pulumi-vault 6.6.0a1741836364__py3-none-any.whl → 6.7.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +583 -562
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +188 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +68 -18
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +73 -60
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/METADATA +2 -2
- pulumi_vault-6.7.0.dist-info/RECORD +265 -0
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/WHEEL +1 -1
- pulumi_vault-6.6.0a1741836364.dist-info/RECORD +0 -265
- {pulumi_vault-6.6.0a1741836364.dist-info → pulumi_vault-6.7.0.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,123 +22,123 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class SecretBackendRoleArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
backend: pulumi.Input[str],
|
25
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
26
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
27
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
28
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
29
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
30
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
31
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
32
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
33
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
34
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
35
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
36
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
37
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
38
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
39
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
40
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
41
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
42
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
43
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
44
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
45
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
46
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
47
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
48
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
49
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
50
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
51
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
52
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
53
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
54
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
55
|
-
name: Optional[pulumi.Input[str]] = None,
|
56
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
57
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
58
|
-
no_store_metadata: Optional[pulumi.Input[bool]] = None,
|
59
|
-
not_after: Optional[pulumi.Input[str]] = None,
|
60
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
61
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
62
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
+
backend: pulumi.Input[builtins.str],
|
26
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
27
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
28
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
34
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
35
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
36
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
37
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
38
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
39
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
40
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
42
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
43
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
44
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
45
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
46
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
47
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
48
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
49
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
50
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
51
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
52
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
53
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
54
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
55
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
56
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
57
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
58
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
59
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
60
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
61
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
62
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
63
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
63
64
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
|
64
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
65
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
66
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
67
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
68
|
-
serial_number_source: Optional[pulumi.Input[str]] = None,
|
69
|
-
server_flag: Optional[pulumi.Input[bool]] = None,
|
70
|
-
signature_bits: Optional[pulumi.Input[int]] = None,
|
71
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
72
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
73
|
-
use_csr_common_name: Optional[pulumi.Input[bool]] = None,
|
74
|
-
use_csr_sans: Optional[pulumi.Input[bool]] = None,
|
75
|
-
use_pss: Optional[pulumi.Input[bool]] = None):
|
65
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
66
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
67
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
68
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
69
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
70
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
71
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
72
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
73
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
74
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
75
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
76
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None):
|
76
77
|
"""
|
77
78
|
The set of arguments for constructing a SecretBackendRole resource.
|
78
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
79
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
80
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
81
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
82
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
83
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
84
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
85
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
86
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
87
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
88
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
89
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
90
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
91
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
92
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
93
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
94
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
95
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
96
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
97
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
98
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
99
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
100
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
101
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
102
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
103
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
79
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
80
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
81
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
82
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
83
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
84
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
85
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
86
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
87
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
88
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
89
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
90
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
91
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
92
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
93
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
94
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
95
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
96
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
97
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
98
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
99
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
100
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
101
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
102
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
103
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
104
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
104
105
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
105
106
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
106
107
|
overriding the role's `issuer_ref` value.
|
107
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
108
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
108
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
109
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
109
110
|
Defaults to `rsa`
|
110
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
111
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
111
112
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
112
113
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
113
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
114
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
115
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
116
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
114
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
115
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
116
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
117
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
117
118
|
The value should not contain leading or trailing forward slashes.
|
118
119
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
119
120
|
*Available only for Vault Enterprise*.
|
120
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
121
|
-
:param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
122
|
-
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
123
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
124
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
|
125
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
|
121
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
122
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
123
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
124
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
125
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
126
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
126
127
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
127
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
128
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
129
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
130
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
131
|
-
:param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
128
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
129
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
130
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
131
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
132
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
132
133
|
|
133
134
|
Example usage:
|
134
|
-
:param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
|
135
|
-
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
136
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
|
137
|
-
:param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
138
|
-
:param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
|
139
|
-
:param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
|
140
|
-
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
135
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
136
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
137
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
138
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
139
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
140
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
141
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
141
142
|
"""
|
142
143
|
pulumi.set(__self__, "backend", backend)
|
143
144
|
if allow_any_name is not None:
|
@@ -245,307 +246,307 @@ class SecretBackendRoleArgs:
|
|
245
246
|
|
246
247
|
@property
|
247
248
|
@pulumi.getter
|
248
|
-
def backend(self) -> pulumi.Input[str]:
|
249
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
249
250
|
"""
|
250
251
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
251
252
|
"""
|
252
253
|
return pulumi.get(self, "backend")
|
253
254
|
|
254
255
|
@backend.setter
|
255
|
-
def backend(self, value: pulumi.Input[str]):
|
256
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
256
257
|
pulumi.set(self, "backend", value)
|
257
258
|
|
258
259
|
@property
|
259
260
|
@pulumi.getter(name="allowAnyName")
|
260
|
-
def allow_any_name(self) -> Optional[pulumi.Input[bool]]:
|
261
|
+
def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
261
262
|
"""
|
262
263
|
Flag to allow any name
|
263
264
|
"""
|
264
265
|
return pulumi.get(self, "allow_any_name")
|
265
266
|
|
266
267
|
@allow_any_name.setter
|
267
|
-
def allow_any_name(self, value: Optional[pulumi.Input[bool]]):
|
268
|
+
def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
268
269
|
pulumi.set(self, "allow_any_name", value)
|
269
270
|
|
270
271
|
@property
|
271
272
|
@pulumi.getter(name="allowBareDomains")
|
272
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
|
273
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
273
274
|
"""
|
274
275
|
Flag to allow certificates matching the actual domain
|
275
276
|
"""
|
276
277
|
return pulumi.get(self, "allow_bare_domains")
|
277
278
|
|
278
279
|
@allow_bare_domains.setter
|
279
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
280
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
280
281
|
pulumi.set(self, "allow_bare_domains", value)
|
281
282
|
|
282
283
|
@property
|
283
284
|
@pulumi.getter(name="allowGlobDomains")
|
284
|
-
def allow_glob_domains(self) -> Optional[pulumi.Input[bool]]:
|
285
|
+
def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
285
286
|
"""
|
286
287
|
Flag to allow names containing glob patterns.
|
287
288
|
"""
|
288
289
|
return pulumi.get(self, "allow_glob_domains")
|
289
290
|
|
290
291
|
@allow_glob_domains.setter
|
291
|
-
def allow_glob_domains(self, value: Optional[pulumi.Input[bool]]):
|
292
|
+
def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
292
293
|
pulumi.set(self, "allow_glob_domains", value)
|
293
294
|
|
294
295
|
@property
|
295
296
|
@pulumi.getter(name="allowIpSans")
|
296
|
-
def allow_ip_sans(self) -> Optional[pulumi.Input[bool]]:
|
297
|
+
def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
297
298
|
"""
|
298
299
|
Flag to allow IP SANs
|
299
300
|
"""
|
300
301
|
return pulumi.get(self, "allow_ip_sans")
|
301
302
|
|
302
303
|
@allow_ip_sans.setter
|
303
|
-
def allow_ip_sans(self, value: Optional[pulumi.Input[bool]]):
|
304
|
+
def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
304
305
|
pulumi.set(self, "allow_ip_sans", value)
|
305
306
|
|
306
307
|
@property
|
307
308
|
@pulumi.getter(name="allowLocalhost")
|
308
|
-
def allow_localhost(self) -> Optional[pulumi.Input[bool]]:
|
309
|
+
def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
|
309
310
|
"""
|
310
311
|
Flag to allow certificates for localhost
|
311
312
|
"""
|
312
313
|
return pulumi.get(self, "allow_localhost")
|
313
314
|
|
314
315
|
@allow_localhost.setter
|
315
|
-
def allow_localhost(self, value: Optional[pulumi.Input[bool]]):
|
316
|
+
def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
|
316
317
|
pulumi.set(self, "allow_localhost", value)
|
317
318
|
|
318
319
|
@property
|
319
320
|
@pulumi.getter(name="allowSubdomains")
|
320
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
|
321
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
321
322
|
"""
|
322
323
|
Flag to allow certificates matching subdomains
|
323
324
|
"""
|
324
325
|
return pulumi.get(self, "allow_subdomains")
|
325
326
|
|
326
327
|
@allow_subdomains.setter
|
327
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
|
328
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
328
329
|
pulumi.set(self, "allow_subdomains", value)
|
329
330
|
|
330
331
|
@property
|
331
332
|
@pulumi.getter(name="allowWildcardCertificates")
|
332
|
-
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[bool]]:
|
333
|
+
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
333
334
|
"""
|
334
335
|
Flag to allow wildcard certificates.
