pulumi-vault 6.6.0a1741415971__py3-none-any.whl → 6.7.0a1741847926__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. pulumi_vault/__init__.py +8 -0
  2. pulumi_vault/aws/auth_backend_client.py +228 -4
  3. pulumi_vault/aws/secret_backend.py +266 -50
  4. pulumi_vault/aws/secret_backend_static_role.py +217 -0
  5. pulumi_vault/azure/auth_backend_config.py +257 -5
  6. pulumi_vault/azure/backend.py +249 -4
  7. pulumi_vault/database/_inputs.py +1692 -36
  8. pulumi_vault/database/outputs.py +1170 -18
  9. pulumi_vault/database/secret_backend_connection.py +220 -0
  10. pulumi_vault/database/secret_backend_static_role.py +143 -1
  11. pulumi_vault/database/secrets_mount.py +8 -0
  12. pulumi_vault/gcp/auth_backend.py +222 -2
  13. pulumi_vault/gcp/secret_backend.py +244 -4
  14. pulumi_vault/ldap/auth_backend.py +222 -2
  15. pulumi_vault/ldap/secret_backend.py +222 -2
  16. pulumi_vault/pkisecret/__init__.py +2 -0
  17. pulumi_vault/pkisecret/_inputs.py +0 -6
  18. pulumi_vault/pkisecret/backend_config_acme.py +47 -0
  19. pulumi_vault/pkisecret/backend_config_auto_tidy.py +1376 -0
  20. pulumi_vault/pkisecret/backend_config_cmpv2.py +61 -14
  21. pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
  22. pulumi_vault/pkisecret/get_backend_config_cmpv2.py +18 -1
  23. pulumi_vault/pkisecret/get_backend_issuer.py +114 -1
  24. pulumi_vault/pkisecret/outputs.py +0 -4
  25. pulumi_vault/pkisecret/secret_backend_cert.py +148 -7
  26. pulumi_vault/pkisecret/secret_backend_crl_config.py +54 -0
  27. pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +141 -0
  28. pulumi_vault/pkisecret/secret_backend_issuer.py +265 -0
  29. pulumi_vault/pkisecret/secret_backend_role.py +252 -3
  30. pulumi_vault/pkisecret/secret_backend_root_cert.py +423 -0
  31. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +581 -3
  32. pulumi_vault/pkisecret/secret_backend_sign.py +94 -0
  33. pulumi_vault/pulumi-plugin.json +1 -1
  34. pulumi_vault/ssh/__init__.py +1 -0
  35. pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
  36. pulumi_vault/terraformcloud/secret_role.py +7 -7
  37. pulumi_vault/transit/__init__.py +2 -0
  38. pulumi_vault/transit/get_sign.py +324 -0
  39. pulumi_vault/transit/get_verify.py +354 -0
  40. pulumi_vault/transit/secret_backend_key.py +162 -0
  41. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/METADATA +1 -1
  42. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/RECORD +44 -39
  43. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/WHEEL +1 -1
  44. {pulumi_vault-6.6.0a1741415971.dist-info → pulumi_vault-6.7.0a1741847926.dist-info}/top_level.txt +0 -0
@@ -55,6 +55,8 @@ class SecretBackendRoleArgs:
55
55
  name: Optional[pulumi.Input[str]] = None,
56
56
  namespace: Optional[pulumi.Input[str]] = None,
57
57
  no_store: Optional[pulumi.Input[bool]] = None,
58
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
59
+ not_after: Optional[pulumi.Input[str]] = None,
58
60
  not_before_duration: Optional[pulumi.Input[str]] = None,
59
61
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
60
62
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -63,11 +65,14 @@ class SecretBackendRoleArgs:
63
65
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
64
66
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
65
67
  require_cn: Optional[pulumi.Input[bool]] = None,
68
+ serial_number_source: Optional[pulumi.Input[str]] = None,
66
69
  server_flag: Optional[pulumi.Input[bool]] = None,
70
+ signature_bits: Optional[pulumi.Input[int]] = None,
67
71
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
68
72
  ttl: Optional[pulumi.Input[str]] = None,
69
73
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
70
- use_csr_sans: Optional[pulumi.Input[bool]] = None):
74
+ use_csr_sans: Optional[pulumi.Input[bool]] = None,
75
+ use_pss: Optional[pulumi.Input[bool]] = None):
71
76
  """
72
77
  The set of arguments for constructing a SecretBackendRole resource.
73
78
  :param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
@@ -113,6 +118,8 @@ class SecretBackendRoleArgs:
113
118
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
114
119
  *Available only for Vault Enterprise*.
115
120
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
121
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
122
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
116
123
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
117
124
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
118
125
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -121,11 +128,16 @@ class SecretBackendRoleArgs:
121
128
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
122
129
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
123
130
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
131
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
132
+
133
+ Example usage:
124
134
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
135
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
125
136
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
126
137
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
127
138
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
128
139
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
140
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
129
141
  """
130
142
  pulumi.set(__self__, "backend", backend)
131
143
  if allow_any_name is not None:
@@ -194,6 +206,10 @@ class SecretBackendRoleArgs:
194
206
  pulumi.set(__self__, "namespace", namespace)
195
207
  if no_store is not None:
196
208
  pulumi.set(__self__, "no_store", no_store)
209
+ if no_store_metadata is not None:
210
+ pulumi.set(__self__, "no_store_metadata", no_store_metadata)
211
+ if not_after is not None:
212
+ pulumi.set(__self__, "not_after", not_after)
197
213
  if not_before_duration is not None:
198
214
  pulumi.set(__self__, "not_before_duration", not_before_duration)
199
215
  if organization_unit is not None:
@@ -210,8 +226,12 @@ class SecretBackendRoleArgs:
210
226
  pulumi.set(__self__, "provinces", provinces)
211
227
  if require_cn is not None:
212
228
  pulumi.set(__self__, "require_cn", require_cn)
229
+ if serial_number_source is not None:
230
+ pulumi.set(__self__, "serial_number_source", serial_number_source)
213
231
  if server_flag is not None:
214
232
  pulumi.set(__self__, "server_flag", server_flag)
233
+ if signature_bits is not None:
234
+ pulumi.set(__self__, "signature_bits", signature_bits)
215
235
  if street_addresses is not None:
216
236
  pulumi.set(__self__, "street_addresses", street_addresses)
217
237
  if ttl is not None:
@@ -220,6 +240,8 @@ class SecretBackendRoleArgs:
220
240
  pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
221
241
  if use_csr_sans is not None:
222
242
  pulumi.set(__self__, "use_csr_sans", use_csr_sans)
243
+ if use_pss is not None:
244
+ pulumi.set(__self__, "use_pss", use_pss)
223
245
 
