_delta: Optional[pulumi.Input[bool]] = None,
583
622
  expiry: Optional[pulumi.Input[str]] = None,
623
+ max_crl_entries: Optional[pulumi.Input[int]] = None,
584
624
  namespace: Optional[pulumi.Input[str]] = None,
585
625
  ocsp_disable: Optional[pulumi.Input[bool]] = None,
586
626
  ocsp_expiry: Optional[pulumi.Input[str]] = None,
@@ -605,6 +645,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
605
645
  __props__.__dict__["disable"] = disable
606
646
  __props__.__dict__["enable_delta"] = enable_delta
607
647
  __props__.__dict__["expiry"] = expiry
648
+ __props__.__dict__["max_crl_entries"] = max_crl_entries
608
649
  __props__.__dict__["namespace"] = namespace
609
650
  __props__.__dict__["ocsp_disable"] = ocsp_disable
610
651
  __props__.__dict__["ocsp_expiry"] = ocsp_expiry
@@ -628,6 +669,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
628
669
  disable: Optional[pulumi.Input[bool]] = None,
629
670
  enable_delta: Optional[pulumi.Input[bool]] = None,
630
671
  expiry: Optional[pulumi.Input[str]] = None,
672
+ max_crl_entries: Optional[pulumi.Input[int]] = None,
631
673
  namespace: Optional[pulumi.Input[str]] = None,
632
674
  ocsp_disable: Optional[pulumi.Input[bool]] = None,
633
675
  ocsp_expiry: Optional[pulumi.Input[str]] = None,
@@ -649,6 +691,8 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
649
691
  :param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
650
692
  augmenting the last complete CRL. **Vault 1.12+**
651
693
  :param pulumi.Input[str] expiry: Specifies the time until expiration.
694
+ :param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
695
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
652
696
  :param pulumi.Input[str] namespace: The namespace to provision the resource in.
653
697
  The value should not contain leading or trailing forward slashes.
654
698
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
@@ -672,6 +716,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
672
716
  __props__.__dict__["disable"] = disable
673
717
  __props__.__dict__["enable_delta"] = enable_delta
674
718
  __props__.__dict__["expiry"] = expiry
719
+ __props__.__dict__["max_crl_entries"] = max_crl_entries
675
720
  __props__.__dict__["namespace"] = namespace
676
721
  __props__.__dict__["ocsp_disable"] = ocsp_disable
677
722
  __props__.__dict__["ocsp_expiry"] = ocsp_expiry
@@ -744,6 +789,15 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
744
789
  """
745
790
  return pulumi.get(self, "expiry")
746
791
 
792
+ @property
793
+ @pulumi.getter(name="maxCrlEntries")
794
+ def max_crl_entries(self) -> pulumi.Output[int]:
795
+ """
796
+ The maximum number of entries a CRL can contain. This option exists to prevent
797
+ accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
798
+ """
799
+ return pulumi.get(self, "max_crl_entries")
800
+
747
801
  @property
748
802
  @pulumi.getter
749
803
  def namespace(self) -> pulumi.Output[Optional[str]]: