pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -23,6 +23,7 @@ class SecretBackendCertArgs:
|
|
23
23
|
common_name: pulumi.Input[str],
|
24
24
|
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
25
|
auto_renew: Optional[pulumi.Input[bool]] = None,
|
26
|
+
cert_metadata: Optional[pulumi.Input[str]] = None,
|
26
27
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
27
28
|
format: Optional[pulumi.Input[str]] = None,
|
28
29
|
ip_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -30,9 +31,11 @@ class SecretBackendCertArgs:
|
|
30
31
|
min_seconds_remaining: Optional[pulumi.Input[int]] = None,
|
31
32
|
name: Optional[pulumi.Input[str]] = None,
|
32
33
|
namespace: Optional[pulumi.Input[str]] = None,
|
34
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
33
35
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
34
36
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
35
37
|
revoke: Optional[pulumi.Input[bool]] = None,
|
38
|
+
revoke_with_key: Optional[pulumi.Input[bool]] = None,
|
36
39
|
ttl: Optional[pulumi.Input[str]] = None,
|
37
40
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
38
41
|
user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
|
@@ -42,6 +45,7 @@ class SecretBackendCertArgs:
|
|
42
45
|
:param pulumi.Input[str] common_name: CN of certificate to create
|
43
46
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
44
47
|
:param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
|
48
|
+
:param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
45
49
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
46
50
|
:param pulumi.Input[str] format: The format of data
|
47
51
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] ip_sans: List of alternative IPs
|
@@ -52,9 +56,11 @@ class SecretBackendCertArgs:
|
|
52
56
|
The value should not contain leading or trailing forward slashes.
|
53
57
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
54
58
|
*Available only for Vault Enterprise*.
|
59
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
55
60
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
56
61
|
:param pulumi.Input[str] private_key_format: The private key format
|
57
|
-
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
62
|
+
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
63
|
+
:param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
58
64
|
:param pulumi.Input[str] ttl: Time to live
|
59
65
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
60
66
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] user_ids: List of Subject User IDs
|
@@ -65,6 +71,8 @@ class SecretBackendCertArgs:
|
|
65
71
|
pulumi.set(__self__, "alt_names", alt_names)
|
66
72
|
if auto_renew is not None:
|
67
73
|
pulumi.set(__self__, "auto_renew", auto_renew)
|
74
|
+
if cert_metadata is not None:
|
75
|
+
pulumi.set(__self__, "cert_metadata", cert_metadata)
|
68
76
|
if exclude_cn_from_sans is not None:
|
69
77
|
pulumi.set(__self__, "exclude_cn_from_sans", exclude_cn_from_sans)
|
70
78
|
if format is not None:
|
@@ -79,12 +87,16 @@ class SecretBackendCertArgs:
|
|
79
87
|
pulumi.set(__self__, "name", name)
|
80
88
|
if namespace is not None:
|
81
89
|
pulumi.set(__self__, "namespace", namespace)
|
90
|
+
if not_after is not None:
|
91
|
+
pulumi.set(__self__, "not_after", not_after)
|
82
92
|
if other_sans is not None:
|
83
93
|
pulumi.set(__self__, "other_sans", other_sans)
|
84
94
|
if private_key_format is not None:
|
85
95
|
pulumi.set(__self__, "private_key_format", private_key_format)
|
86
96
|
if revoke is not None:
|
87
97
|
pulumi.set(__self__, "revoke", revoke)
|
98
|
+
if revoke_with_key is not None:
|
99
|
+
pulumi.set(__self__, "revoke_with_key", revoke_with_key)
|
88
100
|
if ttl is not None:
|
89
101
|
pulumi.set(__self__, "ttl", ttl)
|
90
102
|
if uri_sans is not None:
|
@@ -140,6 +152,18 @@ class SecretBackendCertArgs:
|
|
140
152
|
def auto_renew(self, value: Optional[pulumi.Input[bool]]):
|
141
153
|
pulumi.set(self, "auto_renew", value)
|
142
154
|
|
155
|
+
@property
|
156
|
+
@pulumi.getter(name="certMetadata")
|
157
|
+
def cert_metadata(self) -> Optional[pulumi.Input[str]]:
|
158
|
+
"""
|
159
|
+
A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
160
|
+
"""
|
161
|
+
return pulumi.get(self, "cert_metadata")
|
162
|
+
|
163
|
+
@cert_metadata.setter
|
164
|
+
def cert_metadata(self, value: Optional[pulumi.Input[str]]):
|
165
|
+
pulumi.set(self, "cert_metadata", value)
|
166
|
+
|
143
167
|
@property
|
144
168
|
@pulumi.getter(name="excludeCnFromSans")
|
145
169
|
def exclude_cn_from_sans(self) -> Optional[pulumi.Input[bool]]:
|
@@ -227,6 +251,18 @@ class SecretBackendCertArgs:
|
|
227
251
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
228
252
|
pulumi.set(self, "namespace", value)
|
229
253
|
|
254
|
+
@property
|
255
|
+
@pulumi.getter(name="notAfter")
|
256
|
+
def not_after(self) -> Optional[pulumi.Input[str]]:
|
257
|
+
"""
|
258
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
259
|
+
"""
|
260
|
+
return pulumi.get(self, "not_after")
|
261
|
+
|
262
|
+
@not_after.setter
|
263
|
+
def not_after(self, value: Optional[pulumi.Input[str]]):
|
264
|
+
pulumi.set(self, "not_after", value)
|
265
|
+
|
230
266
|
@property
|
231
267
|
@pulumi.getter(name="otherSans")
|
232
268
|
def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -255,7 +291,7 @@ class SecretBackendCertArgs:
|
|
255
291
|
@pulumi.getter
|
256
292
|
def revoke(self) -> Optional[pulumi.Input[bool]]:
|
257
293
|
"""
|
258
|
-
If set to `true`, the certificate will be revoked on resource destruction.