224
246
  @property
225
247
  @pulumi.getter
@@ -638,6 +660,30 @@ class SecretBackendRoleArgs:
638
660
  def no_store(self, value: Optional[pulumi.Input[bool]]):
639
661
  pulumi.set(self, "no_store", value)
640
662
 
663
+ @property
664
+ @pulumi.getter(name="noStoreMetadata")
665
+ def no_store_metadata(self) -> Optional[pulumi.Input[bool]]:
666
+ """
667
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
668
+ """
669
+ return pulumi.get(self, "no_store_metadata")
670
+
671
+ @no_store_metadata.setter
672
+ def no_store_metadata(self, value: Optional[pulumi.Input[bool]]):
673
+ pulumi.set(self, "no_store_metadata", value)
674
+
675
+ @property
676
+ @pulumi.getter(name="notAfter")
677
+ def not_after(self) -> Optional[pulumi.Input[str]]:
678
+ """
679
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
680
+ """
681
+ return pulumi.get(self, "not_after")
682
+
683
+ @not_after.setter
684
+ def not_after(self, value: Optional[pulumi.Input[str]]):
685
+ pulumi.set(self, "not_after", value)
686
+
641
687
  @property
642
688
  @pulumi.getter(name="notBeforeDuration")
643
689
  def not_before_duration(self) -> Optional[pulumi.Input[str]]:
@@ -734,6 +780,20 @@ class SecretBackendRoleArgs:
734
780
  def require_cn(self, value: Optional[pulumi.Input[bool]]):
735
781
  pulumi.set(self, "require_cn", value)
736
782
 
783
+ @property
784
+ @pulumi.getter(name="serialNumberSource")
785
+ def serial_number_source(self) -> Optional[pulumi.Input[str]]:
786
+ """
787
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
788
+
789
+ Example usage:
790
+ """
791
+ return pulumi.get(self, "serial_number_source")
792
+
793
+ @serial_number_source.setter
794
+ def serial_number_source(self, value: Optional[pulumi.Input[str]]):
795
+ pulumi.set(self, "serial_number_source", value)
796
+
737
797
  @property
738
798
  @pulumi.getter(name="serverFlag")
739
799
  def server_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -746,6 +806,18 @@ class SecretBackendRoleArgs:
746
806
  def server_flag(self, value: Optional[pulumi.Input[bool]]):
747
807
  pulumi.set(self, "server_flag", value)
748
808
 
809
+ @property
810
+ @pulumi.getter(name="signatureBits")
811
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
812
+ """
813
+ The number of bits to use in the signature algorithm
814
+ """
815
+ return pulumi.get(self, "signature_bits")
816
+
817
+ @signature_bits.setter
818
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
819
+ pulumi.set(self, "signature_bits", value)
820
+
749
821
  @property
750
822
  @pulumi.getter(name="streetAddresses")
751
823
  def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -794,6 +866,18 @@ class SecretBackendRoleArgs:
794
866
  def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
795
867
  pulumi.set(self, "use_csr_sans", value)
796
868
 
869
+ @property
870
+ @pulumi.getter(name="usePss")
871
+ def use_pss(self) -> Optional[pulumi.Input[bool]]:
872
+ """
873
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
874
+ """
875
+ return pulumi.get(self, "use_pss")
876
+
877
+ @use_pss.setter
878
+ def use_pss(self, value: Optional[pulumi.Input[bool]]):
879
+ pulumi.set(self, "use_pss", value)
880
+
797
881
 
798
882
  @pulumi.input_type
799
883
  class _SecretBackendRoleState:
@@ -832,6 +916,8 @@ class _SecretBackendRoleState:
832
916
  name: Optional[pulumi.Input[str]] = None,
833
917
  namespace: Optional[pulumi.Input[str]] = None,
834
918
  no_store: Optional[pulumi.Input[bool]] = None,
919
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
920
+ not_after: Optional[pulumi.Input[str]] = None,
835
921
  not_before_duration: Optional[pulumi.Input[str]] = None,
836
922
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
837
923
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -840,11 +926,14 @@ class _SecretBackendRoleState:
840
926
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
841
927
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
842
928
  require_cn: Optional[pulumi.Input[bool]] = None,
929
+ serial_number_source: Optional[pulumi.Input[str]] = None,
843
930
  server_flag: Optional[pulumi.Input[bool]] = None,
931
+ signature_bits: Optional[pulumi.Input[int]] = None,
844
932
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
845
933
  ttl: Optional[pulumi.Input[str]] = None,
846
934
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
847
- use_csr_sans: Optional[pulumi.Input[bool]] = None):
935
+ use_csr_sans: Optional[pulumi.Input[bool]] = None,
936
+ use_pss: Optional[pulumi.Input[bool]] = None):
848
937
  """
849
938
  Input properties used for looking up and filtering SecretBackendRole resources.
850
939
  :param pulumi.Input[bool] allow_any_name: Flag to allow any name
@@ -890,6 +979,8 @@ class _SecretBackendRoleState:
890
979
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
891
980
  *Available only for Vault Enterprise*.
892
981
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
982
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
983
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
893
984
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
894
985
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
895
986
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -898,11 +989,16 @@ class _SecretBackendRoleState:
898
989
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
899
990
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
900
991
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
992
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
993
+
994
+ Example usage:
901
995
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
996
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
902
997
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
903
998
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
904
999
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
905
1000
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
1001
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
906
1002
  """
907
1003
  if allow_any_name is not None:
908
1004
  pulumi.set(__self__, "allow_any_name", allow_any_name)
@@ -972,6 +1068,10 @@ class _SecretBackendRoleState:
972
1068
  pulumi.set(__self__, "namespace", namespace)
973
1069
  if no_store is not None:
974
1070
  pulumi.set(__self__, "no_store", no_store)
1071
+ if no_store_metadata is not None:
1072
+ pulumi.set(__self__, "no_store_metadata", no_store_metadata)
1073
+ if not_after is not None:
1074
+ pulumi.set(__self__, "not_after", not_after)
975
1075
  if not_before_duration is not None:
976
1076
  pulumi.set(__self__, "not_before_duration", not_before_duration)
977
1077
  if organization_unit is not None:
@@ -988,8 +1088,12 @@ class _SecretBackendRoleState:
988
1088
  pulumi.set(__self__, "provinces", provinces)
989
1089
  if require_cn is not None:
990
1090
  pulumi.set(__self__, "require_cn", require_cn)
1091
+ if serial_number_source is not None:
1092
+ pulumi.set(__self__, "serial_number_source", serial_number_source)
991
1093
  if server_flag is not None:
992
1094
  pulumi.set(__self__, "server_flag", server_flag)
1095
+ if signature_bits is not None:
1096
+ pulumi.set(__self__, "signature_bits", signature_bits)
993
1097
  if street_addresses is not None:
994
1098
  pulumi.set(__self__, "street_addresses", street_addresses)
995
1099
  if ttl is not None:
@@ -998,6 +1102,8 @@ class _SecretBackendRoleState:
998
1102
  pulumi.set(__self__, "use_csr_common_name", use_csr_common_name)
999
1103
  if use_csr_sans is not None:
1000
1104
  pulumi.set(__self__, "use_csr_sans", use_csr_sans)
1105
+ if use_pss is not None:
1106
+ pulumi.set(__self__, "use_pss", use_pss)
1001
1107
 
1002
1108
  @property
1003
1109
  @pulumi.getter(name="allowAnyName")
@@ -1416,6 +1522,30 @@ class _SecretBackendRoleState:
1416
1522
  def no_store(self, value: Optional[pulumi.Input[bool]]):
1417
1523
  pulumi.set(self, "no_store", value)
1418
1524
 
1525
+ @property
1526
+ @pulumi.getter(name="noStoreMetadata")
1527
+ def no_store_metadata(self) -> Optional[pulumi.Input[bool]]:
1528
+ """
1529
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
1530
+ """
1531
+ return pulumi.get(self, "no_store_metadata")
1532
+
1533
+ @no_store_metadata.setter
1534
+ def no_store_metadata(self, value: Optional[pulumi.Input[bool]]):
1535
+ pulumi.set(self, "no_store_metadata", value)
1536
+
1537
+ @property
1538
+ @pulumi.getter(name="notAfter")
1539
+ def not_after(self) -> Optional[pulumi.Input[str]]:
1540
+ """
1541
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1542
+ """
1543
+ return pulumi.get(self, "not_after")
1544
+
1545
+ @not_after.setter
1546
+ def not_after(self, value: Optional[pulumi.Input[str]]):
1547
+ pulumi.set(self, "not_after", value)
1548
+
1419
1549
  @property
1420
1550
  @pulumi.getter(name="notBeforeDuration")
1421
1551
  def not_before_duration(self) -> Optional[pulumi.Input[str]]:
@@ -1512,6 +1642,20 @@ class _SecretBackendRoleState:
1512
1642
  def require_cn(self, value: Optional[pulumi.Input[bool]]):
1513
1643
  pulumi.set(self, "require_cn", value)
1514
1644
 
1645
+ @property
1646
+ @pulumi.getter(name="serialNumberSource")
1647
+ def serial_number_source(self) -> Optional[pulumi.Input[str]]:
1648
+ """
1649
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
1650
+
1651
+ Example usage:
1652
+ """
1653
+ return pulumi.get(self, "serial_number_source")
1654
+
1655
+ @serial_number_source.setter
1656
+ def serial_number_source(self, value: Optional[pulumi.Input[str]]):
1657
+ pulumi.set(self, "serial_number_source", value)
1658
+
1515
1659
  @property
1516
1660
  @pulumi.getter(name="serverFlag")
1517
1661
  def server_flag(self) -> Optional[pulumi.Input[bool]]:
@@ -1524,6 +1668,18 @@ class _SecretBackendRoleState:
1524
1668
  def server_flag(self, value: Optional[pulumi.Input[bool]]):
1525
1669
  pulumi.set(self, "server_flag", value)
1526
1670
 
1671
+ @property
1672
+ @pulumi.getter(name="signatureBits")
1673
+ def signature_bits(self) -> Optional[pulumi.Input[int]]:
1674
+ """
1675
+ The number of bits to use in the signature algorithm
1676
+ """
1677
+ return pulumi.get(self, "signature_bits")
1678
+
1679
+ @signature_bits.setter
1680
+ def signature_bits(self, value: Optional[pulumi.Input[int]]):
1681
+ pulumi.set(self, "signature_bits", value)
1682
+
1527
1683
  @property
1528
1684
  @pulumi.getter(name="streetAddresses")
1529
1685
  def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -1572,6 +1728,18 @@ class _SecretBackendRoleState:
1572
1728
  def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
1573
1729
  pulumi.set(self, "use_csr_sans", value)
1574
1730
 