|
335
336
|
"""
|
336
337
|
return pulumi.get(self, "allow_wildcard_certificates")
|
337
338
|
|
338
339
|
@allow_wildcard_certificates.setter
|
339
|
-
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[bool]]):
|
340
|
+
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
340
341
|
pulumi.set(self, "allow_wildcard_certificates", value)
|
341
342
|
|
342
343
|
@property
|
343
344
|
@pulumi.getter(name="allowedDomains")
|
344
|
-
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
345
|
+
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
345
346
|
"""
|
346
347
|
List of allowed domains for certificates
|
347
348
|
"""
|
348
349
|
return pulumi.get(self, "allowed_domains")
|
349
350
|
|
350
351
|
@allowed_domains.setter
|
351
|
-
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
352
|
+
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
352
353
|
pulumi.set(self, "allowed_domains", value)
|
353
354
|
|
354
355
|
@property
|
355
356
|
@pulumi.getter(name="allowedDomainsTemplate")
|
356
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
|
357
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
357
358
|
"""
|
358
359
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
359
360
|
"""
|
360
361
|
return pulumi.get(self, "allowed_domains_template")
|
361
362
|
|
362
363
|
@allowed_domains_template.setter
|
363
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
|
364
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
364
365
|
pulumi.set(self, "allowed_domains_template", value)
|
365
366
|
|
366
367
|
@property
|
367
368
|
@pulumi.getter(name="allowedOtherSans")
|
368
|
-
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
369
|
+
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
369
370
|
"""
|
370
371
|
Defines allowed custom SANs
|
371
372
|
"""
|
372
373
|
return pulumi.get(self, "allowed_other_sans")
|
373
374
|
|
374
375
|
@allowed_other_sans.setter
|
375
|
-
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
376
|
+
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
376
377
|
pulumi.set(self, "allowed_other_sans", value)
|
377
378
|
|
378
379
|
@property
|
379
380
|
@pulumi.getter(name="allowedSerialNumbers")
|
380
|
-
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
381
|
+
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
381
382
|
"""
|
382
383
|
An array of allowed serial numbers to put in Subject
|
383
384
|
"""
|
384
385
|
return pulumi.get(self, "allowed_serial_numbers")
|
385
386
|
|
386
387
|
@allowed_serial_numbers.setter
|
387
|
-
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
388
|
+
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
388
389
|
pulumi.set(self, "allowed_serial_numbers", value)
|
389
390
|
|
390
391
|
@property
|
391
392
|
@pulumi.getter(name="allowedUriSans")
|
392
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
393
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
393
394
|
"""
|
394
395
|
Defines allowed URI SANs
|
395
396
|
"""
|
396
397
|
return pulumi.get(self, "allowed_uri_sans")
|
397
398
|
|
398
399
|
@allowed_uri_sans.setter
|
399
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
400
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
400
401
|
pulumi.set(self, "allowed_uri_sans", value)
|
401
402
|
|
402
403
|
@property
|
403
404
|
@pulumi.getter(name="allowedUriSansTemplate")
|
404
|
-
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[bool]]:
|
405
|
+
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
405
406
|
"""
|
406
407
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
407
408
|
"""
|
408
409
|
return pulumi.get(self, "allowed_uri_sans_template")
|
409
410
|
|
410
411
|
@allowed_uri_sans_template.setter
|
411
|
-
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[bool]]):
|
412
|
+
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
412
413
|
pulumi.set(self, "allowed_uri_sans_template", value)
|
413
414
|
|
414
415
|
@property
|
415
416
|
@pulumi.getter(name="allowedUserIds")
|
416
|
-
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
417
|
+
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
417
418
|
"""
|
418
419
|
Defines allowed User IDs
|
419
420
|
"""
|
420
421
|
return pulumi.get(self, "allowed_user_ids")
|
421
422
|
|
422
423
|
@allowed_user_ids.setter
|
423
|
-
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
424
|
+
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
424
425
|
pulumi.set(self, "allowed_user_ids", value)
|
425
426
|
|
426
427
|
@property
|
427
428
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
428
|
-
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[bool]]:
|
429
|
+
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
|
429
430
|
"""
|
430
431
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
431
432
|
"""
|
432
433
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
433
434
|
|
434
435
|
@basic_constraints_valid_for_non_ca.setter
|
435
|
-
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[bool]]):
|
436
|
+
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
|
436
437
|
pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
|
437
438
|
|
438
439
|
@property
|
439
440
|
@pulumi.getter(name="clientFlag")
|
440
|
-
def client_flag(self) -> Optional[pulumi.Input[bool]]:
|
441
|
+
def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
441
442
|
"""
|
442
443
|
Flag to specify certificates for client use
|
443
444
|
"""
|
444
445
|
return pulumi.get(self, "client_flag")
|
445
446
|
|
446
447
|
@client_flag.setter
|
447
|
-
def client_flag(self, value: Optional[pulumi.Input[bool]]):
|
448
|
+
def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
448
449
|
pulumi.set(self, "client_flag", value)
|
449
450
|
|
450
451
|
@property
|
451
452
|
@pulumi.getter(name="cnValidations")
|
452
|
-
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
453
|
+
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
453
454
|
"""
|
454
455
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
455
456
|
"""
|
456
457
|
return pulumi.get(self, "cn_validations")
|
457
458
|
|
458
459
|
@cn_validations.setter
|
459
|
-
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
460
|
+
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
460
461
|
pulumi.set(self, "cn_validations", value)
|
461
462
|
|
462
463
|
@property
|
463
464
|
@pulumi.getter(name="codeSigningFlag")
|
464
|
-
def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
|
465
|
+
def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
465
466
|
"""
|
466
467
|
Flag to specify certificates for code signing use
|
467
468
|
"""
|
468
469
|
return pulumi.get(self, "code_signing_flag")
|
469
470
|
|
470
471
|
@code_signing_flag.setter
|
471
|
-
def code_signing_flag(self, value: Optional[pulumi.Input[bool]]):
|
472
|
+
def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
472
473
|
pulumi.set(self, "code_signing_flag", value)
|
473
474
|
|
474
475
|
@property
|
475
476
|
@pulumi.getter
|
476
|
-
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
477
|
+
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
477
478
|
"""
|
478
479
|
The country of generated certificates
|
479
480
|
"""
|
480
481
|
return pulumi.get(self, "countries")
|
481
482
|
|
482
483
|
@countries.setter
|
483
|
-
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
484
|
+
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
484
485
|
pulumi.set(self, "countries", value)
|
485
486
|
|
486
487
|
@property
|
487
488
|
@pulumi.getter(name="emailProtectionFlag")
|
488
|
-
def email_protection_flag(self) -> Optional[pulumi.Input[bool]]:
|
489
|
+
def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
489
490
|
"""
|
490
491
|
Flag to specify certificates for email protection use
|
491
492
|
"""
|
492
493
|
return pulumi.get(self, "email_protection_flag")
|
493
494
|
|
494
495
|
@email_protection_flag.setter
|
495
|
-
def email_protection_flag(self, value: Optional[pulumi.Input[bool]]):
|
496
|
+
def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
496
497
|
pulumi.set(self, "email_protection_flag", value)
|
497
498
|
|
498
499
|
@property
|
499
500
|
@pulumi.getter(name="enforceHostnames")
|
500
|
-
def enforce_hostnames(self) -> Optional[pulumi.Input[bool]]:
|
501
|
+
def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
|
501
502
|
"""
|
502
503
|
Flag to allow only valid host names
|
503
504
|
"""
|
504
505
|
return pulumi.get(self, "enforce_hostnames")
|
505
506
|
|
506
507
|
@enforce_hostnames.setter
|
507
|
-
def enforce_hostnames(self, value: Optional[pulumi.Input[bool]]):
|
508
|
+
def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
|
508
509
|
pulumi.set(self, "enforce_hostnames", value)
|
509
510
|
|
510
511
|
@property
|
511
512
|
@pulumi.getter(name="extKeyUsageOids")
|
512
|
-
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
513
|
+
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
513
514
|
"""
|
514
515
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
515
516
|
"""
|
516
517
|
return pulumi.get(self, "ext_key_usage_oids")
|
517
518
|
|
518
519
|
@ext_key_usage_oids.setter
|
519
|
-
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
520
|
+
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
520
521
|
pulumi.set(self, "ext_key_usage_oids", value)
|
521
522
|
|
522
523
|
@property
|
523
524
|
@pulumi.getter(name="extKeyUsages")
|
524
|
-
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
525
|
+
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
525
526
|
"""
|
526
527
|
Specify the allowed extended key usage constraint on issued certificates
|
527
528
|
"""
|
528
529
|
return pulumi.get(self, "ext_key_usages")
|
529
530
|
|
530
531
|
@ext_key_usages.setter
|
531
|
-
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
532
|
+
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
532
533
|
pulumi.set(self, "ext_key_usages", value)
|
533
534
|
|
534
535
|
@property
|
535
536
|
@pulumi.getter(name="generateLease")
|
536
|
-
def generate_lease(self) -> Optional[pulumi.Input[bool]]:
|
537
|
+
def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
|
537
538
|
"""
|
538
539
|
Flag to generate leases with certificates
|
539
540
|
"""
|
540
541
|
return pulumi.get(self, "generate_lease")
|
541
542
|
|
542
543
|
@generate_lease.setter
|
543
|
-
def generate_lease(self, value: Optional[pulumi.Input[bool]]):
|
544
|
+
def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
|
544
545
|
pulumi.set(self, "generate_lease", value)
|
545
546
|
|
546
547
|
@property
|
547
548
|
@pulumi.getter(name="issuerRef")
|
548
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
549
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
549
550
|
"""
|
550
551
|
Specifies the default issuer of this request. May
|
551
552
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -555,24 +556,24 @@ class SecretBackendRoleArgs:
|
|
555
556
|
return pulumi.get(self, "issuer_ref")
|
556
557
|
|
557
558
|
@issuer_ref.setter
|
558
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
559
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
559
560
|
pulumi.set(self, "issuer_ref", value)
|
560
561
|
|
561
562
|
@property
|
562
563
|
@pulumi.getter(name="keyBits")
|
563
|
-
def key_bits(self) -> Optional[pulumi.Input[int]]:
|
564
|
+
def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
564
565
|
"""
|
565
566
|
The number of bits of generated keys
|
566
567
|
"""
|
567
568
|
return pulumi.get(self, "key_bits")
|
568
569
|
|
569
570
|
@key_bits.setter
|
570
|
-
def key_bits(self, value: Optional[pulumi.Input[int]]):
|
571
|
+
def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
571
572
|
pulumi.set(self, "key_bits", value)
|
572
573
|
|
573
574
|
@property
|
574
575
|
@pulumi.getter(name="keyType")
|
575
|
-
def key_type(self) -> Optional[pulumi.Input[str]]:
|
576
|
+
def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
576
577
|
"""
|
577
578
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
578
579
|
Defaults to `rsa`
|
@@ -580,12 +581,12 @@ class SecretBackendRoleArgs:
|
|
580
581
|
return pulumi.get(self, "key_type")
|
581
582
|
|
582
583
|
@key_type.setter
|
583
|
-
def key_type(self, value: Optional[pulumi.Input[str]]):
|
584
|
+
def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
584
585
|
pulumi.set(self, "key_type", value)
|
585
586
|
|
586
587
|
@property
|
587
588
|
@pulumi.getter(name="keyUsages")
|
588
|
-
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
589
|
+
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
589
590
|
"""
|
590
591
|
Specify the allowed key usage constraint on issued
|
591
592
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
@@ -594,48 +595,48 @@ class SecretBackendRoleArgs:
|
|
594
595
|
return pulumi.get(self, "key_usages")
|
595
596
|
|
596
597
|
@key_usages.setter
|
597
|
-
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
598
|
+
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
598
599
|
pulumi.set(self, "key_usages", value)
|
599
600
|
|
600
601
|
@property
|
601
602
|
@pulumi.getter
|
602
|
-
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
603
|
+
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
603
604
|
"""
|
604
605
|
The locality of generated certificates
|
605
606
|
"""
|
606
607
|
return pulumi.get(self, "localities")
|
607
608
|
|
608
609
|
@localities.setter
|
609
|
-
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
610
|
+
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
610
611
|
pulumi.set(self, "localities", value)
|
611
612
|
|
612
613
|
@property
|
613
614
|
@pulumi.getter(name="maxTtl")
|
614
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
615
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
615
616
|
"""
|
616
617
|
The maximum lease TTL, in seconds, for the role.
|
617
618
|
"""
|
618
619
|
return pulumi.get(self, "max_ttl")
|
619
620
|
|
620
621
|
@max_ttl.setter
|
621
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
622
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
622
623
|
pulumi.set(self, "max_ttl", value)
|
623
624
|
|
624
625
|
@property
|
625
626
|
@pulumi.getter
|
626
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
627
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
627
628
|
"""
|
628
629
|
The name to identify this role within the backend. Must be unique within the backend.
|
629
630
|
"""
|
630
631
|
return pulumi.get(self, "name")
|
631
632
|
|
632
633
|
@name.setter
|
633
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
634
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
634
635
|
pulumi.set(self, "name", value)
|
635
636
|
|
636
637
|
@property
|
637
638
|
@pulumi.getter
|
638
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
639
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
639
640
|
"""
|
640
641
|
The namespace to provision the resource in.
|
641
642
|
The value should not contain leading or trailing forward slashes.
|
@@ -645,79 +646,79 @@ class SecretBackendRoleArgs:
|
|
645
646
|
return pulumi.get(self, "namespace")
|
646
647
|
|
647
648
|
@namespace.setter
|
648
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
649
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
649
650
|
pulumi.set(self, "namespace", value)
|
650
651
|
|
651
652
|
@property
|
652
653
|
@pulumi.getter(name="noStore")
|
653
|
-
def no_store(self) -> Optional[pulumi.Input[bool]]:
|
654
|
+
def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
654
655
|
"""
|
655
656
|
Flag to not store certificates in the storage backend
|
656
657
|
"""
|
657
658
|
return pulumi.get(self, "no_store")
|
658
659
|
|
659
660
|
@no_store.setter
|
660
|
-
def no_store(self, value: Optional[pulumi.Input[bool]]):
|
661
|
+
def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
661
662
|
pulumi.set(self, "no_store", value)
|
662
663
|
|
663
664
|
@property
|
664
665
|
@pulumi.getter(name="noStoreMetadata")
|
665
|
-
def no_store_metadata(self) -> Optional[pulumi.Input[bool]]:
|
666
|
+
def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
666
667
|
"""
|
667
668
|
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
668
669
|
"""
|
669
670
|
return pulumi.get(self, "no_store_metadata")
|
670
671
|
|
671
672
|
@no_store_metadata.setter
|
672
|
-
def no_store_metadata(self, value: Optional[pulumi.Input[bool]]):
|
673
|
+
def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
673
674
|
pulumi.set(self, "no_store_metadata", value)
|
674
675
|
|
675
676
|
@property
|
676
677
|
@pulumi.getter(name="notAfter")
|
677
|
-
def not_after(self) -> Optional[pulumi.Input[str]]:
|
678
|
+
def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
|
678
679
|
"""
|
679
680
|
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
680
681
|
"""
|
681
682
|
return pulumi.get(self, "not_after")
|
682
683
|
|
683
684
|
@not_after.setter
|
684
|
-
def not_after(self, value: Optional[pulumi.Input[str]]):
|
685
|
+
def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
|
685
686
|
pulumi.set(self, "not_after", value)
|
686
687
|
|
687
688
|
@property
|
688
689
|
@pulumi.getter(name="notBeforeDuration")
|
689
|
-
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
690
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
690
691
|
"""
|
691
692
|
Specifies the duration by which to backdate the NotBefore property.
|
692
693
|
"""
|
693
694
|
return pulumi.get(self, "not_before_duration")
|
694
695
|
|
695
696
|
@not_before_duration.setter
|
696
|
-
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
697
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
697
698
|
pulumi.set(self, "not_before_duration", value)
|
698
699
|
|
699
700
|
@property
|
700
701
|
@pulumi.getter(name="organizationUnit")
|
701
|
-
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
702
|
+
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
702
703
|
"""
|
703
704
|
The organization unit of generated certificates
|
704
705
|
"""
|
705
706
|
return pulumi.get(self, "organization_unit")
|
706
707
|
|
707
708
|
@organization_unit.setter
|
708
|
-
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
709
|
+
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
709
710
|
pulumi.set(self, "organization_unit", value)
|
710
711
|
|
711
712
|
@property
|
712
713
|
@pulumi.getter
|
713
|
-
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
714
|
+
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
714
715
|
"""
|
715
716
|
The organization of generated certificates
|
716
717
|
"""
|
717
718
|
return pulumi.get(self, "organizations")
|
718
719
|
|
719
720
|
@organizations.setter
|
720
|
-
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
721
|
+
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
721
722
|
pulumi.set(self, "organizations", value)
|
722
723
|
|
723
724
|
@property
|
@@ -734,55 +735,55 @@ class SecretBackendRoleArgs:
|
|
734
735
|
|
735
736
|
@property
|
736
737
|
@pulumi.getter(name="policyIdentifiers")
|
737
|
-
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
738
|
+
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
738
739
|
"""
|
739
740
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
740
741
|
"""
|
741
742
|
return pulumi.get(self, "policy_identifiers")
|
742
743
|
|
743
744
|
@policy_identifiers.setter
|
744
|
-
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
745
|
+
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
745
746
|
pulumi.set(self, "policy_identifiers", value)
|
746
747
|
|
747
748
|
@property
|
748
749
|
@pulumi.getter(name="postalCodes")
|
749
|
-
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
750
|
+
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
750
751
|
"""
|
751
752
|
The postal code of generated certificates
|
752
753
|
"""
|
753
754
|
return pulumi.get(self, "postal_codes")
|
754
755
|
|
755
756
|
@postal_codes.setter
|
756
|
-
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
757
|
+
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
757
758
|
pulumi.set(self, "postal_codes", value)
|
758
759
|
|
759
760
|
@property
|
760
761
|
@pulumi.getter
|
761
|
-
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
762
|
+
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
762
763
|
"""
|
763
764
|
The province of generated certificates
|
764
765
|
"""
|
765
766
|
return pulumi.get(self, "provinces")
|
766
767
|
|
767
768
|
@provinces.setter
|
768
|
-
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
769
|
+
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
769
770
|
pulumi.set(self, "provinces", value)
|
770
771
|
|
771
772
|
@property
|
772
773
|
@pulumi.getter(name="requireCn")
|
773
|
-
def require_cn(self) -> Optional[pulumi.Input[bool]]:
|
774
|
+
def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
774
775
|
"""
|
775
776
|
Flag to force CN usage
|
776
777
|
"""
|
777
778
|
return pulumi.get(self, "require_cn")
|
778
779
|
|
779
780
|
@require_cn.setter
|
780
|
-
def require_cn(self, value: Optional[pulumi.Input[bool]]):
|
781
|
+
def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
781
782
|
pulumi.set(self, "require_cn", value)
|
782
783
|
|
783
784
|
@property
|
784
785
|
@pulumi.getter(name="serialNumberSource")
|
785
|
-
def serial_number_source(self) -> Optional[pulumi.Input[str]]:
|
786
|
+
def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
|
786
787
|
"""
|
787
788
|
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
788
789
|
|
@@ -791,214 +792,214 @@ class SecretBackendRoleArgs:
|
|
791
792
|
return pulumi.get(self, "serial_number_source")
|
792
793
|
|
793
794
|
@serial_number_source.setter
|
794
|
-
def serial_number_source(self, value: Optional[pulumi.Input[str]]):
|
795
|
+
def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
|
795
796
|
pulumi.set(self, "serial_number_source", value)
|
796
797
|
|
797
798
|
@property
|
798
799
|
@pulumi.getter(name="serverFlag")
|
799
|
-
def server_flag(self) -> Optional[pulumi.Input[bool]]:
|
800
|
+
def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
800
801
|
"""
|
801
802
|
Flag to specify certificates for server use
|
802
803
|
"""
|
803
804
|
return pulumi.get(self, "server_flag")
|
804
805
|
|
805
806
|
@server_flag.setter
|
806
|
-
def server_flag(self, value: Optional[pulumi.Input[bool]]):
|
807
|
+
def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
807
808
|
pulumi.set(self, "server_flag", value)
|
808
809
|
|
809
810
|
@property
|
810
811
|
@pulumi.getter(name="signatureBits")
|
811
|
-
def signature_bits(self) -> Optional[pulumi.Input[int]]:
|
812
|
+
def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
812
813
|
"""
|
813
814
|
The number of bits to use in the signature algorithm
|
814
815
|
"""
|
815
816
|
return pulumi.get(self, "signature_bits")
|
816
817
|
|
817
818
|
@signature_bits.setter
|
818
|
-
def signature_bits(self, value: Optional[pulumi.Input[int]]):
|
819
|
+
def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
819
820
|
pulumi.set(self, "signature_bits", value)
|
820
821
|
|
821
822
|
@property
|
822
823
|
@pulumi.getter(name="streetAddresses")
|
823
|
-
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
824
|
+
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
824
825
|
"""
|
825
826
|
The street address of generated certificates
|
826
827
|
"""
|
827
828
|
return pulumi.get(self, "street_addresses")
|
828
829
|
|
829
830
|
@street_addresses.setter
|
830
|
-
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
831
|
+
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
831
832
|
pulumi.set(self, "street_addresses", value)
|
832
833
|
|
833
834
|
@property
|
834
835
|
@pulumi.getter
|
835
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
836
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
836
837
|
"""
|
837
838
|
The TTL, in seconds, for any certificate issued against this role.
|
838
839
|
"""
|
839
840
|
return pulumi.get(self, "ttl")
|
840
841
|
|
841
842
|
@ttl.setter
|
842
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
843
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
843
844
|
pulumi.set(self, "ttl", value)
|
844
845
|
|
845
846
|
@property
|
846
847
|
@pulumi.getter(name="useCsrCommonName")
|
847
|
-
def use_csr_common_name(self) -> Optional[pulumi.Input[bool]]:
|
848
|
+
def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
848
849
|
"""
|
849
850
|
Flag to use the CN in the CSR
|
850
851
|
"""
|
851
852
|
return pulumi.get(self, "use_csr_common_name")
|
852
853
|
|
853
854
|
@use_csr_common_name.setter
|
854
|
-
def use_csr_common_name(self, value: Optional[pulumi.Input[bool]]):
|
855
|
+
def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
855
856
|
pulumi.set(self, "use_csr_common_name", value)
|
856
857
|
|
857
858
|
@property
|
858
859
|
@pulumi.getter(name="useCsrSans")
|
859
|
-
def use_csr_sans(self) -> Optional[pulumi.Input[bool]]:
|
860
|
+
def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
860
861
|
"""
|
861
862
|
Flag to use the SANs in the CSR
|
862
863
|
"""
|
863
864
|
return pulumi.get(self, "use_csr_sans")
|
864
865
|
|
865
866
|
@use_csr_sans.setter
|
866
|
-
def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
|
867
|
+
def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
867
868
|
pulumi.set(self, "use_csr_sans", value)
|
868
869
|
|
869
870
|
@property
|
870
871
|
@pulumi.getter(name="usePss")
|
871
|
-
def use_pss(self) -> Optional[pulumi.Input[bool]]:
|
872
|
+
def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
|
872
873
|
"""
|
873
874
|
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
874
875
|
"""
|
875
876
|
return pulumi.get(self, "use_pss")
|
876
877
|
|
877
878
|
@use_pss.setter
|
878
|
-
def use_pss(self, value: Optional[pulumi.Input[bool]]):
|
879
|
+
def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
|
879
880
|
pulumi.set(self, "use_pss", value)
|
880
881
|
|
881
882
|
|
882
883
|
@pulumi.input_type
|
883
884
|
class _SecretBackendRoleState:
|
884
885
|
def __init__(__self__, *,
|
885
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
886
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
887
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
888
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
889
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
890
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
891
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
892
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
893
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
894
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
895
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
896
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
897
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
898
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
899
|
-
backend: Optional[pulumi.Input[str]] = None,
|
900
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
901
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
902
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
903
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
904
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
905
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
906
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
907
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
908
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
909
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
910
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
911
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
912
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
913
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
914
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
915
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
916
|
-
name: Optional[pulumi.Input[str]] = None,
|
917
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
918
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
919
|
-
no_store_metadata: Optional[pulumi.Input[bool]] = None,
|
920
|
-
not_after: Optional[pulumi.Input[str]] = None,
|
921
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
922
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
923
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
886
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
887
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
888
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
889
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
890
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
891
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
892
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
893
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
894
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
895
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
896
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
897
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
898
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
899
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
900
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
901
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
902
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
903
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
904
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
905
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
906
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
907
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
908
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
909
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
910
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
911
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
912
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
913
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
914
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
915
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
916
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
917
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
918
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
919
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
920
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
921
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
922
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
923
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
924
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
924
925
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
|
925
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
926
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
927
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
928
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
929
|
-
serial_number_source: Optional[pulumi.Input[str]] = None,
|
930
|
-
server_flag: Optional[pulumi.Input[bool]] = None,
|
931
|
-
signature_bits: Optional[pulumi.Input[int]] = None,
|
932
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
933
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
934
|
-
use_csr_common_name: Optional[pulumi.Input[bool]] = None,
|
935
|
-
use_csr_sans: Optional[pulumi.Input[bool]] = None,
|
936
|
-
use_pss: Optional[pulumi.Input[bool]] = None):
|
926
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
927
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
928
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
929
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
930
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
931
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
932
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
933
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
934
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
935
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
936
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
937
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None):
|
937
938
|
"""
|
938
939
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
939
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
940
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
941
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
942
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
943
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
944
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
945
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
946
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
947
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
948
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
949
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
950
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
951
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
952
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
953
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
954
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
955
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
956
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
957
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
958
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
959
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
960
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
961
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
962
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
963
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
964
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
940
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
941
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
942
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
943
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
944
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
945
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
946
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
947
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
948
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
949
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
950
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
951
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
952
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
953
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
954
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
955
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
956
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
957
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
958
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
959
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
960
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
961
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
962
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
963
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
964
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
965
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
965
966
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
966
967
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
967
968
|
overriding the role's `issuer_ref` value.
|
968
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
969
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
969
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
970
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
970
971
|
Defaults to `rsa`
|
971
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
972
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
972
973
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
973
974
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
974
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
975
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
976
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
977
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
975
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
976
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
977
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
978
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
978
979
|
The value should not contain leading or trailing forward slashes.
|
979
980
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
980
981
|
*Available only for Vault Enterprise*.
|
981
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
982
|
-
:param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
983
|
-
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
984
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
985
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
|
986
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
|
982
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
983
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
984
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
985
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
986
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
987
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
987
988
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
988
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
989
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
990
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
991
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
992
|
-
:param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
989
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
990
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
991
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
992
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
993
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
993
994
|
|
994
995
|
Example usage:
|
995
|
-
:param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
|
996
|
-
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
997
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
|
998
|
-
:param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
999
|
-
:param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
|
1000
|
-
:param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
|
1001
|
-
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
996
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
997
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
998
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
999
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
1000
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
1001
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
1002
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
1002
1003
|
"""
|
1003
1004
|
if allow_any_name is not None:
|
1004
1005
|
pulumi.set(__self__, "allow_any_name", allow_any_name)
|
@@ -1107,307 +1108,307 @@ class _SecretBackendRoleState:
|
|
1107
1108
|
|
1108
1109
|
@property
|
1109
1110
|
@pulumi.getter(name="allowAnyName")
|
1110
|
-
def allow_any_name(self) -> Optional[pulumi.Input[bool]]:
|
1111
|
+
def allow_any_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1111
1112
|
"""
|
1112
1113
|
Flag to allow any name
|
1113
1114
|
"""
|
1114
1115
|
return pulumi.get(self, "allow_any_name")
|
1115
1116
|
|
1116
1117
|
@allow_any_name.setter
|
1117
|
-
def allow_any_name(self, value: Optional[pulumi.Input[bool]]):
|
1118
|
+
def allow_any_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1118
1119
|
pulumi.set(self, "allow_any_name", value)
|
1119
1120
|
|
1120
1121
|
@property
|
1121
1122
|
@pulumi.getter(name="allowBareDomains")
|
1122
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
|
1123
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1123
1124
|
"""
|
1124
1125
|
Flag to allow certificates matching the actual domain
|
1125
1126
|
"""
|
1126
1127
|
return pulumi.get(self, "allow_bare_domains")
|
1127
1128
|
|
1128
1129
|
@allow_bare_domains.setter
|
1129
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
1130
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1130
1131
|
pulumi.set(self, "allow_bare_domains", value)
|
1131
1132
|
|
1132
1133
|
@property
|
1133
1134
|
@pulumi.getter(name="allowGlobDomains")
|
1134
|
-
def allow_glob_domains(self) -> Optional[pulumi.Input[bool]]:
|
1135
|
+
def allow_glob_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1135
1136
|
"""
|
1136
1137
|
Flag to allow names containing glob patterns.
|
1137
1138
|
"""
|
1138
1139
|
return pulumi.get(self, "allow_glob_domains")
|
1139
1140
|
|
1140
1141
|
@allow_glob_domains.setter
|
1141
|
-
def allow_glob_domains(self, value: Optional[pulumi.Input[bool]]):
|
1142
|
+
def allow_glob_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1142
1143
|
pulumi.set(self, "allow_glob_domains", value)
|
1143
1144
|
|
1144
1145
|
@property
|
1145
1146
|
@pulumi.getter(name="allowIpSans")
|
1146
|
-
def allow_ip_sans(self) -> Optional[pulumi.Input[bool]]:
|
1147
|
+
def allow_ip_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1147
1148
|
"""
|
1148
1149
|
Flag to allow IP SANs
|
1149
1150
|
"""
|
1150
1151
|
return pulumi.get(self, "allow_ip_sans")
|
1151
1152
|
|
1152
1153
|
@allow_ip_sans.setter
|
1153
|
-
def allow_ip_sans(self, value: Optional[pulumi.Input[bool]]):
|
1154
|
+
def allow_ip_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1154
1155
|
pulumi.set(self, "allow_ip_sans", value)
|
1155
1156
|
|
1156
1157
|
@property
|
1157
1158
|
@pulumi.getter(name="allowLocalhost")
|
1158
|
-
def allow_localhost(self) -> Optional[pulumi.Input[bool]]:
|
1159
|
+
def allow_localhost(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1159
1160
|
"""
|
1160
1161
|
Flag to allow certificates for localhost
|
1161
1162
|
"""
|
1162
1163
|
return pulumi.get(self, "allow_localhost")
|
1163
1164
|
|
1164
1165
|
@allow_localhost.setter
|
1165
|
-
def allow_localhost(self, value: Optional[pulumi.Input[bool]]):
|
1166
|
+
def allow_localhost(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1166
1167
|
pulumi.set(self, "allow_localhost", value)
|
1167
1168
|
|
1168
1169
|
@property
|
1169
1170
|
@pulumi.getter(name="allowSubdomains")
|
1170
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
|
1171
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1171
1172
|
"""
|
1172
1173
|
Flag to allow certificates matching subdomains
|
1173
1174
|
"""
|
1174
1175
|
return pulumi.get(self, "allow_subdomains")
|
1175
1176
|
|
1176
1177
|
@allow_subdomains.setter
|
1177
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
|
1178
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1178
1179
|
pulumi.set(self, "allow_subdomains", value)
|
1179
1180
|
|
1180
1181
|
@property
|
1181
1182
|
@pulumi.getter(name="allowWildcardCertificates")
|
1182
|
-
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[bool]]:
|
1183
|
+
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1183
1184
|
"""
|
1184
1185
|
Flag to allow wildcard certificates.
|
1185
1186
|
"""
|
1186
1187
|
return pulumi.get(self, "allow_wildcard_certificates")
|
1187
1188
|
|
1188
1189
|
@allow_wildcard_certificates.setter
|
1189
|
-
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[bool]]):
|
1190
|
+
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1190
1191
|
pulumi.set(self, "allow_wildcard_certificates", value)
|
1191
1192
|
|
1192
1193
|
@property
|
1193
1194
|
@pulumi.getter(name="allowedDomains")
|
1194
|
-
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1195
|
+
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1195
1196
|
"""
|
1196
1197
|
List of allowed domains for certificates
|
1197
1198
|
"""
|
1198
1199
|
return pulumi.get(self, "allowed_domains")
|
1199
1200
|
|
1200
1201
|
@allowed_domains.setter
|
1201
|
-
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1202
|
+
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1202
1203
|
pulumi.set(self, "allowed_domains", value)
|
1203
1204
|
|
1204
1205
|
@property
|
1205
1206
|
@pulumi.getter(name="allowedDomainsTemplate")
|
1206
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
|
1207
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1207
1208
|
"""
|
1208
1209
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1209
1210
|
"""
|
1210
1211
|
return pulumi.get(self, "allowed_domains_template")
|
1211
1212
|
|
1212
1213
|
@allowed_domains_template.setter
|
1213
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
|
1214
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1214
1215
|
pulumi.set(self, "allowed_domains_template", value)
|
1215
1216
|
|
1216
1217
|
@property
|
1217
1218
|
@pulumi.getter(name="allowedOtherSans")
|
1218
|
-
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1219
|
+
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1219
1220
|
"""
|
1220
1221
|
Defines allowed custom SANs
|
1221
1222
|
"""
|
1222
1223
|
return pulumi.get(self, "allowed_other_sans")
|
1223
1224
|
|
1224
1225
|
@allowed_other_sans.setter
|
1225
|
-
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1226
|
+
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1226
1227
|
pulumi.set(self, "allowed_other_sans", value)
|
1227
1228
|
|
1228
1229
|
@property
|
1229
1230
|
@pulumi.getter(name="allowedSerialNumbers")
|
1230
|
-
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1231
|
+
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1231
1232
|
"""
|
1232
1233
|
An array of allowed serial numbers to put in Subject
|
1233
1234
|
"""
|
1234
1235
|
return pulumi.get(self, "allowed_serial_numbers")
|
1235
1236
|
|
1236
1237
|
@allowed_serial_numbers.setter
|
1237
|
-
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1238
|
+
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1238
1239
|
pulumi.set(self, "allowed_serial_numbers", value)
|
1239
1240
|
|
1240
1241
|
@property
|
1241
1242
|
@pulumi.getter(name="allowedUriSans")
|
1242
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1243
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1243
1244
|
"""
|
1244
1245
|
Defines allowed URI SANs
|
1245
1246
|
"""
|
1246
1247
|
return pulumi.get(self, "allowed_uri_sans")
|
1247
1248
|
|
1248
1249
|
@allowed_uri_sans.setter
|
1249
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1250
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1250
1251
|
pulumi.set(self, "allowed_uri_sans", value)
|
1251
1252
|
|
1252
1253
|
@property
|
1253
1254
|
@pulumi.getter(name="allowedUriSansTemplate")
|
1254
|
-
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[bool]]:
|
1255
|
+
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1255
1256
|
"""
|
1256
1257
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1257
1258
|
"""
|
1258
1259
|
return pulumi.get(self, "allowed_uri_sans_template")
|
1259
1260
|
|
1260
1261
|
@allowed_uri_sans_template.setter
|
1261
|
-
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[bool]]):
|
1262
|
+
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1262
1263
|
pulumi.set(self, "allowed_uri_sans_template", value)
|
1263
1264
|
|
1264
1265
|
@property
|
1265
1266
|
@pulumi.getter(name="allowedUserIds")
|
1266
|
-
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1267
|
+
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1267
1268
|
"""
|
1268
1269
|
Defines allowed User IDs
|
1269
1270
|
"""
|
1270
1271
|
return pulumi.get(self, "allowed_user_ids")
|
1271
1272
|
|
1272
1273
|
@allowed_user_ids.setter
|
1273
|
-
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1274
|
+
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1274
1275
|
pulumi.set(self, "allowed_user_ids", value)
|
1275
1276
|
|
1276
1277
|
@property
|
1277
1278
|
@pulumi.getter
|
1278
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
1279
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
1279
1280
|
"""
|
1280
1281
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1281
1282
|
"""
|
1282
1283
|
return pulumi.get(self, "backend")
|
1283
1284
|
|
1284
1285
|
@backend.setter
|
1285
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
1286
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
1286
1287
|
pulumi.set(self, "backend", value)
|
1287
1288
|
|
1288
1289
|
@property
|
1289
1290
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
1290
|
-
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[bool]]:
|
1291
|
+
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1291
1292
|
"""
|
1292
1293
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
1293
1294
|
"""
|
1294
1295
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
1295
1296
|
|
1296
1297
|
@basic_constraints_valid_for_non_ca.setter
|
1297
|
-
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[bool]]):
|
1298
|
+
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1298
1299
|
pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
|
1299
1300
|
|
1300
1301
|
@property
|
1301
1302
|
@pulumi.getter(name="clientFlag")
|
1302
|
-
def client_flag(self) -> Optional[pulumi.Input[bool]]:
|
1303
|
+
def client_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1303
1304
|
"""
|
1304
1305
|
Flag to specify certificates for client use
|
1305
1306
|
"""
|
1306
1307
|
return pulumi.get(self, "client_flag")
|
1307
1308
|
|
1308
1309
|
@client_flag.setter
|
1309
|
-
def client_flag(self, value: Optional[pulumi.Input[bool]]):
|
1310
|
+
def client_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1310
1311
|
pulumi.set(self, "client_flag", value)
|
1311
1312
|
|
1312
1313
|
@property
|
1313
1314
|
@pulumi.getter(name="cnValidations")
|
1314
|
-
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1315
|
+
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1315
1316
|
"""
|
1316
1317
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1317
1318
|
"""
|
1318
1319
|
return pulumi.get(self, "cn_validations")
|
1319
1320
|
|
1320
1321
|
@cn_validations.setter
|
1321
|
-
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1322
|
+
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1322
1323
|
pulumi.set(self, "cn_validations", value)
|
1323
1324
|
|
1324
1325
|
@property
|
1325
1326
|
@pulumi.getter(name="codeSigningFlag")
|
1326
|
-
def code_signing_flag(self) -> Optional[pulumi.Input[bool]]:
|
1327
|
+
def code_signing_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1327
1328
|
"""
|
1328
1329
|
Flag to specify certificates for code signing use
|
1329
1330
|
"""
|
1330
1331
|
return pulumi.get(self, "code_signing_flag")
|
1331
1332
|
|
1332
1333
|
@code_signing_flag.setter
|
1333
|
-
def code_signing_flag(self, value: Optional[pulumi.Input[bool]]):
|
1334
|
+
def code_signing_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1334
1335
|
pulumi.set(self, "code_signing_flag", value)
|
1335
1336
|
|
1336
1337
|
@property
|
1337
1338
|
@pulumi.getter
|
1338
|
-
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1339
|
+
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1339
1340
|
"""
|
1340
1341
|
The country of generated certificates
|
1341
1342
|
"""
|
1342
1343
|
return pulumi.get(self, "countries")
|
1343
1344
|
|
1344
1345
|
@countries.setter
|
1345
|
-
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1346
|
+
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1346
1347
|
pulumi.set(self, "countries", value)
|
1347
1348
|
|
1348
1349
|
@property
|
1349
1350
|
@pulumi.getter(name="emailProtectionFlag")
|
1350
|
-
def email_protection_flag(self) -> Optional[pulumi.Input[bool]]:
|
1351
|
+
def email_protection_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1351
1352
|
"""
|
1352
1353
|
Flag to specify certificates for email protection use
|
1353
1354
|
"""
|
1354
1355
|
return pulumi.get(self, "email_protection_flag")
|
1355
1356
|
|
1356
1357
|
@email_protection_flag.setter
|
1357
|
-
def email_protection_flag(self, value: Optional[pulumi.Input[bool]]):
|
1358
|
+
def email_protection_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1358
1359
|
pulumi.set(self, "email_protection_flag", value)
|
1359
1360
|
|
1360
1361
|
@property
|
1361
1362
|
@pulumi.getter(name="enforceHostnames")
|
1362
|
-
def enforce_hostnames(self) -> Optional[pulumi.Input[bool]]:
|
1363
|
+
def enforce_hostnames(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1363
1364
|
"""
|
1364
1365
|
Flag to allow only valid host names
|
1365
1366
|
"""
|
1366
1367
|
return pulumi.get(self, "enforce_hostnames")
|
1367
1368
|
|
1368
1369
|
@enforce_hostnames.setter
|
1369
|
-
def enforce_hostnames(self, value: Optional[pulumi.Input[bool]]):
|
1370
|
+
def enforce_hostnames(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1370
1371
|
pulumi.set(self, "enforce_hostnames", value)
|
1371
1372
|
|
1372
1373
|
@property
|
1373
1374
|
@pulumi.getter(name="extKeyUsageOids")
|
1374
|
-
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1375
|
+
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1375
1376
|
"""
|
1376
1377
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
1377
1378
|
"""
|
1378
1379
|
return pulumi.get(self, "ext_key_usage_oids")
|
1379
1380
|
|
1380
1381
|
@ext_key_usage_oids.setter
|
1381
|
-
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1382
|
+
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1382
1383
|
pulumi.set(self, "ext_key_usage_oids", value)
|
1383
1384
|
|
1384
1385
|
@property
|
1385
1386
|
@pulumi.getter(name="extKeyUsages")
|
1386
|
-
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1387
|
+
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1387
1388
|
"""
|
1388
1389
|
Specify the allowed extended key usage constraint on issued certificates
|
1389
1390
|
"""
|
1390
1391
|
return pulumi.get(self, "ext_key_usages")
|
1391
1392
|
|
1392
1393
|
@ext_key_usages.setter
|
1393
|
-
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1394
|
+
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1394
1395
|
pulumi.set(self, "ext_key_usages", value)
|
1395
1396
|
|
1396
1397
|
@property
|
1397
1398
|
@pulumi.getter(name="generateLease")
|
1398
|
-
def generate_lease(self) -> Optional[pulumi.Input[bool]]:
|
1399
|
+
def generate_lease(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1399
1400
|
"""
|
1400
1401
|
Flag to generate leases with certificates
|
1401
1402
|
"""
|
1402
1403
|
return pulumi.get(self, "generate_lease")
|
1403
1404
|
|
1404
1405
|
@generate_lease.setter
|
1405
|
-
def generate_lease(self, value: Optional[pulumi.Input[bool]]):
|
1406
|
+
def generate_lease(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1406
1407
|
pulumi.set(self, "generate_lease", value)
|
1407
1408
|
|
1408
1409
|
@property
|
1409
1410
|
@pulumi.getter(name="issuerRef")
|
1410
|
-
def issuer_ref(self) -> Optional[pulumi.Input[str]]:
|
1411
|
+
def issuer_ref(self) -> Optional[pulumi.Input[builtins.str]]:
|
1411
1412
|
"""
|
1412
1413
|
Specifies the default issuer of this request. May
|
1413
1414
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -1417,24 +1418,24 @@ class _SecretBackendRoleState:
|
|
1417
1418
|
return pulumi.get(self, "issuer_ref")
|
1418
1419
|
|
1419
1420
|
@issuer_ref.setter
|
1420
|
-
def issuer_ref(self, value: Optional[pulumi.Input[str]]):
|
1421
|
+
def issuer_ref(self, value: Optional[pulumi.Input[builtins.str]]):
|
1421
1422
|
pulumi.set(self, "issuer_ref", value)
|
1422
1423
|
|
1423
1424
|
@property
|
1424
1425
|
@pulumi.getter(name="keyBits")
|
1425
|
-
def key_bits(self) -> Optional[pulumi.Input[int]]:
|
1426
|
+
def key_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
1426
1427
|
"""
|
1427
1428
|
The number of bits of generated keys
|
1428
1429
|
"""
|
1429
1430
|
return pulumi.get(self, "key_bits")
|
1430
1431
|
|
1431
1432
|
@key_bits.setter
|
1432
|
-
def key_bits(self, value: Optional[pulumi.Input[int]]):
|
1433
|
+
def key_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
1433
1434
|
pulumi.set(self, "key_bits", value)
|
1434
1435
|
|
1435
1436
|
@property
|
1436
1437
|
@pulumi.getter(name="keyType")
|
1437
|
-
def key_type(self) -> Optional[pulumi.Input[str]]:
|
1438
|
+
def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
1438
1439
|
"""
|
1439
1440
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1440
1441
|
Defaults to `rsa`
|
@@ -1442,12 +1443,12 @@ class _SecretBackendRoleState:
|
|
1442
1443
|
return pulumi.get(self, "key_type")
|
1443
1444
|
|
1444
1445
|
@key_type.setter
|
1445
|
-
def key_type(self, value: Optional[pulumi.Input[str]]):
|
1446
|
+
def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
1446
1447
|
pulumi.set(self, "key_type", value)
|
1447
1448
|
|
1448
1449
|
@property
|
1449
1450
|
@pulumi.getter(name="keyUsages")
|
1450
|
-
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1451
|
+
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1451
1452
|
"""
|
1452
1453
|
Specify the allowed key usage constraint on issued
|
1453
1454
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
@@ -1456,48 +1457,48 @@ class _SecretBackendRoleState:
|
|
1456
1457
|
return pulumi.get(self, "key_usages")
|
1457
1458
|
|
1458
1459
|
@key_usages.setter
|
1459
|
-
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1460
|
+
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1460
1461
|
pulumi.set(self, "key_usages", value)
|
1461
1462
|
|
1462
1463
|
@property
|
1463
1464
|
@pulumi.getter
|
1464
|
-
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1465
|
+
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1465
1466
|
"""
|
1466
1467
|
The locality of generated certificates
|
1467
1468
|
"""
|
1468
1469
|
return pulumi.get(self, "localities")
|
1469
1470
|
|
1470
1471
|
@localities.setter
|
1471
|
-
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1472
|
+
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1472
1473
|
pulumi.set(self, "localities", value)
|
1473
1474
|
|
1474
1475
|
@property
|
1475
1476
|
@pulumi.getter(name="maxTtl")
|
1476
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
1477
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
1477
1478
|
"""
|
1478
1479
|
The maximum lease TTL, in seconds, for the role.
|
1479
1480
|
"""
|
1480
1481
|
return pulumi.get(self, "max_ttl")
|
1481
1482
|
|
1482
1483
|
@max_ttl.setter
|
1483
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
1484
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
1484
1485
|
pulumi.set(self, "max_ttl", value)
|
1485
1486
|
|
1486
1487
|
@property
|
1487
1488
|
@pulumi.getter
|
1488
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
1489
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
1489
1490
|
"""
|
1490
1491
|
The name to identify this role within the backend. Must be unique within the backend.
|
1491
1492
|
"""
|
1492
1493
|
return pulumi.get(self, "name")
|
1493
1494
|
|
1494
1495
|
@name.setter
|
1495
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
1496
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
1496
1497
|
pulumi.set(self, "name", value)
|
1497
1498
|
|
1498
1499
|
@property
|
1499
1500
|
@pulumi.getter
|
1500
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
1501
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
1501
1502
|
"""
|
1502
1503
|
The namespace to provision the resource in.
|
1503
1504
|
The value should not contain leading or trailing forward slashes.
|
@@ -1507,79 +1508,79 @@ class _SecretBackendRoleState:
|
|
1507
1508
|
return pulumi.get(self, "namespace")
|
1508
1509
|
|
1509
1510
|
@namespace.setter
|
1510
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
1511
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
1511
1512
|
pulumi.set(self, "namespace", value)
|
1512
1513
|
|
1513
1514
|
@property
|
1514
1515
|
@pulumi.getter(name="noStore")
|
1515
|
-
def no_store(self) -> Optional[pulumi.Input[bool]]:
|
1516
|
+
def no_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1516
1517
|
"""
|
1517
1518
|
Flag to not store certificates in the storage backend
|
1518
1519
|
"""
|
1519
1520
|
return pulumi.get(self, "no_store")
|
1520
1521
|
|
1521
1522
|
@no_store.setter
|
1522
|
-
def no_store(self, value: Optional[pulumi.Input[bool]]):
|
1523
|
+
def no_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1523
1524
|
pulumi.set(self, "no_store", value)
|
1524
1525
|
|
1525
1526
|
@property
|
1526
1527
|
@pulumi.getter(name="noStoreMetadata")
|
1527
|
-
def no_store_metadata(self) -> Optional[pulumi.Input[bool]]:
|
1528
|
+
def no_store_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1528
1529
|
"""
|
1529
1530
|
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
1530
1531
|
"""
|
1531
1532
|
return pulumi.get(self, "no_store_metadata")
|
1532
1533
|
|
1533
1534
|
@no_store_metadata.setter
|
1534
|
-
def no_store_metadata(self, value: Optional[pulumi.Input[bool]]):
|
1535
|
+
def no_store_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1535
1536
|
pulumi.set(self, "no_store_metadata", value)
|
1536
1537
|
|
1537
1538
|
@property
|
1538
1539
|
@pulumi.getter(name="notAfter")
|
1539
|
-
def not_after(self) -> Optional[pulumi.Input[str]]:
|
1540
|
+
def not_after(self) -> Optional[pulumi.Input[builtins.str]]:
|
1540
1541
|
"""
|
1541
1542
|
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1542
1543
|
"""
|
1543
1544
|
return pulumi.get(self, "not_after")
|
1544
1545
|
|
1545
1546
|
@not_after.setter
|
1546
|
-
def not_after(self, value: Optional[pulumi.Input[str]]):
|
1547
|
+
def not_after(self, value: Optional[pulumi.Input[builtins.str]]):
|
1547
1548
|
pulumi.set(self, "not_after", value)
|
1548
1549
|
|
1549
1550
|
@property
|
1550
1551
|
@pulumi.getter(name="notBeforeDuration")
|
1551
|
-
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
1552
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
1552
1553
|
"""
|
1553
1554
|
Specifies the duration by which to backdate the NotBefore property.
