pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +8 -0
- pulumi_vault/aws/auth_backend_client.py +228 -4
- pulumi_vault/aws/secret_backend.py +266 -50
- pulumi_vault/aws/secret_backend_static_role.py +217 -0
- pulumi_vault/azure/auth_backend_config.py +257 -5
- pulumi_vault/azure/backend.py +249 -4
- pulumi_vault/database/_inputs.py +1692 -36
- pulumi_vault/database/outputs.py +1170 -18
- pulumi_vault/database/secret_backend_connection.py +220 -0
- pulumi_vault/database/secret_backend_static_role.py +143 -1
- pulumi_vault/database/secrets_mount.py +8 -0
- pulumi_vault/gcp/auth_backend.py +222 -2
- pulumi_vault/gcp/secret_backend.py +244 -4
- pulumi_vault/ldap/auth_backend.py +222 -2
- pulumi_vault/ldap/secret_backend.py +222 -2
- pulumi_vault/pkisecret/__init__.py +2 -0
- pulumi_vault/pkisecret/_inputs.py +0 -6
- pulumi_vault/pkisecret/backend_config_acme.py +47 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
- pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
- pulumi_vault/pkisecret/outputs.py +0 -4
- pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
- pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
- pulumi_vault/pkisecret/secret_backend_role.py +252 -3
- pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
- pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/terraformcloud/secret_role.py +7 -7
- pulumi_vault/transit/__init__.py +2 -0
- pulumi_vault/transit/get_sign.py +324 -0
- pulumi_vault/transit/get_verify.py +354 -0
- pulumi_vault/transit/secret_backend_key.py +162 -0
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
- {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -22,6 +22,10 @@ class SecretBackendIssuerArgs:
|
|
22
22
|
backend: pulumi.Input[str],
|
23
23
|
issuer_ref: pulumi.Input[str],
|
24
24
|
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
+
disable_critical_extension_checks: Optional[pulumi.Input[bool]] = None,
|
26
|
+
disable_name_checks: Optional[pulumi.Input[bool]] = None,
|
27
|
+
disable_name_constraint_checks: Optional[pulumi.Input[bool]] = None,
|
28
|
+
disable_path_length_checks: Optional[pulumi.Input[bool]] = None,
|
25
29
|
enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
|
26
30
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
27
31
|
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
@@ -38,6 +42,21 @@ class SecretBackendIssuerArgs:
|
|
38
42
|
:param pulumi.Input[str] issuer_ref: Reference to an existing issuer.
|
39
43
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
40
44
|
Distribution Points field.
|
45
|
+
:param pulumi.Input[bool] disable_critical_extension_checks: This determines whether this
|
46
|
+
issuer is able to issue certificates where the chain of trust (including the
|
47
|
+
issued certificate) contain critical extensions not processed by Vault.
|
48
|
+
:param pulumi.Input[bool] disable_name_checks: This determines whether this issuer is able
|
49
|
+
to issue certificates where the chain of trust (including the final issued
|
50
|
+
certificate) contains a link in which the subject of the issuing certificate
|
51
|
+
does not match the named issuer of the certificate it signed.
|
52
|
+
:param pulumi.Input[bool] disable_name_constraint_checks: This determines whether this
|
53
|
+
issuer is able to issue certificates where the chain of trust (including the
|
54
|
+
final issued certificate) violates the name constraints critical extension of
|
55
|
+
one of the issuer certificates in the chain.
|
56
|
+
:param pulumi.Input[bool] disable_path_length_checks: This determines whether this issuer
|
57
|
+
is able to issue certificates where the chain of trust (including the final
|
58
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
59
|
+
chain.
|
41
60
|
:param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
42
61
|
be templated.
|
43
62
|
:param pulumi.Input[str] issuer_name: Name of the issuer.
|
@@ -60,6 +79,14 @@ class SecretBackendIssuerArgs:
|
|
60
79
|
pulumi.set(__self__, "issuer_ref", issuer_ref)
|
61
80
|
if crl_distribution_points is not None:
|
62
81
|
pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
|
82
|
+
if disable_critical_extension_checks is not None:
|
83
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
84
|
+
if disable_name_checks is not None:
|
85
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
86
|
+
if disable_name_constraint_checks is not None:
|
87
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
88
|
+
if disable_path_length_checks is not None:
|
89
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
63
90
|
if enable_aia_url_templating is not None:
|
64
91
|
pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
|
65
92
|
if issuer_name is not None:
|
@@ -117,6 +144,65 @@ class SecretBackendIssuerArgs:
|
|
117
144
|
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
118
145
|
pulumi.set(self, "crl_distribution_points", value)
|
119
146
|
|
147
|
+
@property
|
148
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
149
|
+
def disable_critical_extension_checks(self) -> Optional[pulumi.Input[bool]]:
|
150
|
+
"""
|
151
|
+
This determines whether this
|
152
|
+
issuer is able to issue certificates where the chain of trust (including the
|
153
|
+
issued certificate) contain critical extensions not processed by Vault.