|
294
|
+
If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
259
295
|
"""
|
260
296
|
return pulumi.get(self, "revoke")
|
261
297
|
|
@@ -263,6 +299,18 @@ class SecretBackendCertArgs:
|
|
263
299
|
def revoke(self, value: Optional[pulumi.Input[bool]]):
|
264
300
|
pulumi.set(self, "revoke", value)
|
265
301
|
|
302
|
+
@property
|
303
|
+
@pulumi.getter(name="revokeWithKey")
|
304
|
+
def revoke_with_key(self) -> Optional[pulumi.Input[bool]]:
|
305
|
+
"""
|
306
|
+
If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
307
|
+
"""
|
308
|
+
return pulumi.get(self, "revoke_with_key")
|
309
|
+
|
310
|
+
@revoke_with_key.setter
|
311
|
+
def revoke_with_key(self, value: Optional[pulumi.Input[bool]]):
|
312
|
+
pulumi.set(self, "revoke_with_key", value)
|
313
|
+
|
266
314
|
@property
|
267
315
|
@pulumi.getter
|
268
316
|
def ttl(self) -> Optional[pulumi.Input[str]]:
|
@@ -307,6 +355,7 @@ class _SecretBackendCertState:
|
|
307
355
|
auto_renew: Optional[pulumi.Input[bool]] = None,
|
308
356
|
backend: Optional[pulumi.Input[str]] = None,
|
309
357
|
ca_chain: Optional[pulumi.Input[str]] = None,
|
358
|
+
cert_metadata: Optional[pulumi.Input[str]] = None,
|
310
359
|
certificate: Optional[pulumi.Input[str]] = None,
|
311
360
|
common_name: Optional[pulumi.Input[str]] = None,
|
312
361
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
@@ -318,12 +367,14 @@ class _SecretBackendCertState:
|
|
318
367
|
min_seconds_remaining: Optional[pulumi.Input[int]] = None,
|
319
368
|
name: Optional[pulumi.Input[str]] = None,
|
320
369
|
namespace: Optional[pulumi.Input[str]] = None,
|
370
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
321
371
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
322
372
|
private_key: Optional[pulumi.Input[str]] = None,
|
323
373
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
324
374
|
private_key_type: Optional[pulumi.Input[str]] = None,
|
325
375
|
renew_pending: Optional[pulumi.Input[bool]] = None,
|
326
376
|
revoke: Optional[pulumi.Input[bool]] = None,
|
377
|
+
revoke_with_key: Optional[pulumi.Input[bool]] = None,
|
327
378
|
serial_number: Optional[pulumi.Input[str]] = None,
|
328
379
|
ttl: Optional[pulumi.Input[str]] = None,
|
329
380
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -334,6 +385,7 @@ class _SecretBackendCertState:
|
|
334
385
|
:param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
|
335
386
|
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
336
387
|
:param pulumi.Input[str] ca_chain: The CA chain
|
388
|
+
:param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
337
389
|
:param pulumi.Input[str] certificate: The certificate
|
338
390
|
:param pulumi.Input[str] common_name: CN of certificate to create
|
339
391
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
@@ -348,12 +400,14 @@ class _SecretBackendCertState:
|
|
348
400
|
The value should not contain leading or trailing forward slashes.
|
349
401
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
350
402
|
*Available only for Vault Enterprise*.