|
1554
1555
|
"""
|
1555
1556
|
return pulumi.get(self, "not_before_duration")
|
1556
1557
|
|
1557
1558
|
@not_before_duration.setter
|
1558
|
-
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
1559
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
1559
1560
|
pulumi.set(self, "not_before_duration", value)
|
1560
1561
|
|
1561
1562
|
@property
|
1562
1563
|
@pulumi.getter(name="organizationUnit")
|
1563
|
-
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1564
|
+
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1564
1565
|
"""
|
1565
1566
|
The organization unit of generated certificates
|
1566
1567
|
"""
|
1567
1568
|
return pulumi.get(self, "organization_unit")
|
1568
1569
|
|
1569
1570
|
@organization_unit.setter
|
1570
|
-
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1571
|
+
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1571
1572
|
pulumi.set(self, "organization_unit", value)
|
1572
1573
|
|
1573
1574
|
@property
|
1574
1575
|
@pulumi.getter
|
1575
|
-
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1576
|
+
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1576
1577
|
"""
|
1577
1578
|
The organization of generated certificates
|
1578
1579
|
"""
|
1579
1580
|
return pulumi.get(self, "organizations")
|
1580
1581
|
|
1581
1582
|
@organizations.setter
|
1582
|
-
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1583
|
+
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1583
1584
|
pulumi.set(self, "organizations", value)
|
1584
1585
|
|
1585
1586
|
@property
|
@@ -1596,55 +1597,55 @@ class _SecretBackendRoleState:
|
|
1596
1597
|
|
1597
1598
|
@property
|
1598
1599
|
@pulumi.getter(name="policyIdentifiers")
|
1599
|
-
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1600
|
+
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1600
1601
|
"""
|
1601
1602
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1602
1603
|
"""
|
1603
1604
|
return pulumi.get(self, "policy_identifiers")
|
1604
1605
|
|
1605
1606
|
@policy_identifiers.setter
|
1606
|
-
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1607
|
+
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1607
1608
|
pulumi.set(self, "policy_identifiers", value)
|
1608
1609
|
|
1609
1610
|
@property
|
1610
1611
|
@pulumi.getter(name="postalCodes")
|
1611
|
-
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1612
|
+
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1612
1613
|
"""
|
1613
1614
|
The postal code of generated certificates
|
1614
1615
|
"""
|
1615
1616
|
return pulumi.get(self, "postal_codes")
|
1616
1617
|
|
1617
1618
|
@postal_codes.setter
|
1618
|
-
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1619
|
+
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1619
1620
|
pulumi.set(self, "postal_codes", value)
|
1620
1621
|
|
1621
1622
|
@property
|
1622
1623
|
@pulumi.getter
|
1623
|
-
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1624
|
+
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1624
1625
|
"""
|
1625
1626
|
The province of generated certificates
|
1626
1627
|
"""
|
1627
1628
|
return pulumi.get(self, "provinces")
|
1628
1629
|
|
1629
1630
|
@provinces.setter
|
1630
|
-
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1631
|
+
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1631
1632
|
pulumi.set(self, "provinces", value)
|
1632
1633
|
|
1633
1634
|
@property
|
1634
1635
|
@pulumi.getter(name="requireCn")
|
1635
|
-
def require_cn(self) -> Optional[pulumi.Input[bool]]:
|
1636
|
+
def require_cn(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1636
1637
|
"""
|
1637
1638
|
Flag to force CN usage
|
1638
1639
|
"""
|
1639
1640
|
return pulumi.get(self, "require_cn")
|
1640
1641
|
|
1641
1642
|
@require_cn.setter
|
1642
|
-
def require_cn(self, value: Optional[pulumi.Input[bool]]):
|
1643
|
+
def require_cn(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1643
1644
|
pulumi.set(self, "require_cn", value)
|
1644
1645
|
|
1645
1646
|
@property
|
1646
1647
|
@pulumi.getter(name="serialNumberSource")
|
1647
|
-
def serial_number_source(self) -> Optional[pulumi.Input[str]]:
|
1648
|
+
def serial_number_source(self) -> Optional[pulumi.Input[builtins.str]]:
|
1648
1649
|
"""
|
1649
1650
|
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
1650
1651
|
|
@@ -1653,91 +1654,91 @@ class _SecretBackendRoleState:
|
|
1653
1654
|
return pulumi.get(self, "serial_number_source")
|
1654
1655
|
|
1655
1656
|
@serial_number_source.setter
|
1656
|
-
def serial_number_source(self, value: Optional[pulumi.Input[str]]):
|
1657
|
+
def serial_number_source(self, value: Optional[pulumi.Input[builtins.str]]):
|
1657
1658
|
pulumi.set(self, "serial_number_source", value)
|
1658
1659
|
|
1659
1660
|
@property
|
1660
1661
|
@pulumi.getter(name="serverFlag")
|
1661
|
-
def server_flag(self) -> Optional[pulumi.Input[bool]]:
|
1662
|
+
def server_flag(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1662
1663
|
"""
|
1663
1664
|
Flag to specify certificates for server use
|
1664
1665
|
"""
|
1665
1666
|
return pulumi.get(self, "server_flag")
|
1666
1667
|
|
1667
1668
|
@server_flag.setter
|
1668
|
-
def server_flag(self, value: Optional[pulumi.Input[bool]]):
|
1669
|
+
def server_flag(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1669
1670
|
pulumi.set(self, "server_flag", value)
|
1670
1671
|
|
1671
1672
|
@property
|
1672
1673
|
@pulumi.getter(name="signatureBits")
|
1673
|
-
def signature_bits(self) -> Optional[pulumi.Input[int]]:
|
1674
|
+
def signature_bits(self) -> Optional[pulumi.Input[builtins.int]]:
|
1674
1675
|
"""
|
1675
1676
|
The number of bits to use in the signature algorithm
|
1676
1677
|
"""
|
1677
1678
|
return pulumi.get(self, "signature_bits")
|
1678
1679
|
|
1679
1680
|
@signature_bits.setter
|
1680
|
-
def signature_bits(self, value: Optional[pulumi.Input[int]]):
|
1681
|
+
def signature_bits(self, value: Optional[pulumi.Input[builtins.int]]):
|
1681
1682
|
pulumi.set(self, "signature_bits", value)
|
1682
1683
|
|
1683
1684
|
@property
|
1684
1685
|
@pulumi.getter(name="streetAddresses")
|
1685
|
-
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
1686
|
+
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
1686
1687
|
"""
|
1687
1688
|
The street address of generated certificates
|
1688
1689
|
"""
|
1689
1690
|
return pulumi.get(self, "street_addresses")
|
1690
1691
|
|
1691
1692
|
@street_addresses.setter
|
1692
|
-
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
1693
|
+
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
1693
1694
|
pulumi.set(self, "street_addresses", value)
|
1694
1695
|
|
1695
1696
|
@property
|
1696
1697
|
@pulumi.getter
|
1697
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
1698
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
1698
1699
|
"""
|
1699
1700
|
The TTL, in seconds, for any certificate issued against this role.
|
1700
1701
|
"""
|
1701
1702
|
return pulumi.get(self, "ttl")
|
1702
1703
|
|
1703
1704
|
@ttl.setter
|
1704
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
1705
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
1705
1706
|
pulumi.set(self, "ttl", value)
|
1706
1707
|
|
1707
1708
|
@property
|
1708
1709
|
@pulumi.getter(name="useCsrCommonName")
|
1709
|
-
def use_csr_common_name(self) -> Optional[pulumi.Input[bool]]:
|
1710
|
+
def use_csr_common_name(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1710
1711
|
"""
|
1711
1712
|
Flag to use the CN in the CSR
|
1712
1713
|
"""
|
1713
1714
|
return pulumi.get(self, "use_csr_common_name")
|
1714
1715
|
|
1715
1716
|
@use_csr_common_name.setter
|
1716
|
-
def use_csr_common_name(self, value: Optional[pulumi.Input[bool]]):
|
1717
|
+
def use_csr_common_name(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1717
1718
|
pulumi.set(self, "use_csr_common_name", value)
|
1718
1719
|
|
1719
1720
|
@property
|
1720
1721
|
@pulumi.getter(name="useCsrSans")
|
1721
|
-
def use_csr_sans(self) -> Optional[pulumi.Input[bool]]:
|
1722
|
+
def use_csr_sans(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1722
1723
|
"""
|
1723
1724
|
Flag to use the SANs in the CSR
|
1724
1725
|
"""
|
1725
1726
|
return pulumi.get(self, "use_csr_sans")
|
1726
1727
|
|
1727
1728
|
@use_csr_sans.setter
|
1728
|
-
def use_csr_sans(self, value: Optional[pulumi.Input[bool]]):
|
1729
|
+
def use_csr_sans(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1729
1730
|
pulumi.set(self, "use_csr_sans", value)
|
1730
1731
|
|
1731
1732
|
@property
|
1732
1733
|
@pulumi.getter(name="usePss")
|
1733
|
-
def use_pss(self) -> Optional[pulumi.Input[bool]]:
|
1734
|
+
def use_pss(self) -> Optional[pulumi.Input[builtins.bool]]:
|
1734
1735
|
"""
|
1735
1736
|
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
1736
1737
|
"""
|
1737
1738
|
return pulumi.get(self, "use_pss")
|
1738
1739
|
|
1739
1740
|
@use_pss.setter
|
1740
|
-
def use_pss(self, value: Optional[pulumi.Input[bool]]):
|
1741
|
+
def use_pss(self, value: Optional[pulumi.Input[builtins.bool]]):
|
1741
1742
|
pulumi.set(self, "use_pss", value)
|
1742
1743
|
|
1743
1744
|
|
@@ -1746,58 +1747,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1746
1747
|
def __init__(__self__,
|
1747
1748
|
resource_name: str,
|
1748
1749
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1749
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
1750
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1751
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
1752
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
1753
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
1754
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1755
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
1756
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1757
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1758
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1759
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1760
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1761
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
1762
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1763
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1764
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
1765
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
1766
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1767
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
1768
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1769
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
1770
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
1771
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1772
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1773
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
1774
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
1775
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
1776
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1777
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1778
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1779
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1780
|
-
name: Optional[pulumi.Input[str]] = None,
|
1781
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1782
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
1783
|
-
no_store_metadata: Optional[pulumi.Input[bool]] = None,
|
1784
|
-
not_after: Optional[pulumi.Input[str]] = None,
|
1785
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
1786
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1787
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1750
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
1751
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1752
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1753
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1754
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
1755
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
1756
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1757
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1758
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1759
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1760
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1761
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1762
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1763
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1764
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1765
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
1766
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1767
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1768
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1769
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1770
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1771
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
1772
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1773
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1774
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
1775
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1776
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1777
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
1778
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1779
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1780
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1781
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1782
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1783
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1784
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1785
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1786
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1787
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1788
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1788
1789
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
1789
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1790
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1791
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1792
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
1793
|
-
serial_number_source: Optional[pulumi.Input[str]] = None,
|
1794
|
-
server_flag: Optional[pulumi.Input[bool]] = None,
|
1795
|
-
signature_bits: Optional[pulumi.Input[int]] = None,
|
1796
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1797
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
1798
|
-
use_csr_common_name: Optional[pulumi.Input[bool]] = None,
|
1799
|
-
use_csr_sans: Optional[pulumi.Input[bool]] = None,
|
1800
|
-
use_pss: Optional[pulumi.Input[bool]] = None,
|
1790
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1791
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1792
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1793
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
1794
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
1795
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1796
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1797
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1798
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1799
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
1800
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1801
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None,
|
1801
1802
|
__props__=None):
|
1802
1803
|
"""
|
1803
1804
|
Creates a role on an PKI Secret Backend for Vault.
|
@@ -1837,69 +1838,69 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1837
1838
|
|
1838
1839
|
:param str resource_name: The name of the resource.
|
1839
1840
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1840
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
1841
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
1842
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
1843
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
1844
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
1845
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
1846
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
1847
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
1848
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1849
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
1850
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
1851
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
1852
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1853
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
1854
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1855
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
1856
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
1857
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1858
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
1859
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
1860
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
1861
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
1862
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
1863
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
1864
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
1865
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
1841
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
1842
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
1843
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
1844
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
1845
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
1846
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
1847
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
1848
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
1849
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1850
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
1851
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
1852
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
1853
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
1854
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
1855
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
1856
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
1857
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
1858
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
1859
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
1860
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
1861
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
1862
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
1863
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
1864
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
1865
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
1866
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
1866
1867
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
1867
1868
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
1868
1869
|
overriding the role's `issuer_ref` value.
|
1869
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
1870
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1870
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
1871
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
1871
1872
|
Defaults to `rsa`
|
1872
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
1873
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
1873
1874
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
1874
1875
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
1875
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
1876
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
1877
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
1878
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1876
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
1877
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
1878
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
1879
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1879
1880
|
The value should not contain leading or trailing forward slashes.
|
1880
1881
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1881
1882
|
*Available only for Vault Enterprise*.