|
154
|
+
"""
|
155
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
156
|
+
|
157
|
+
@disable_critical_extension_checks.setter
|
158
|
+
def disable_critical_extension_checks(self, value: Optional[pulumi.Input[bool]]):
|
159
|
+
pulumi.set(self, "disable_critical_extension_checks", value)
|
160
|
+
|
161
|
+
@property
|
162
|
+
@pulumi.getter(name="disableNameChecks")
|
163
|
+
def disable_name_checks(self) -> Optional[pulumi.Input[bool]]:
|
164
|
+
"""
|
165
|
+
This determines whether this issuer is able
|
166
|
+
to issue certificates where the chain of trust (including the final issued
|
167
|
+
certificate) contains a link in which the subject of the issuing certificate
|
168
|
+
does not match the named issuer of the certificate it signed.
|
169
|
+
"""
|
170
|
+
return pulumi.get(self, "disable_name_checks")
|
171
|
+
|
172
|
+
@disable_name_checks.setter
|
173
|
+
def disable_name_checks(self, value: Optional[pulumi.Input[bool]]):
|
174
|
+
pulumi.set(self, "disable_name_checks", value)
|
175
|
+
|
176
|
+
@property
|
177
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
178
|
+
def disable_name_constraint_checks(self) -> Optional[pulumi.Input[bool]]:
|
179
|
+
"""
|
180
|
+
This determines whether this
|
181
|
+
issuer is able to issue certificates where the chain of trust (including the
|
182
|
+
final issued certificate) violates the name constraints critical extension of
|
183
|
+
one of the issuer certificates in the chain.
|
184
|
+
"""
|
185
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
186
|
+
|
187
|
+
@disable_name_constraint_checks.setter
|
188
|
+
def disable_name_constraint_checks(self, value: Optional[pulumi.Input[bool]]):
|
189
|
+
pulumi.set(self, "disable_name_constraint_checks", value)
|
190
|
+
|
191
|
+
@property
|
192
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
193
|
+
def disable_path_length_checks(self) -> Optional[pulumi.Input[bool]]:
|
194
|
+
"""
|
195
|
+
This determines whether this issuer
|
196
|
+
is able to issue certificates where the chain of trust (including the final
|
197
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
198
|
+
chain.
|
199
|
+
"""
|
200
|
+
return pulumi.get(self, "disable_path_length_checks")
|
201
|
+
|
202
|
+
@disable_path_length_checks.setter
|
203
|
+
def disable_path_length_checks(self, value: Optional[pulumi.Input[bool]]):
|
204
|
+
pulumi.set(self, "disable_path_length_checks", value)
|
205
|
+
|
120
206
|
@property
|
121
207
|
@pulumi.getter(name="enableAiaUrlTemplating")
|
122
208
|
def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
|
@@ -239,6 +325,10 @@ class _SecretBackendIssuerState:
|
|
239
325
|
def __init__(__self__, *,
|
240
326
|
backend: Optional[pulumi.Input[str]] = None,
|
241
327
|
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
328
|
+
disable_critical_extension_checks: Optional[pulumi.Input[bool]] = None,
|
329
|
+
disable_name_checks: Optional[pulumi.Input[bool]] = None,
|
330
|
+
disable_name_constraint_checks: Optional[pulumi.Input[bool]] = None,
|
331
|
+
disable_path_length_checks: Optional[pulumi.Input[bool]] = None,
|
242
332
|
enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
|
243
333
|
issuer_id: Optional[pulumi.Input[str]] = None,
|
244
334
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
@@ -256,6 +346,21 @@ class _SecretBackendIssuerState:
|
|
256
346
|
leading or trailing `/`s.
|
257
347
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
258
348
|
Distribution Points field.
|
349
|
+
:param pulumi.Input[bool] disable_critical_extension_checks: This determines whether this
|
350
|
+
issuer is able to issue certificates where the chain of trust (including the
|
351
|
+
issued certificate) contain critical extensions not processed by Vault.