1731
+ @property
1732
+ @pulumi.getter(name="usePss")
1733
+ def use_pss(self) -> Optional[pulumi.Input[bool]]:
1734
+ """
1735
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1736
+ """
1737
+ return pulumi.get(self, "use_pss")
1738
+
1739
+ @use_pss.setter
1740
+ def use_pss(self, value: Optional[pulumi.Input[bool]]):
1741
+ pulumi.set(self, "use_pss", value)
1742
+
1575
1743
 
1576
1744
  class SecretBackendRole(pulumi.CustomResource):
1577
1745
  @overload
@@ -1612,6 +1780,8 @@ class SecretBackendRole(pulumi.CustomResource):
1612
1780
  name: Optional[pulumi.Input[str]] = None,
1613
1781
  namespace: Optional[pulumi.Input[str]] = None,
1614
1782
  no_store: Optional[pulumi.Input[bool]] = None,
1783
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
1784
+ not_after: Optional[pulumi.Input[str]] = None,
1615
1785
  not_before_duration: Optional[pulumi.Input[str]] = None,
1616
1786
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1617
1787
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1620,11 +1790,14 @@ class SecretBackendRole(pulumi.CustomResource):
1620
1790
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1621
1791
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1622
1792
  require_cn: Optional[pulumi.Input[bool]] = None,
1793
+ serial_number_source: Optional[pulumi.Input[str]] = None,
1623
1794
  server_flag: Optional[pulumi.Input[bool]] = None,
1795
+ signature_bits: Optional[pulumi.Input[int]] = None,
1624
1796
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1625
1797
  ttl: Optional[pulumi.Input[str]] = None,
1626
1798
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1627
1799
  use_csr_sans: Optional[pulumi.Input[bool]] = None,
1800
+ use_pss: Optional[pulumi.Input[bool]] = None,
1628
1801
  __props__=None):
1629
1802
  """
1630
1803
  Creates a role on an PKI Secret Backend for Vault.
@@ -1707,6 +1880,8 @@ class SecretBackendRole(pulumi.CustomResource):
1707
1880
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1708
1881
  *Available only for Vault Enterprise*.
1709
1882
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
1883
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
1884
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1710
1885
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1711
1886
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
1712
1887
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -1715,11 +1890,16 @@ class SecretBackendRole(pulumi.CustomResource):
1715
1890
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
1716
1891
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
1717
1892
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
1893
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
1894
+
1895
+ Example usage:
1718
1896
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
1897
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
1719
1898
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
1720
1899
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
1721
1900
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
1722
1901
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
1902
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
1723
1903
  """
1724
1904
  ...
1725
1905
  @overload
@@ -1812,6 +1992,8 @@ class SecretBackendRole(pulumi.CustomResource):
1812
1992
  name: Optional[pulumi.Input[str]] = None,
1813
1993
  namespace: Optional[pulumi.Input[str]] = None,
1814
1994
  no_store: Optional[pulumi.Input[bool]] = None,
1995
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
1996
+ not_after: Optional[pulumi.Input[str]] = None,
1815
1997
  not_before_duration: Optional[pulumi.Input[str]] = None,
1816
1998
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1817
1999
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1820,11 +2002,14 @@ class SecretBackendRole(pulumi.CustomResource):
1820
2002
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1821
2003
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1822
2004
  require_cn: Optional[pulumi.Input[bool]] = None,
2005
+ serial_number_source: Optional[pulumi.Input[str]] = None,
1823
2006
  server_flag: Optional[pulumi.Input[bool]] = None,
2007
+ signature_bits: Optional[pulumi.Input[int]] = None,
1824
2008
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1825
2009
  ttl: Optional[pulumi.Input[str]] = None,
1826
2010
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1827
2011
  use_csr_sans: Optional[pulumi.Input[bool]] = None,
2012
+ use_pss: Optional[pulumi.Input[bool]] = None,
1828
2013
  __props__=None):
1829
2014
  opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
1830