|
403
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
351
404
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
352
405
|
:param pulumi.Input[str] private_key: The private key
|
353
406
|
:param pulumi.Input[str] private_key_format: The private key format
|
354
407
|
:param pulumi.Input[str] private_key_type: The private key type
|
355
408
|
:param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
|
356
|
-
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
409
|
+
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
410
|
+
:param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
357
411
|
:param pulumi.Input[str] serial_number: The serial number
|
358
412
|
:param pulumi.Input[str] ttl: Time to live
|
359
413
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
@@ -367,6 +421,8 @@ class _SecretBackendCertState:
|
|
367
421
|
pulumi.set(__self__, "backend", backend)
|
368
422
|
if ca_chain is not None:
|
369
423
|
pulumi.set(__self__, "ca_chain", ca_chain)
|
424
|
+
if cert_metadata is not None:
|
425
|
+
pulumi.set(__self__, "cert_metadata", cert_metadata)
|
370
426
|
if certificate is not None:
|
371
427
|
pulumi.set(__self__, "certificate", certificate)
|
372
428
|
if common_name is not None:
|
@@ -389,6 +445,8 @@ class _SecretBackendCertState:
|
|
389
445
|
pulumi.set(__self__, "name", name)
|
390
446
|
if namespace is not None:
|
391
447
|
pulumi.set(__self__, "namespace", namespace)
|
448
|
+
if not_after is not None:
|
449
|
+
pulumi.set(__self__, "not_after", not_after)
|
392
450
|
if other_sans is not None:
|
393
451
|
pulumi.set(__self__, "other_sans", other_sans)
|
394
452
|
if private_key is not None:
|
@@ -401,6 +459,8 @@ class _SecretBackendCertState:
|
|
401
459
|
pulumi.set(__self__, "renew_pending", renew_pending)
|
402
460
|
if revoke is not None:
|
403
461
|
pulumi.set(__self__, "revoke", revoke)
|
462
|
+
if revoke_with_key is not None:
|
463
|
+
pulumi.set(__self__, "revoke_with_key", revoke_with_key)
|
404
464
|
if serial_number is not None:
|
405
465
|
pulumi.set(__self__, "serial_number", serial_number)
|
406
466
|
if ttl is not None:
|
@@ -458,6 +518,18 @@ class _SecretBackendCertState:
|
|
458
518
|
def ca_chain(self, value: Optional[pulumi.Input[str]]):
|
459
519
|
pulumi.set(self, "ca_chain", value)
|
460
520
|
|
521
|
+
@property
|
522
|
+
@pulumi.getter(name="certMetadata")
|
523
|
+
def cert_metadata(self) -> Optional[pulumi.Input[str]]:
|
524
|
+
"""
|
525
|
+
A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
526
|
+
"""
|
527
|
+
return pulumi.get(self, "cert_metadata")
|
528
|
+
|
529
|
+
@cert_metadata.setter
|
530
|
+
def cert_metadata(self, value: Optional[pulumi.Input[str]]):
|
531
|
+
pulumi.set(self, "cert_metadata", value)
|
532
|
+
|
461
533
|
@property
|
462
534
|
@pulumi.getter
|
463
535
|
def certificate(self) -> Optional[pulumi.Input[str]]:
|
@@ -593,6 +665,18 @@ class _SecretBackendCertState:
|
|
593
665
|
def namespace(self, value: Optional[pulumi.Input[str]]):
|
594
666
|
pulumi.set(self, "namespace", value)
|
595
667
|
|
668
|
+
@property
|
669
|
+
@pulumi.getter(name="notAfter")
|
670
|
+
def not_after(self) -> Optional[pulumi.Input[str]]:
|
671
|
+
"""
|
672
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
673
|
+
"""
|
674
|
+
return pulumi.get(self, "not_after")
|
675
|
+
|
676
|
+
@not_after.setter
|
677
|
+
def not_after(self, value: Optional[pulumi.Input[str]]):
|
678
|
+
pulumi.set(self, "not_after", value)
|
679
|
+
|
596
680
|
@property
|
597
681
|
@pulumi.getter(name="otherSans")
|
598
682
|
def other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
@@ -657,7 +741,7 @@ class _SecretBackendCertState:
|
|
657
741
|
@pulumi.getter
|
658
742
|
def revoke(self) -> Optional[pulumi.Input[bool]]:
|
659
743
|
"""
|
660
|
-
If set to `true`, the certificate will be revoked on resource destruction.