|
1882
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
1883
|
-
:param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
1884
|
-
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1885
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
1886
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
|
1887
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
|
1883
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
1884
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
1885
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
1886
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
1887
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
1888
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
1888
1889
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
1889
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1890
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
1891
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
1892
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
1893
|
-
:param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
1890
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
1891
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
1892
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
1893
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
1894
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
1894
1895
|
|
1895
1896
|
Example usage:
|
1896
|
-
:param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
|
1897
|
-
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
1898
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
|
1899
|
-
:param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
1900
|
-
:param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
|
1901
|
-
:param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
|
1902
|
-
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
1897
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
1898
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
1899
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
1900
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
1901
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
1902
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
1903
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
1903
1904
|
"""
|
1904
1905
|
...
|
1905
1906
|
@overload
|
@@ -1958,58 +1959,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1958
1959
|
def _internal_init(__self__,
|
1959
1960
|
resource_name: str,
|
1960
1961
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1961
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
1962
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1963
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
1964
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
1965
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
1966
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1967
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
1968
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1969
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1970
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1971
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1972
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1973
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
1974
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1975
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1976
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
1977
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
1978
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1979
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
1980
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1981
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
1982
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
1983
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1984
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1985
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
1986
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
1987
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
1988
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1989
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1990
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1991
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1992
|
-
name: Optional[pulumi.Input[str]] = None,
|
1993
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1994
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
1995
|
-
no_store_metadata: Optional[pulumi.Input[bool]] = None,
|
1996
|
-
not_after: Optional[pulumi.Input[str]] = None,
|
1997
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
1998
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1999
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1962
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
1963
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1964
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1965
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
1966
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
1967
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
1968
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1969
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1970
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1971
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1972
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1973
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1974
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1975
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1976
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1977
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
1978
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1979
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1980
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1981
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1982
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
1983
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
1984
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1985
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1986
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
1987
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
1988
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
1989
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
1990
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1991
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1992
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1993
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1994
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1995
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1996
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1997
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
1998
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1999
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2000
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2000
2001
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
2001
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2002
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2003
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2004
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
2005
|
-
serial_number_source: Optional[pulumi.Input[str]] = None,
|
2006
|
-
server_flag: Optional[pulumi.Input[bool]] = None,
|
2007
|
-
signature_bits: Optional[pulumi.Input[int]] = None,
|
2008
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2009
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
2010
|
-
use_csr_common_name: Optional[pulumi.Input[bool]] = None,
|
2011
|
-
use_csr_sans: Optional[pulumi.Input[bool]] = None,
|
2012
|
-
use_pss: Optional[pulumi.Input[bool]] = None,
|
2002
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2003
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2004
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2005
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
2006
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
2007
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2008
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
2009
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2010
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
2011
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
2012
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
2013
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None,
|
2013
2014
|
__props__=None):
|
2014
2015
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
2015
2016
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -2083,58 +2084,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2083
2084
|
def get(resource_name: str,
|
2084
2085
|
id: pulumi.Input[str],
|
2085
2086
|
opts: Optional[pulumi.ResourceOptions] = None,
|
2086
|
-
allow_any_name: Optional[pulumi.Input[bool]] = None,
|
2087
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
2088
|
-
allow_glob_domains: Optional[pulumi.Input[bool]] = None,
|
2089
|
-
allow_ip_sans: Optional[pulumi.Input[bool]] = None,
|
2090
|
-
allow_localhost: Optional[pulumi.Input[bool]] = None,
|
2091
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
2092
|
-
allow_wildcard_certificates: Optional[pulumi.Input[bool]] = None,
|
2093
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2094
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
2095
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2096
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2097
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2098
|
-
allowed_uri_sans_template: Optional[pulumi.Input[bool]] = None,
|
2099
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2100
|
-
backend: Optional[pulumi.Input[str]] = None,
|
2101
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[bool]] = None,
|
2102
|
-
client_flag: Optional[pulumi.Input[bool]] = None,
|
2103
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2104
|
-
code_signing_flag: Optional[pulumi.Input[bool]] = None,
|
2105
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2106
|
-
email_protection_flag: Optional[pulumi.Input[bool]] = None,
|
2107
|
-
enforce_hostnames: Optional[pulumi.Input[bool]] = None,
|
2108
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2109
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2110
|
-
generate_lease: Optional[pulumi.Input[bool]] = None,
|
2111
|
-
issuer_ref: Optional[pulumi.Input[str]] = None,
|
2112
|
-
key_bits: Optional[pulumi.Input[int]] = None,
|
2113
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
2114
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2115
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2116
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
2117
|
-
name: Optional[pulumi.Input[str]] = None,
|
2118
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
2119
|
-
no_store: Optional[pulumi.Input[bool]] = None,
|
2120
|
-
no_store_metadata: Optional[pulumi.Input[bool]] = None,
|
2121
|
-
not_after: Optional[pulumi.Input[str]] = None,
|
2122
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
2123
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2124
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2087
|
+
allow_any_name: Optional[pulumi.Input[builtins.bool]] = None,
|
2088
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
2089
|
+
allow_glob_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
2090
|
+
allow_ip_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
2091
|
+
allow_localhost: Optional[pulumi.Input[builtins.bool]] = None,
|
2092
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
2093
|
+
allow_wildcard_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
2094
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2095
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
2096
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2097
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2098
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2099
|
+
allowed_uri_sans_template: Optional[pulumi.Input[builtins.bool]] = None,
|
2100
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2101
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
2102
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[builtins.bool]] = None,
|
2103
|
+
client_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2104
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2105
|
+
code_signing_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2106
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2107
|
+
email_protection_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2108
|
+
enforce_hostnames: Optional[pulumi.Input[builtins.bool]] = None,
|
2109
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2110
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2111
|
+
generate_lease: Optional[pulumi.Input[builtins.bool]] = None,
|
2112
|
+
issuer_ref: Optional[pulumi.Input[builtins.str]] = None,
|
2113
|
+
key_bits: Optional[pulumi.Input[builtins.int]] = None,
|
2114
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
2115
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2116
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2117
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
2118
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
2119
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
2120
|
+
no_store: Optional[pulumi.Input[builtins.bool]] = None,
|
2121
|
+
no_store_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
2122
|
+
not_after: Optional[pulumi.Input[builtins.str]] = None,
|
2123
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
2124
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2125
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2125
2126
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
2126
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2127
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2128
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2129
|
-
require_cn: Optional[pulumi.Input[bool]] = None,
|
2130
|
-
serial_number_source: Optional[pulumi.Input[str]] = None,
|
2131
|
-
server_flag: Optional[pulumi.Input[bool]] = None,
|
2132
|
-
signature_bits: Optional[pulumi.Input[int]] = None,
|
2133
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
2134
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
2135
|
-
use_csr_common_name: Optional[pulumi.Input[bool]] = None,
|
2136
|
-
use_csr_sans: Optional[pulumi.Input[bool]] = None,
|
2137
|
-
use_pss: Optional[pulumi.Input[bool]] = None) -> 'SecretBackendRole':
|
2127
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2128
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2129
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2130
|
+
require_cn: Optional[pulumi.Input[builtins.bool]] = None,
|
2131
|
+
serial_number_source: Optional[pulumi.Input[builtins.str]] = None,
|
2132
|
+
server_flag: Optional[pulumi.Input[builtins.bool]] = None,
|
2133
|
+
signature_bits: Optional[pulumi.Input[builtins.int]] = None,
|
2134
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
2135
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
2136
|
+
use_csr_common_name: Optional[pulumi.Input[builtins.bool]] = None,
|
2137
|
+
use_csr_sans: Optional[pulumi.Input[builtins.bool]] = None,
|
2138
|
+
use_pss: Optional[pulumi.Input[builtins.bool]] = None) -> 'SecretBackendRole':
|
2138
2139
|
"""
|
2139
2140
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
2140
2141
|
properties used to qualify the lookup.
|
@@ -2142,69 +2143,69 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2142
2143
|
:param str resource_name: The unique name of the resulting resource.
|
2143
2144
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
2144
2145
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
2145
|
-
:param pulumi.Input[bool] allow_any_name: Flag to allow any name
|
2146
|
-
:param pulumi.Input[bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
2147
|
-
:param pulumi.Input[bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
2148
|
-
:param pulumi.Input[bool] allow_ip_sans: Flag to allow IP SANs
|
2149
|
-
:param pulumi.Input[bool] allow_localhost: Flag to allow certificates for localhost
|
2150
|
-
:param pulumi.Input[bool] allow_subdomains: Flag to allow certificates matching subdomains
|
2151
|
-
:param pulumi.Input[bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
2152
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_domains: List of allowed domains for certificates
|
2153
|
-
:param pulumi.Input[bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2154
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_other_sans: Defines allowed custom SANs
|
2155
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
2156
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Defines allowed URI SANs
|
2157
|
-
:param pulumi.Input[bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2158
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_user_ids: Defines allowed User IDs
|
2159
|
-
:param pulumi.Input[str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
2160
|
-
:param pulumi.Input[bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
2161
|
-
:param pulumi.Input[bool] client_flag: Flag to specify certificates for client use
|
2162
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
2163
|
-
:param pulumi.Input[bool] code_signing_flag: Flag to specify certificates for code signing use
|
2164
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] countries: The country of generated certificates
|
2165
|
-
:param pulumi.Input[bool] email_protection_flag: Flag to specify certificates for email protection use
|
2166
|
-
:param pulumi.Input[bool] enforce_hostnames: Flag to allow only valid host names
|
2167
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
2168
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
2169
|
-
:param pulumi.Input[bool] generate_lease: Flag to generate leases with certificates
|
2170
|
-
:param pulumi.Input[str] issuer_ref: Specifies the default issuer of this request. May
|
2146
|
+
:param pulumi.Input[builtins.bool] allow_any_name: Flag to allow any name
|
2147
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
2148
|
+
:param pulumi.Input[builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
2149
|
+
:param pulumi.Input[builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
2150
|
+
:param pulumi.Input[builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
2151
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
2152
|
+
:param pulumi.Input[builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
2153
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_domains: List of allowed domains for certificates
|
2154
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2155
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
2156
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
2157
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
2158
|
+
:param pulumi.Input[builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2159
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
2160
|
+
:param pulumi.Input[builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
2161
|
+
:param pulumi.Input[builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
2162
|
+
:param pulumi.Input[builtins.bool] client_flag: Flag to specify certificates for client use
|
2163
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
2164
|
+
:param pulumi.Input[builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
2165
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] countries: The country of generated certificates
|
2166
|
+
:param pulumi.Input[builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
2167
|
+
:param pulumi.Input[builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
2168
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
2169
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
2170
|
+
:param pulumi.Input[builtins.bool] generate_lease: Flag to generate leases with certificates
|
2171
|
+
:param pulumi.Input[builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
2171
2172
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
2172
2173
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
2173
2174
|
overriding the role's `issuer_ref` value.
|
2174
|
-
:param pulumi.Input[int] key_bits: The number of bits of generated keys
|
2175
|
-
:param pulumi.Input[str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
2175
|
+
:param pulumi.Input[builtins.int] key_bits: The number of bits of generated keys
|
2176
|
+
:param pulumi.Input[builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
2176
2177
|
Defaults to `rsa`
|
2177
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] key_usages: Specify the allowed key usage constraint on issued
|
2178
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
2178
2179
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
2179
2180
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
2180
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] localities: The locality of generated certificates
|
2181
|
-
:param pulumi.Input[str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
2182
|
-
:param pulumi.Input[str] name: The name to identify this role within the backend. Must be unique within the backend.
|
2183
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
2181
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] localities: The locality of generated certificates
|
2182
|
+
:param pulumi.Input[builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
2183
|
+
:param pulumi.Input[builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
2184
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
2184
2185
|
The value should not contain leading or trailing forward slashes.
|
2185
2186
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
2186
2187
|
*Available only for Vault Enterprise*.