2015
  if not isinstance(opts, pulumi.ResourceOptions):
@@ -1870,6 +2055,8 @@ class SecretBackendRole(pulumi.CustomResource):
1870
2055
  __props__.__dict__["name"] = name
1871
2056
  __props__.__dict__["namespace"] = namespace
1872
2057
  __props__.__dict__["no_store"] = no_store
2058
+ __props__.__dict__["no_store_metadata"] = no_store_metadata
2059
+ __props__.__dict__["not_after"] = not_after
1873
2060
  __props__.__dict__["not_before_duration"] = not_before_duration
1874
2061
  __props__.__dict__["organization_unit"] = organization_unit
1875
2062
  __props__.__dict__["organizations"] = organizations
@@ -1878,11 +2065,14 @@ class SecretBackendRole(pulumi.CustomResource):
1878
2065
  __props__.__dict__["postal_codes"] = postal_codes
1879
2066
  __props__.__dict__["provinces"] = provinces
1880
2067
  __props__.__dict__["require_cn"] = require_cn
2068
+ __props__.__dict__["serial_number_source"] = serial_number_source
1881
2069
  __props__.__dict__["server_flag"] = server_flag
2070
+ __props__.__dict__["signature_bits"] = signature_bits
1882
2071
  __props__.__dict__["street_addresses"] = street_addresses
1883
2072
  __props__.__dict__["ttl"] = ttl
1884
2073
  __props__.__dict__["use_csr_common_name"] = use_csr_common_name
1885
2074
  __props__.__dict__["use_csr_sans"] = use_csr_sans
2075
+ __props__.__dict__["use_pss"] = use_pss
1886
2076
  super(SecretBackendRole, __self__).__init__(
1887
2077
  'vault:pkiSecret/secretBackendRole:SecretBackendRole',
1888
2078
  resource_name,
@@ -1927,6 +2117,8 @@ class SecretBackendRole(pulumi.CustomResource):
1927
2117
  name: Optional[pulumi.Input[str]] = None,
1928
2118
  namespace: Optional[pulumi.Input[str]] = None,
1929
2119
  no_store: Optional[pulumi.Input[bool]] = None,
2120
+ no_store_metadata: Optional[pulumi.Input[bool]] = None,
2121
+ not_after: Optional[pulumi.Input[str]] = None,
1930
2122
  not_before_duration: Optional[pulumi.Input[str]] = None,
1931
2123
  organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1932
2124
  organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -1935,11 +2127,14 @@ class SecretBackendRole(pulumi.CustomResource):
1935
2127
  postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1936
2128
  provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1937
2129
  require_cn: Optional[pulumi.Input[bool]] = None,
2130
+ serial_number_source: Optional[pulumi.Input[str]] = None,
1938
2131
  server_flag: Optional[pulumi.Input[bool]] = None,
2132
+ signature_bits: Optional[pulumi.Input[int]] = None,
1939
2133
  street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
1940
2134
  ttl: Optional[pulumi.Input[str]] = None,
1941
2135
  use_csr_common_name: Optional[pulumi.Input[bool]] = None,
1942
- use_csr_sans: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRole':
2136
+ use_csr_sans: Optional[pulumi.Input[bool]] = None,
2137
+ use_pss: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRole':
1943
2138
  """
1944
2139
  Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
1945
2140
  properties used to qualify the lookup.
@@ -1990,6 +2185,8 @@ class SecretBackendRole(pulumi.CustomResource):
1990
2185
  The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
1991
2186
  *Available only for Vault Enterprise*.
1992
2187
  :param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
2188
+ :param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
2189
+ :param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
1993
2190
  :param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
1994
2191
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
1995
2192
  :param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
@@ -1998,11 +2195,16 @@ class SecretBackendRole(pulumi.CustomResource):
1998
2195
  :param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
1999
2196
  :param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
2000
2197
  :param pulumi.Input[bool] require_cn: Flag to force CN usage
2198
+ :param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
2199
+
2200
+ Example usage:
2001
2201
  :param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
2202
+ :param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
2002
2203
  :param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
2003
2204
  :param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
2004
2205
  :param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
2005
2206
  :param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
2207
+ :param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
2006
2208
  """
2007
2209
  opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
2008
2210
 