|
352
|
+
:param pulumi.Input[bool] disable_name_checks: This determines whether this issuer is able
|
353
|
+
to issue certificates where the chain of trust (including the final issued
|
354
|
+
certificate) contains a link in which the subject of the issuing certificate
|
355
|
+
does not match the named issuer of the certificate it signed.
|
356
|
+
:param pulumi.Input[bool] disable_name_constraint_checks: This determines whether this
|
357
|
+
issuer is able to issue certificates where the chain of trust (including the
|
358
|
+
final issued certificate) violates the name constraints critical extension of
|
359
|
+
one of the issuer certificates in the chain.
|
360
|
+
:param pulumi.Input[bool] disable_path_length_checks: This determines whether this issuer
|
361
|
+
is able to issue certificates where the chain of trust (including the final
|
362
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
363
|
+
chain.
|
259
364
|
:param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
260
365
|
be templated.
|
261
366
|
:param pulumi.Input[str] issuer_id: ID of the issuer.
|
@@ -280,6 +385,14 @@ class _SecretBackendIssuerState:
|
|
280
385
|
pulumi.set(__self__, "backend", backend)
|
281
386
|
if crl_distribution_points is not None:
|
282
387
|
pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
|
388
|
+
if disable_critical_extension_checks is not None:
|
389
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
390
|
+
if disable_name_checks is not None:
|
391
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
392
|
+
if disable_name_constraint_checks is not None:
|
393
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
394
|
+
if disable_path_length_checks is not None:
|
395
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
283
396
|
if enable_aia_url_templating is not None:
|
284
397
|
pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
|
285
398
|
if issuer_id is not None:
|
@@ -329,6 +442,65 @@ class _SecretBackendIssuerState:
|
|
329
442
|
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
330
443
|
pulumi.set(self, "crl_distribution_points", value)
|
331
444
|
|
445
|
+
@property
|
446
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
447
|
+
def disable_critical_extension_checks(self) -> Optional[pulumi.Input[bool]]:
|
448
|
+
"""
|
449
|
+
This determines whether this
|
450
|
+
issuer is able to issue certificates where the chain of trust (including the
|
451
|
+
issued certificate) contain critical extensions not processed by Vault.
|
452
|
+
"""
|
453
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
454
|
+
|
455
|
+
@disable_critical_extension_checks.setter
|
456
|
+
def disable_critical_extension_checks(self, value: Optional[pulumi.Input[bool]]):
|
457
|
+
pulumi.set(self, "disable_critical_extension_checks", value)
|
458
|
+
|
459
|
+
@property
|
460
|
+
@pulumi.getter(name="disableNameChecks")
|
461
|
+
def disable_name_checks(self) -> Optional[pulumi.Input[bool]]:
|
462
|
+
"""
|
463
|
+
This determines whether this issuer is able
|
464
|
+
to issue certificates where the chain of trust (including the final issued
|
465
|
+
certificate) contains a link in which the subject of the issuing certificate
|
466
|
+
does not match the named issuer of the certificate it signed.
|
467
|
+
"""
|
468
|
+
return pulumi.get(self, "disable_name_checks")
|
469
|
+
|
470
|
+
@disable_name_checks.setter
|
471
|
+
def disable_name_checks(self, value: Optional[pulumi.Input[bool]]):
|
472
|
+
pulumi.set(self, "disable_name_checks", value)
|
473
|
+
|
474
|
+
@property
|
475
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
476
|
+
def disable_name_constraint_checks(self) -> Optional[pulumi.Input[bool]]:
|
477
|
+
"""
|
478
|
+
This determines whether this
|
479
|
+
issuer is able to issue certificates where the chain of trust (including the
|
480
|
+
final issued certificate) violates the name constraints critical extension of
|
481
|
+
one of the issuer certificates in the chain.
|
482
|
+
"""
|
483
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
484
|
+
|
485
|
+
@disable_name_constraint_checks.setter
|
486
|
+
def disable_name_constraint_checks(self, value: Optional[pulumi.Input[bool]]):
|
487
|
+
pulumi.set(self, "disable_name_constraint_checks", value)
|
488
|
+
|
489
|
+
@property
|
490
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
491
|
+
def disable_path_length_checks(self) -> Optional[pulumi.Input[bool]]:
|
492
|
+
"""
|
493
|
+
This determines whether this issuer
|
494
|
+
is able to issue certificates where the chain of trust (including the final
|
495
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
496
|
+
chain.