|
744
|
+
If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
661
745
|
"""
|
662
746
|
return pulumi.get(self, "revoke")
|
663
747
|
|
@@ -665,6 +749,18 @@ class _SecretBackendCertState:
|
|
665
749
|
def revoke(self, value: Optional[pulumi.Input[bool]]):
|
666
750
|
pulumi.set(self, "revoke", value)
|
667
751
|
|
752
|
+
@property
|
753
|
+
@pulumi.getter(name="revokeWithKey")
|
754
|
+
def revoke_with_key(self) -> Optional[pulumi.Input[bool]]:
|
755
|
+
"""
|
756
|
+
If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
757
|
+
"""
|
758
|
+
return pulumi.get(self, "revoke_with_key")
|
759
|
+
|
760
|
+
@revoke_with_key.setter
|
761
|
+
def revoke_with_key(self, value: Optional[pulumi.Input[bool]]):
|
762
|
+
pulumi.set(self, "revoke_with_key", value)
|
763
|
+
|
668
764
|
@property
|
669
765
|
@pulumi.getter(name="serialNumber")
|
670
766
|
def serial_number(self) -> Optional[pulumi.Input[str]]:
|
@@ -722,6 +818,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
722
818
|
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
723
819
|
auto_renew: Optional[pulumi.Input[bool]] = None,
|
724
820
|
backend: Optional[pulumi.Input[str]] = None,
|
821
|
+
cert_metadata: Optional[pulumi.Input[str]] = None,
|
725
822
|
common_name: Optional[pulumi.Input[str]] = None,
|
726
823
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
727
824
|
format: Optional[pulumi.Input[str]] = None,
|
@@ -730,9 +827,11 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
730
827
|
min_seconds_remaining: Optional[pulumi.Input[int]] = None,
|
731
828
|
name: Optional[pulumi.Input[str]] = None,
|
732
829
|
namespace: Optional[pulumi.Input[str]] = None,
|
830
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
733
831
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
734
832
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
735
833
|
revoke: Optional[pulumi.Input[bool]] = None,
|
834
|
+
revoke_with_key: Optional[pulumi.Input[bool]] = None,
|
736
835
|
ttl: Optional[pulumi.Input[str]] = None,
|
737
836
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
738
837
|
user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -756,6 +855,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
756
855
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] alt_names: List of alternative names
|
757
856
|
:param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
|
758
857
|
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
858
|
+
:param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
759
859
|
:param pulumi.Input[str] common_name: CN of certificate to create
|
760
860
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
761
861
|
:param pulumi.Input[str] format: The format of data
|
@@ -767,9 +867,11 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
767
867
|
The value should not contain leading or trailing forward slashes.
|
768
868
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
769
869
|
*Available only for Vault Enterprise*.
|
870
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
770
871
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
771
872
|
:param pulumi.Input[str] private_key_format: The private key format
|
772
|
-
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
873
|
+
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
874
|
+
:param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
773
875
|
:param pulumi.Input[str] ttl: Time to live
|
774
876
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
775
877
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] user_ids: List of Subject User IDs
|
@@ -812,6 +914,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
812
914
|
alt_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
813
915
|
auto_renew: Optional[pulumi.Input[bool]] = None,
|
814
916
|
backend: Optional[pulumi.Input[str]] = None,
|
917
|
+
cert_metadata: Optional[pulumi.Input[str]] = None,
|
815
918
|
common_name: Optional[pulumi.Input[str]] = None,
|
816
919
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
817
920
|
format: Optional[pulumi.Input[str]] = None,
|
@@ -820,9 +923,11 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
820
923
|
min_seconds_remaining: Optional[pulumi.Input[int]] = None,
|
821
924
|
name: Optional[pulumi.Input[str]] = None,
|
822
925
|
namespace: Optional[pulumi.Input[str]] = None,
|
926
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
823
927
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
824
928
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
825
929
|
revoke: Optional[pulumi.Input[bool]] = None,
|
930
|
+