@@ -2042,6 +2244,8 @@ class SecretBackendRole(pulumi.CustomResource):
2042
2244
  __props__.__dict__["name"] = name
2043
2245
  __props__.__dict__["namespace"] = namespace
2044
2246
  __props__.__dict__["no_store"] = no_store
2247
+ __props__.__dict__["no_store_metadata"] = no_store_metadata
2248
+ __props__.__dict__["not_after"] = not_after
2045
2249
  __props__.__dict__["not_before_duration"] = not_before_duration
2046
2250
  __props__.__dict__["organization_unit"] = organization_unit
2047
2251
  __props__.__dict__["organizations"] = organizations
@@ -2050,11 +2254,14 @@ class SecretBackendRole(pulumi.CustomResource):
2050
2254
  __props__.__dict__["postal_codes"] = postal_codes
2051
2255
  __props__.__dict__["provinces"] = provinces
2052
2256
  __props__.__dict__["require_cn"] = require_cn
2257
+ __props__.__dict__["serial_number_source"] = serial_number_source
2053
2258
  __props__.__dict__["server_flag"] = server_flag
2259
+ __props__.__dict__["signature_bits"] = signature_bits
2054
2260
  __props__.__dict__["street_addresses"] = street_addresses
2055
2261
  __props__.__dict__["ttl"] = ttl
2056
2262
  __props__.__dict__["use_csr_common_name"] = use_csr_common_name
2057
2263
  __props__.__dict__["use_csr_sans"] = use_csr_sans
2264
+ __props__.__dict__["use_pss"] = use_pss
2058
2265
  return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
2059
2266
 
2060
2267
  @property
@@ -2338,6 +2545,22 @@ class SecretBackendRole(pulumi.CustomResource):
2338
2545
  """
2339
2546
  return pulumi.get(self, "no_store")
2340
2547
 
2548
+ @property
2549
+ @pulumi.getter(name="noStoreMetadata")
2550
+ def no_store_metadata(self) -> pulumi.Output[Optional[bool]]:
2551
+ """
2552
+ Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
2553
+ """
2554
+ return pulumi.get(self, "no_store_metadata")
2555
+
2556
+ @property
2557
+ @pulumi.getter(name="notAfter")
2558
+ def not_after(self) -> pulumi.Output[Optional[str]]:
2559
+ """
2560
+ Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
2561
+ """
2562
+ return pulumi.get(self, "not_after")
2563
+
2341
2564
  @property
2342
2565
  @pulumi.getter(name="notBeforeDuration")
2343
2566
  def not_before_duration(self) -> pulumi.Output[str]:
@@ -2402,6 +2625,16 @@ class SecretBackendRole(pulumi.CustomResource):
2402
2625
  """
2403
2626
  return pulumi.get(self, "require_cn")
2404
2627
 
2628
+ @property
2629
+ @pulumi.getter(name="serialNumberSource")
2630
+ def serial_number_source(self) -> pulumi.Output[str]:
2631
+ """
2632
+ Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
2633
+
2634
+ Example usage:
2635
+ """
2636
+ return pulumi.get(self, "serial_number_source")
2637
+
2405
2638
  @property
2406
2639
  @pulumi.getter(name="serverFlag")
2407
2640
  def server_flag(self) -> pulumi.Output[Optional[bool]]:
@@ -2410,6 +2643,14 @@ class SecretBackendRole(pulumi.CustomResource):
2410
2643
  """
2411
2644
  return pulumi.get(self, "server_flag")
2412
2645
 
2646
+ @property
2647
+ @pulumi.getter(name="signatureBits")
2648
+ def signature_bits(self) -> pulumi.Output[int]:
2649
+ """
2650
+ The number of bits to use in the signature algorithm
2651
+ """
2652
+ return pulumi.get(self, "signature_bits")
2653
+
2413
2654
  @property
2414
2655
  @pulumi.getter(name="streetAddresses")
2415
2656
  def street_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -2442,3 +2683,11 @@ class SecretBackendRole(pulumi.CustomResource):
2442
2683
  """
2443
2684
  return pulumi.get(self, "use_csr_sans")
2444
2685
 
2686
+ @property
2687
+ @pulumi.getter(name="usePss")
2688
+ def use_pss(self) -> pulumi.Output[Optional[bool]]:
2689
+ """
2690
+ Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
2691
+ """
2692
+ return pulumi.get(self, "use_pss")
2693
+