|
497
|
+
"""
|
498
|
+
return pulumi.get(self, "disable_path_length_checks")
|
499
|
+
|
500
|
+
@disable_path_length_checks.setter
|
501
|
+
def disable_path_length_checks(self, value: Optional[pulumi.Input[bool]]):
|
502
|
+
pulumi.set(self, "disable_path_length_checks", value)
|
503
|
+
|
332
504
|
@property
|
333
505
|
@pulumi.getter(name="enableAiaUrlTemplating")
|
334
506
|
def enable_aia_url_templating(self) -> Optional[pulumi.Input[bool]]:
|
@@ -477,6 +649,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
477
649
|
opts: Optional[pulumi.ResourceOptions] = None,
|
478
650
|
backend: Optional[pulumi.Input[str]] = None,
|
479
651
|
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
652
|
+
disable_critical_extension_checks: Optional[pulumi.Input[bool]] = None,
|
653
|
+
disable_name_checks: Optional[pulumi.Input[bool]] = None,
|
654
|
+
disable_name_constraint_checks: Optional[pulumi.Input[bool]] = None,
|
655
|
+
disable_path_length_checks: Optional[pulumi.Input[bool]] = None,
|
480
656
|
enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
|
481
657
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
482
658
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
@@ -525,6 +701,21 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
525
701
|
leading or trailing `/`s.
|
526
702
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
527
703
|
Distribution Points field.
|
704
|
+
:param pulumi.Input[bool] disable_critical_extension_checks: This determines whether this
|
705
|
+
issuer is able to issue certificates where the chain of trust (including the
|
706
|
+
issued certificate) contain critical extensions not processed by Vault.
|
707
|
+
:param pulumi.Input[bool] disable_name_checks: This determines whether this issuer is able
|
708
|
+
to issue certificates where the chain of trust (including the final issued
|
709
|
+
certificate) contains a link in which the subject of the issuing certificate
|
710
|
+
does not match the named issuer of the certificate it signed.
|
711
|
+
:param pulumi.Input[bool] disable_name_constraint_checks: This determines whether this
|
712
|
+
issuer is able to issue certificates where the chain of trust (including the
|
713
|
+
final issued certificate) violates the name constraints critical extension of
|
714
|
+
one of the issuer certificates in the chain.
|
715
|
+
:param pulumi.Input[bool] disable_path_length_checks: This determines whether this issuer
|
716
|
+
is able to issue certificates where the chain of trust (including the final
|
717
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
718
|
+
chain.
|
528
719
|
:param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
529
720
|
be templated.
|
530
721
|
:param pulumi.Input[str] issuer_name: Name of the issuer.
|
@@ -598,6 +789,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
598
789
|
opts: Optional[pulumi.ResourceOptions] = None,
|
599
790
|
backend: Optional[pulumi.Input[str]] = None,
|
600
791
|
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
792
|
+
disable_critical_extension_checks: Optional[pulumi.Input[bool]] = None,
|
793
|
+
disable_name_checks: Optional[pulumi.Input[bool]] = None,
|
794
|
+
disable_name_constraint_checks: Optional[pulumi.Input[bool]] = None,
|
795
|
+
disable_path_length_checks: Optional[pulumi.Input[bool]] = None,
|
601
796
|
enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
|
602
797
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
603
798
|
issuer_ref: Optional[pulumi.Input[str]] = None,
|
@@ -621,6 +816,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
621
816
|
raise TypeError("Missing required property 'backend'")
|
622
817
|
__props__.__dict__["backend"] = backend
|
623
818
|
__props__.__dict__["crl_distribution_points"] = crl_distribution_points
|
819
|
+
__props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
|
820
|
+
__props__.__dict__["disable_name_checks"] = disable_name_checks
|
821
|
+
__props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
|
822
|
+
__props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
|
624
823
|
__props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
|
625
824
|
__props__.__dict__["issuer_name"] = issuer_name
|
626
825
|
if issuer_ref is None and not opts.urn:
|
@@ -646,6 +845,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
646
845
|
opts: Optional[pulumi.ResourceOptions] = None,
|
647
846
|
backend: Optional[pulumi.Input[str]] = None,
|
648
847
|
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
848
|
+
disable_critical_extension_checks: Optional[pulumi.Input[bool]] = None,
|
849
|
+
disable_name_checks: Optional[pulumi.Input[bool]] = None,
|
850
|
+
disable_name_constraint_checks: Optional[pulumi.Input[bool]] = None,
|
851
|
+
disable_path_length_checks: Optional[pulumi.Input[bool]] = None,
|
649
852
|
enable_aia_url_templating: Optional[pulumi.Input[bool]] = None,
|
650
853
|
issuer_id: Optional[pulumi.Input[str]] = None,
|
651
854
|
issuer_name: Optional[pulumi.Input[str]] = None,
|
@@ -668,6 +871,21 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
668
871
|
leading or trailing `/`s.