revoke_with_key: Optional[pulumi.Input[bool]] = None,
|
826
931
|
ttl: Optional[pulumi.Input[str]] = None,
|
827
932
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
828
933
|
user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -840,6 +945,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
840
945
|
if backend is None and not opts.urn:
|
841
946
|
raise TypeError("Missing required property 'backend'")
|
842
947
|
__props__.__dict__["backend"] = backend
|
948
|
+
__props__.__dict__["cert_metadata"] = cert_metadata
|
843
949
|
if common_name is None and not opts.urn:
|
844
950
|
raise TypeError("Missing required property 'common_name'")
|
845
951
|
__props__.__dict__["common_name"] = common_name
|
@@ -850,9 +956,11 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
850
956
|
__props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
|
851
957
|
__props__.__dict__["name"] = name
|
852
958
|
__props__.__dict__["namespace"] = namespace
|
959
|
+
__props__.__dict__["not_after"] = not_after
|
853
960
|
__props__.__dict__["other_sans"] = other_sans
|
854
961
|
__props__.__dict__["private_key_format"] = private_key_format
|
855
962
|
__props__.__dict__["revoke"] = revoke
|
963
|
+
__props__.__dict__["revoke_with_key"] = revoke_with_key
|
856
964
|
__props__.__dict__["ttl"] = ttl
|
857
965
|
__props__.__dict__["uri_sans"] = uri_sans
|
858
966
|
__props__.__dict__["user_ids"] = user_ids
|
@@ -880,6 +988,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
880
988
|
auto_renew: Optional[pulumi.Input[bool]] = None,
|
881
989
|
backend: Optional[pulumi.Input[str]] = None,
|
882
990
|
ca_chain: Optional[pulumi.Input[str]] = None,
|
991
|
+
cert_metadata: Optional[pulumi.Input[str]] = None,
|
883
992
|
certificate: Optional[pulumi.Input[str]] = None,
|
884
993
|
common_name: Optional[pulumi.Input[str]] = None,
|
885
994
|
exclude_cn_from_sans: Optional[pulumi.Input[bool]] = None,
|
@@ -891,12 +1000,14 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
891
1000
|
min_seconds_remaining: Optional[pulumi.Input[int]] = None,
|
892
1001
|
name: Optional[pulumi.Input[str]] = None,
|
893
1002
|
namespace: Optional[pulumi.Input[str]] = None,
|
1003
|
+
not_after: Optional[pulumi.Input[str]] = None,
|
894
1004
|
other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
895
1005
|
private_key: Optional[pulumi.Input[str]] = None,
|
896
1006
|
private_key_format: Optional[pulumi.Input[str]] = None,
|
897
1007
|
private_key_type: Optional[pulumi.Input[str]] = None,
|
898
1008
|
renew_pending: Optional[pulumi.Input[bool]] = None,
|
899
1009
|
revoke: Optional[pulumi.Input[bool]] = None,
|
1010
|
+
revoke_with_key: Optional[pulumi.Input[bool]] = None,
|
900
1011
|
serial_number: Optional[pulumi.Input[str]] = None,
|
901
1012
|
ttl: Optional[pulumi.Input[str]] = None,
|
902
1013
|
uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -912,6 +1023,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
912
1023
|
:param pulumi.Input[bool] auto_renew: If set to `true`, certs will be renewed if the expiration is within `min_seconds_remaining`. Default `false`
|
913
1024
|
:param pulumi.Input[str] backend: The PKI secret backend the resource belongs to.
|
914
1025
|
:param pulumi.Input[str] ca_chain: The CA chain
|
1026
|
+
:param pulumi.Input[str] cert_metadata: A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
915
1027
|
:param pulumi.Input[str] certificate: The certificate
|
916
1028
|
:param pulumi.Input[str] common_name: CN of certificate to create
|
917
1029
|
:param pulumi.Input[bool] exclude_cn_from_sans: Flag to exclude CN from SANs
|
@@ -926,12 +1038,14 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
926
1038
|
The value should not contain leading or trailing forward slashes.
|
927
1039
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
928
1040
|
*Available only for Vault Enterprise*.
|
1041
|
+
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
929
1042
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] other_sans: List of other SANs
|
930
1043
|
:param pulumi.Input[str] private_key: The private key
|
931
1044
|
:param pulumi.Input[str] private_key_format: The private key format
|
932
1045
|
:param pulumi.Input[str] private_key_type: The private key type
|
933
1046
|
:param pulumi.Input[bool] renew_pending: `true` if the current time (during refresh) is after the start of the early renewal window declared by `min_seconds_remaining`, and `false` otherwise; if `auto_renew` is set to `true` then the provider will plan to replace the certificate once renewal is pending.
|
934
|
-
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction.
|
1047
|
+
:param pulumi.Input[bool] revoke: If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
1048
|
+
:param pulumi.Input[bool] revoke_with_key: If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
935
1049
|
:param pulumi.Input[str] serial_number: The serial number
|
936
1050
|
:param pulumi.Input[str] ttl: Time to live
|
937
1051
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] uri_sans: List of alternative URIs
|
@@ -945,6 +1059,7 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
945
1059
|
__props__.__dict__["auto_renew"] = auto_renew
|
946
1060
|
__props__.__dict__["backend"] = backend
|
947
1061
|
__props__.__dict__["ca_chain"] = ca_chain
|
1062
|
+
__props__.__dict__["cert_metadata"] = cert_metadata
|
948
1063
|
__props__.__dict__["certificate"] = certificate
|
949
1064
|
__props__.__dict__["common_name"] = common_name
|
950
1065
|
__props__.__dict__["exclude_cn_from_sans"] = exclude_cn_from_sans
|
@@ -956,12 +1071,14 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
956
1071
|
__props__.__dict__["min_seconds_remaining"] = min_seconds_remaining
|
957
1072
|
__props__.__dict__["name"] = name
|
958
1073
|
__props__.__dict__["namespace"] = namespace
|
1074
|
+
__props__.__dict__["not_after"] = not_after
|
959
1075
|
__props__.__dict__["other_sans"] = other_sans
|
960
1076
|
__props__.__dict__["private_key"] = private_key
|
961
1077
|
__props__.__dict__["private_key_format"] = private_key_format
|
962
1078
|
__props__.__dict__["private_key_type"] = private_key_type
|
963
1079
|
__props__.__dict__["renew_pending"] = renew_pending
|
964
1080
|
__props__.__dict__["revoke"] = revoke
|
1081
|
+
__props__.__dict__["revoke_with_key"] = revoke_with_key
|
965
1082
|
__props__.__dict__["serial_number"] = serial_number
|
966
1083
|
__props__.__dict__["ttl"] = ttl
|
967
1084
|
__props__.__dict__["uri_sans"] = uri_sans
|
@@ -1000,6 +1117,14 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
1000
1117
|
"""
|
1001
1118
|
return pulumi.get(self, "ca_chain")
|
1002
1119
|
|
1120
|
+
@property
|
1121
|
+
@pulumi.getter(name="certMetadata")
|
1122
|
+
def cert_metadata(self) -> pulumi.Output[Optional[str]]:
|
1123
|
+
"""
|
1124
|
+
A base 64 encoded value or an empty string to associate with the certificate's serial number. The role's no_store_metadata must be set to false, otherwise an error is returned when specified.
|
1125
|
+
"""
|
1126
|
+
return pulumi.get(self, "cert_metadata")
|
1127
|
+
|
1003
1128
|
@property
|
1004
1129
|
@pulumi.getter
|
1005
1130
|
def certificate(self) -> pulumi.Output[str]:
|
@@ -1091,6 +1216,14 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
1091
1216
|
"""
|
1092
1217
|
return pulumi.get(self, "namespace")
|
1093
1218
|
|
1219
|
+
@property
|
1220
|
+
@pulumi.getter(name="notAfter")
|
1221
|
+
def not_after(self) -> pulumi.Output[Optional[str]]:
|
1222
|
+
"""
|
1223
|
+
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1224
|
+
"""
|
1225
|
+
return pulumi.get(self, "not_after")
|
1226
|
+
|
1094
1227
|
@property
|
1095
1228
|
@pulumi.getter(name="otherSans")
|
1096
1229
|
def other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
@@ -1135,10 +1268,18 @@ class SecretBackendCert(pulumi.CustomResource):
|
|
1135
1268
|
@pulumi.getter
|
1136
1269
|
def revoke(self) -> pulumi.Output[Optional[bool]]:
|
1137
1270
|
"""
|
1138
|
-
If set to `true`, the certificate will be revoked on resource destruction.
|
1271
|
+
If set to `true`, the certificate will be revoked on resource destruction using the `revoke` PKI API. Conflicts with `revoke_with_key`. Default `false`.
|
1139
1272
|
"""
|
1140
1273
|
return pulumi.get(self, "revoke")
|
1141
1274
|
|
1275
|
+
@property
|
1276
|
+
@pulumi.getter(name="revokeWithKey")
|
1277
|
+
def revoke_with_key(self) -> pulumi.Output[Optional[bool]]:
|
1278
|
+
"""
|
1279
|
+
If set to `true`, the certificate will be revoked on resource destruction using the `revoke-with-key` PKI API. Conflicts with `revoke`. Default `false`
|
1280
|
+
"""
|
1281
|
+
return pulumi.get(self, "revoke_with_key")
|
1282
|
+
|
1142
1283
|
@property
|
1143
1284
|
@pulumi.getter(name="serialNumber")
|
1144
1285
|
def serial_number(self) -> pulumi.Output[str]:
|
@@ -27,6 +27,7 @@ class SecretBackendCrlConfigArgs:
|
|
27
27
|
disable: Optional[pulumi.Input[bool]] = None,
|
28
28
|
enable_delta: Optional[pulumi.Input[bool]] = None,
|
29
29
|
expiry: Optional[pulumi.Input[str]] = None,
|
30
|
+
max_crl_entries: Optional[pulumi.Input[int]] = None,
|
30
31
|
namespace: Optional[pulumi.Input[str]] = None,
|
31
32
|
ocsp_disable: Optional[pulumi.Input[bool]] = None,
|
32
33
|
ocsp_expiry: Optional[pulumi.Input[str]] = None,
|
@@ -43,6 +44,8 @@ class SecretBackendCrlConfigArgs:
|
|
43
44
|
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
44
45
|
augmenting the last complete CRL. **Vault 1.12+**
|
45
46
|
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
47
|
+
:param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
48
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
46
49
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
47
50
|
The value should not contain leading or trailing forward slashes.