|
669
872
|
:param pulumi.Input[Sequence[pulumi.Input[str]]] crl_distribution_points: Specifies the URL values for the CRL
|
670
873
|
Distribution Points field.
|
874
|
+
:param pulumi.Input[bool] disable_critical_extension_checks: This determines whether this
|
875
|
+
issuer is able to issue certificates where the chain of trust (including the
|
876
|
+
issued certificate) contain critical extensions not processed by Vault.
|
877
|
+
:param pulumi.Input[bool] disable_name_checks: This determines whether this issuer is able
|
878
|
+
to issue certificates where the chain of trust (including the final issued
|
879
|
+
certificate) contains a link in which the subject of the issuing certificate
|
880
|
+
does not match the named issuer of the certificate it signed.
|
881
|
+
:param pulumi.Input[bool] disable_name_constraint_checks: This determines whether this
|
882
|
+
issuer is able to issue certificates where the chain of trust (including the
|
883
|
+
final issued certificate) violates the name constraints critical extension of
|
884
|
+
one of the issuer certificates in the chain.
|
885
|
+
:param pulumi.Input[bool] disable_path_length_checks: This determines whether this issuer
|
886
|
+
is able to issue certificates where the chain of trust (including the final
|
887
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
888
|
+
chain.
|
671
889
|
:param pulumi.Input[bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
672
890
|
be templated.
|
673
891
|
:param pulumi.Input[str] issuer_id: ID of the issuer.
|
@@ -694,6 +912,10 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
694
912
|
|
695
913
|
__props__.__dict__["backend"] = backend
|
696
914
|
__props__.__dict__["crl_distribution_points"] = crl_distribution_points
|
915
|
+
__props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
|
916
|
+
__props__.__dict__["disable_name_checks"] = disable_name_checks
|
917
|
+
__props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
|
918
|
+
__props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
|
697
919
|
__props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
|
698
920
|
__props__.__dict__["issuer_id"] = issuer_id
|
699
921
|
__props__.__dict__["issuer_name"] = issuer_name
|
@@ -725,6 +947,49 @@ class SecretBackendIssuer(pulumi.CustomResource):
|
|
725
947
|
"""
|
726
948
|
return pulumi.get(self, "crl_distribution_points")
|
727
949
|
|
950
|
+
@property
|
951
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
952
|
+
def disable_critical_extension_checks(self) -> pulumi.Output[Optional[bool]]:
|
953
|
+
"""
|
954
|
+
This determines whether this
|
955
|
+
issuer is able to issue certificates where the chain of trust (including the
|
956
|
+
issued certificate) contain critical extensions not processed by Vault.
|
957
|
+
"""
|
958
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
959
|
+
|
960
|
+
@property
|
961
|
+
@pulumi.getter(name="disableNameChecks")
|
962
|
+
def disable_name_checks(self) -> pulumi.Output[Optional[bool]]:
|
963
|
+
"""
|
964
|
+
This determines whether this issuer is able
|
965
|
+
to issue certificates where the chain of trust (including the final issued
|
966
|
+
certificate) contains a link in which the subject of the issuing certificate
|
967
|
+
does not match the named issuer of the certificate it signed.
|
968
|
+
"""
|
969
|
+
return pulumi.get(self, "disable_name_checks")
|
970
|
+
|
971
|
+
@property
|
972
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
973
|
+
def disable_name_constraint_checks(self) -> pulumi.Output[Optional[bool]]:
|
974
|
+
"""
|
975
|
+
This determines whether this
|
976
|
+
issuer is able to issue certificates where the chain of trust (including the
|
977
|
+
final issued certificate) violates the name constraints critical extension of
|
978
|
+
one of the issuer certificates in the chain.
|
979
|
+
"""
|
980
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
981
|
+
|
982
|
+
@property
|
983
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
984
|
+
def disable_path_length_checks(self) -> pulumi.Output[Optional[bool]]:
|
985
|
+
"""
|
986
|
+
This determines whether this issuer
|
987
|
+
is able to issue certificates where the chain of trust (including the final
|
988
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
989
|
+
chain.
|
990
|
+
"""
|
991
|
+
return pulumi.get(self, "disable_path_length_checks")
|
992
|
+
|
728
993
|
@property
|
729
994
|
@pulumi.getter(name="enableAiaUrlTemplating")
|
730
995
|
def enable_aia_url_templating(self) -> pulumi.Output[Optional[bool]]:
|