|
48
51
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
@@ -69,6 +72,8 @@ class SecretBackendCrlConfigArgs:
|
|
69
72
|
pulumi.set(__self__, "enable_delta", enable_delta)
|
70
73
|
if expiry is not None:
|
71
74
|
pulumi.set(__self__, "expiry", expiry)
|
75
|
+
if max_crl_entries is not None:
|
76
|
+
pulumi.set(__self__, "max_crl_entries", max_crl_entries)
|
72
77
|
if namespace is not None:
|
73
78
|
pulumi.set(__self__, "namespace", namespace)
|
74
79
|
if ocsp_disable is not None:
|
@@ -177,6 +182,19 @@ class SecretBackendCrlConfigArgs:
|
|
177
182
|
def expiry(self, value: Optional[pulumi.Input[str]]):
|
178
183
|
pulumi.set(self, "expiry", value)
|
179
184
|
|
185
|
+
@property
|
186
|
+
@pulumi.getter(name="maxCrlEntries")
|
187
|
+
def max_crl_entries(self) -> Optional[pulumi.Input[int]]:
|
188
|
+
"""
|
189
|
+
The maximum number of entries a CRL can contain. This option exists to prevent
|
190
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
191
|
+
"""
|
192
|
+
return pulumi.get(self, "max_crl_entries")
|
193
|
+
|
194
|
+
@max_crl_entries.setter
|
195
|
+
def max_crl_entries(self, value: Optional[pulumi.Input[int]]):
|
196
|
+
pulumi.set(self, "max_crl_entries", value)
|
197
|
+
|
180
198
|
@property
|
181
199
|
@pulumi.getter
|
182
200
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
@@ -254,6 +272,7 @@ class _SecretBackendCrlConfigState:
|
|
254
272
|
disable: Optional[pulumi.Input[bool]] = None,
|
255
273
|
enable_delta: Optional[pulumi.Input[bool]] = None,
|
256
274
|
expiry: Optional[pulumi.Input[str]] = None,
|
275
|
+
max_crl_entries: Optional[pulumi.Input[int]] = None,
|
257
276
|
namespace: Optional[pulumi.Input[str]] = None,
|
258
277
|
ocsp_disable: Optional[pulumi.Input[bool]] = None,
|
259
278
|
ocsp_expiry: Optional[pulumi.Input[str]] = None,
|
@@ -270,6 +289,8 @@ class _SecretBackendCrlConfigState:
|
|
270
289
|
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
271
290
|
augmenting the last complete CRL. **Vault 1.12+**
|
272
291
|
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
292
|
+
:param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
293
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
273
294
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
274
295
|
The value should not contain leading or trailing forward slashes.
|
275
296
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
@@ -297,6 +318,8 @@ class _SecretBackendCrlConfigState:
|
|
297
318
|
pulumi.set(__self__, "enable_delta", enable_delta)
|
298
319
|
if expiry is not None:
|
299
320
|
pulumi.set(__self__, "expiry", expiry)
|
321
|
+
if max_crl_entries is not None:
|
322
|
+
pulumi.set(__self__, "max_crl_entries", max_crl_entries)
|
300
323
|
if namespace is not None:
|
301
324
|
pulumi.set(__self__, "namespace", namespace)
|
302
325
|
if ocsp_disable is not None:
|
@@ -405,6 +428,19 @@ class _SecretBackendCrlConfigState:
|
|
405
428
|
def expiry(self, value: Optional[pulumi.Input[str]]):
|
406
429
|
pulumi.set(self, "expiry", value)
|
407
430
|
|
431
|
+
@property
|
432
|
+
@pulumi.getter(name="maxCrlEntries")
|
433
|
+
def max_crl_entries(self) -> Optional[pulumi.Input[int]]:
|
434
|
+
"""
|
435
|
+
The maximum number of entries a CRL can contain. This option exists to prevent
|
436
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
437
|
+
"""
|
438
|
+
return pulumi.get(self, "max_crl_entries")
|
439
|
+
|
440
|
+
@max_crl_entries.setter
|
441
|
+
def max_crl_entries(self, value: Optional[pulumi.Input[int]]):
|
442
|
+
pulumi.set(self, "max_crl_entries", value)
|
443
|
+
|
408
444
|
@property
|
409
445
|
@pulumi.getter
|
410
446
|
def namespace(self) -> Optional[pulumi.Input[str]]:
|
@@ -484,6 +520,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
484
520
|
disable: Optional[pulumi.Input[bool]] = None,
|
485
521
|
enable_delta: Optional[pulumi.Input[bool]] = None,
|
486
522
|
expiry: Optional[pulumi.Input[str]] = None,
|
523
|
+
max_crl_entries: Optional[pulumi.Input[int]] = None,
|
487
524
|
namespace: Optional[pulumi.Input[str]] = None,
|
488
525
|
ocsp_disable: Optional[pulumi.Input[bool]] = None,
|
489
526
|
ocsp_expiry: Optional[pulumi.Input[str]] = None,
|
@@ -521,6 +558,8 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
521
558
|
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
522
559
|
augmenting the last complete CRL. **Vault 1.12+**
|
523
560
|
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
561
|
+
:param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
562
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
524
563
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
525
564
|
The value should not contain leading or trailing forward slashes.
|
526
565
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
@@ -581,6 +620,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
581
620
|
disable: Optional[pulumi.Input[bool]] = None,
|
582
621
|
enable_delta: Optional[pulumi.Input[bool]] = None,
|
583
622
|
expiry: Optional[pulumi.Input[str]] = None,
|
623
|
+
max_crl_entries: Optional[pulumi.Input[int]] = None,
|
584
624
|
namespace: Optional[pulumi.Input[str]] = None,
|
585
625
|
ocsp_disable: Optional[pulumi.Input[bool]] = None,
|
586
626
|
ocsp_expiry: Optional[pulumi.Input[str]] = None,
|
@@ -605,6 +645,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
605
645
|
__props__.__dict__["disable"] = disable
|
606
646
|
__props__.__dict__["enable_delta"] = enable_delta
|
607
647
|
__props__.__dict__["expiry"] = expiry
|
648
|
+
__props__.__dict__["max_crl_entries"] = max_crl_entries
|
608
649
|
__props__.__dict__["namespace"] = namespace
|
609
650
|
__props__.__dict__["ocsp_disable"] = ocsp_disable
|
610
651
|
__props__.__dict__["ocsp_expiry"] = ocsp_expiry
|
@@ -628,6 +669,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
628
669
|
disable: Optional[pulumi.Input[bool]] = None,
|
629
670
|
enable_delta: Optional[pulumi.Input[bool]] = None,
|
630
671
|
expiry: Optional[pulumi.Input[str]] = None,
|
672
|
+
max_crl_entries: Optional[pulumi.Input[int]] = None,
|
631
673
|
namespace: Optional[pulumi.Input[str]] = None,
|
632
674
|
ocsp_disable: Optional[pulumi.Input[bool]] = None,
|
633
675
|
ocsp_expiry: Optional[pulumi.Input[str]] = None,
|
@@ -649,6 +691,8 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
649
691
|
:param pulumi.Input[bool] enable_delta: Enables building of delta CRLs with up-to-date revocation information,
|
650
692
|
augmenting the last complete CRL. **Vault 1.12+**
|
651
693
|
:param pulumi.Input[str] expiry: Specifies the time until expiration.
|
694
|
+
:param pulumi.Input[int] max_crl_entries: The maximum number of entries a CRL can contain. This option exists to prevent
|
695
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
652
696
|
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
653
697
|
The value should not contain leading or trailing forward slashes.
|
654
698
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
@@ -672,6 +716,7 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
672
716
|
__props__.__dict__["disable"] = disable
|
673
717
|
__props__.__dict__["enable_delta"] = enable_delta
|
674
718
|
__props__.__dict__["expiry"] = expiry
|
719
|
+
__props__.__dict__["max_crl_entries"] = max_crl_entries
|
675
720
|
__props__.__dict__["namespace"] = namespace
|
676
721
|
__props__.__dict__["ocsp_disable"] = ocsp_disable
|
677
722
|
__props__.__dict__["ocsp_expiry"] = ocsp_expiry
|
@@ -744,6 +789,15 @@ class SecretBackendCrlConfig(pulumi.CustomResource):
|
|
744
789
|
"""
|
745
790
|
return pulumi.get(self, "expiry")
|
746
791
|
|
792
|
+
@property
|
793
|
+
@pulumi.getter(name="maxCrlEntries")
|
794
|
+
def max_crl_entries(self) -> pulumi.Output[int]:
|
795
|
+
"""
|
796
|
+
The maximum number of entries a CRL can contain. This option exists to prevent
|
797
|
+
accidental runaway issuance/revocation from overloading Vault. If set to -1, the limit is disabled. **Vault 1.19**
|
798
|
+
"""
|
799
|
+
return pulumi.get(self, "max_crl_entries")
|
800
|
+
|
747
801
|
@property
|
748
802
|
@pulumi.getter
|
749
803
|
def namespace(self) -> pulumi.Output[Optional[str]]:
|