|
2187
|
-
:param pulumi.Input[bool] no_store: Flag to not store certificates in the storage backend
|
2188
|
-
:param pulumi.Input[bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
2189
|
-
:param pulumi.Input[str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
2190
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
2191
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organization_unit: The organization unit of generated certificates
|
2192
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] organizations: The organization of generated certificates
|
2188
|
+
:param pulumi.Input[builtins.bool] no_store: Flag to not store certificates in the storage backend
|
2189
|
+
:param pulumi.Input[builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
2190
|
+
:param pulumi.Input[builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
2191
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
2192
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organization_unit: The organization unit of generated certificates
|
2193
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] organizations: The organization of generated certificates
|
2193
2194
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
2194
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
2195
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] postal_codes: The postal code of generated certificates
|
2196
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] provinces: The province of generated certificates
|
2197
|
-
:param pulumi.Input[bool] require_cn: Flag to force CN usage
|
2198
|
-
:param pulumi.Input[str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
2195
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
2196
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] postal_codes: The postal code of generated certificates
|
2197
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] provinces: The province of generated certificates
|
2198
|
+
:param pulumi.Input[builtins.bool] require_cn: Flag to force CN usage
|
2199
|
+
:param pulumi.Input[builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
2199
2200
|
|
2200
2201
|
Example usage:
|
2201
|
-
:param pulumi.Input[bool] server_flag: Flag to specify certificates for server use
|
2202
|
-
:param pulumi.Input[int] signature_bits: The number of bits to use in the signature algorithm
|
2203
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] street_addresses: The street address of generated certificates
|
2204
|
-
:param pulumi.Input[str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
2205
|
-
:param pulumi.Input[bool] use_csr_common_name: Flag to use the CN in the CSR
|
2206
|
-
:param pulumi.Input[bool] use_csr_sans: Flag to use the SANs in the CSR
|
2207
|
-
:param pulumi.Input[bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
2202
|
+
:param pulumi.Input[builtins.bool] server_flag: Flag to specify certificates for server use
|
2203
|
+
:param pulumi.Input[builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
2204
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] street_addresses: The street address of generated certificates
|
2205
|
+
:param pulumi.Input[builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
2206
|
+
:param pulumi.Input[builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
2207
|
+
:param pulumi.Input[builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
2208
|
+
:param pulumi.Input[builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
2208
2209
|
"""
|
2209
2210
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
2210
2211
|
|
@@ -2266,7 +2267,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2266
2267
|
|
2267
2268
|
@property
|
2268
2269
|
@pulumi.getter(name="allowAnyName")
|
2269
|
-
def allow_any_name(self) -> pulumi.Output[Optional[bool]]:
|
2270
|
+
def allow_any_name(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2270
2271
|
"""
|
2271
2272
|
Flag to allow any name
|
2272
2273
|
"""
|
@@ -2274,7 +2275,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2274
2275
|
|
2275
2276
|
@property
|
2276
2277
|
@pulumi.getter(name="allowBareDomains")
|
2277
|
-
def allow_bare_domains(self) -> pulumi.Output[Optional[bool]]:
|
2278
|
+
def allow_bare_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2278
2279
|
"""
|
2279
2280
|
Flag to allow certificates matching the actual domain
|
2280
2281
|
"""
|
@@ -2282,7 +2283,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2282
2283
|
|
2283
2284
|
@property
|
2284
2285
|
@pulumi.getter(name="allowGlobDomains")
|
2285
|
-
def allow_glob_domains(self) -> pulumi.Output[Optional[bool]]:
|
2286
|
+
def allow_glob_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2286
2287
|
"""
|
2287
2288
|
Flag to allow names containing glob patterns.
|
2288
2289
|
"""
|
@@ -2290,7 +2291,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2290
2291
|
|
2291
2292
|
@property
|
2292
2293
|
@pulumi.getter(name="allowIpSans")
|
2293
|
-
def allow_ip_sans(self) -> pulumi.Output[Optional[bool]]:
|
2294
|
+
def allow_ip_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2294
2295
|
"""
|
2295
2296
|
Flag to allow IP SANs
|
2296
2297
|
"""
|
@@ -2298,7 +2299,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2298
2299
|
|
2299
2300
|
@property
|
2300
2301
|
@pulumi.getter(name="allowLocalhost")
|
2301
|
-
def allow_localhost(self) -> pulumi.Output[Optional[bool]]:
|
2302
|
+
def allow_localhost(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2302
2303
|
"""
|
2303
2304
|
Flag to allow certificates for localhost
|
2304
2305
|
"""
|
@@ -2306,7 +2307,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2306
2307
|
|
2307
2308
|
@property
|
2308
2309
|
@pulumi.getter(name="allowSubdomains")
|
2309
|
-
def allow_subdomains(self) -> pulumi.Output[Optional[bool]]:
|
2310
|
+
def allow_subdomains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2310
2311
|
"""
|
2311
2312
|
Flag to allow certificates matching subdomains
|
2312
2313
|
"""
|
@@ -2314,7 +2315,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2314
2315
|
|
2315
2316
|
@property
|
2316
2317
|
@pulumi.getter(name="allowWildcardCertificates")
|
2317
|
-
def allow_wildcard_certificates(self) -> pulumi.Output[Optional[bool]]:
|
2318
|
+
def allow_wildcard_certificates(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2318
2319
|
"""
|
2319
2320
|
Flag to allow wildcard certificates.
|
2320
2321
|
"""
|
@@ -2322,7 +2323,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2322
2323
|
|
2323
2324
|
@property
|
2324
2325
|
@pulumi.getter(name="allowedDomains")
|
2325
|
-
def allowed_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2326
|
+
def allowed_domains(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2326
2327
|
"""
|
2327
2328
|
List of allowed domains for certificates
|
2328
2329
|
"""
|
@@ -2330,7 +2331,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2330
2331
|
|
2331
2332
|
@property
|
2332
2333
|
@pulumi.getter(name="allowedDomainsTemplate")
|
2333
|
-
def allowed_domains_template(self) -> pulumi.Output[Optional[bool]]:
|
2334
|
+
def allowed_domains_template(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2334
2335
|
"""
|
2335
2336
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2336
2337
|
"""
|
@@ -2338,7 +2339,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2338
2339
|
|
2339
2340
|
@property
|
2340
2341
|
@pulumi.getter(name="allowedOtherSans")
|
2341
|
-
def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2342
|
+
def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2342
2343
|
"""
|
2343
2344
|
Defines allowed custom SANs
|
2344
2345
|
"""
|
@@ -2346,7 +2347,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2346
2347
|
|
2347
2348
|
@property
|
2348
2349
|
@pulumi.getter(name="allowedSerialNumbers")
|
2349
|
-
def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2350
|
+
def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2350
2351
|
"""
|
2351
2352
|
An array of allowed serial numbers to put in Subject
|
2352
2353
|
"""
|
@@ -2354,7 +2355,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2354
2355
|
|
2355
2356
|
@property
|
2356
2357
|
@pulumi.getter(name="allowedUriSans")
|
2357
|
-
def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2358
|
+
def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2358
2359
|
"""
|
2359
2360
|
Defines allowed URI SANs
|
2360
2361
|
"""
|
@@ -2362,7 +2363,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2362
2363
|
|
2363
2364
|
@property
|
2364
2365
|
@pulumi.getter(name="allowedUriSansTemplate")
|
2365
|
-
def allowed_uri_sans_template(self) -> pulumi.Output[bool]:
|
2366
|
+
def allowed_uri_sans_template(self) -> pulumi.Output[builtins.bool]:
|
2366
2367
|
"""
|
2367
2368
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
2368
2369
|
"""
|
@@ -2370,7 +2371,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2370
2371
|
|
2371
2372
|
@property
|
2372
2373
|
@pulumi.getter(name="allowedUserIds")
|
2373
|
-
def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2374
|
+
def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2374
2375
|
"""
|
2375
2376
|
Defines allowed User IDs
|
2376
2377
|
"""
|
@@ -2378,7 +2379,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2378
2379
|
|
2379
2380
|
@property
|
2380
2381
|
@pulumi.getter
|
2381
|
-
def backend(self) -> pulumi.Output[str]:
|
2382
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
2382
2383
|
"""
|
2383
2384
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
2384
2385
|
"""
|
@@ -2386,7 +2387,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2386
2387
|
|
2387
2388
|
@property
|
2388
2389
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
2389
|
-
def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[bool]]:
|
2390
|
+
def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2390
2391
|
"""
|
2391
2392
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
2392
2393
|
"""
|
@@ -2394,7 +2395,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2394
2395
|
|
2395
2396
|
@property
|
2396
2397
|
@pulumi.getter(name="clientFlag")
|
2397
|
-
def client_flag(self) -> pulumi.Output[Optional[bool]]:
|
2398
|
+
def client_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2398
2399
|
"""
|
2399
2400
|
Flag to specify certificates for client use
|
2400
2401
|
"""
|
@@ -2402,7 +2403,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2402
2403
|
|
2403
2404
|
@property
|
2404
2405
|
@pulumi.getter(name="cnValidations")
|
2405
|
-
def cn_validations(self) -> pulumi.Output[Sequence[str]]:
|
2406
|
+
def cn_validations(self) -> pulumi.Output[Sequence[builtins.str]]:
|
2406
2407
|
"""
|
2407
2408
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
2408
2409
|
"""
|
@@ -2410,7 +2411,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2410
2411
|
|
2411
2412
|
@property
|
2412
2413
|
@pulumi.getter(name="codeSigningFlag")
|
2413
|
-
def code_signing_flag(self) -> pulumi.Output[Optional[bool]]:
|
2414
|
+
def code_signing_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2414
2415
|
"""
|
2415
2416
|
Flag to specify certificates for code signing use
|
2416
2417
|
"""
|
@@ -2418,7 +2419,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2418
2419
|
|
2419
2420
|
@property
|
2420
2421
|
@pulumi.getter
|
2421
|
-
def countries(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2422
|
+
def countries(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2422
2423
|
"""
|
2423
2424
|
The country of generated certificates
|
2424
2425
|
"""
|
@@ -2426,7 +2427,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2426
2427
|
|
2427
2428
|
@property
|
2428
2429
|
@pulumi.getter(name="emailProtectionFlag")
|
2429
|
-
def email_protection_flag(self) -> pulumi.Output[Optional[bool]]:
|
2430
|
+
def email_protection_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2430
2431
|
"""
|
2431
2432
|
Flag to specify certificates for email protection use
|
2432
2433
|
"""
|
@@ -2434,7 +2435,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2434
2435
|
|
2435
2436
|
@property
|
2436
2437
|
@pulumi.getter(name="enforceHostnames")
|
2437
|
-
def enforce_hostnames(self) -> pulumi.Output[Optional[bool]]:
|
2438
|
+
def enforce_hostnames(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2438
2439
|
"""
|
2439
2440
|
Flag to allow only valid host names
|
2440
2441
|
"""
|
@@ -2442,7 +2443,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2442
2443
|
|
2443
2444
|
@property
|
2444
2445
|
@pulumi.getter(name="extKeyUsageOids")
|
2445
|
-
def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2446
|
+
def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2446
2447
|
"""
|
2447
2448
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
2448
2449
|
"""
|
@@ -2450,7 +2451,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2450
2451
|
|
2451
2452
|
@property
|
2452
2453
|
@pulumi.getter(name="extKeyUsages")
|
2453
|
-
def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2454
|
+
def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2454
2455
|
"""
|
2455
2456
|
Specify the allowed extended key usage constraint on issued certificates
|
2456
2457
|
"""
|
@@ -2458,7 +2459,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2458
2459
|
|
2459
2460
|
@property
|
2460
2461
|
@pulumi.getter(name="generateLease")
|
2461
|
-
def generate_lease(self) -> pulumi.Output[Optional[bool]]:
|
2462
|
+
def generate_lease(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2462
2463
|
"""
|
2463
2464
|
Flag to generate leases with certificates
|
2464
2465
|
"""
|
@@ -2466,7 +2467,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2466
2467
|
|
2467
2468
|
@property
|
2468
2469
|
@pulumi.getter(name="issuerRef")
|
2469
|
-
def issuer_ref(self) -> pulumi.Output[str]:
|
2470
|
+
def issuer_ref(self) -> pulumi.Output[builtins.str]:
|
2470
2471
|
"""
|
2471
2472
|
Specifies the default issuer of this request. May
|
2472
2473
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
@@ -2477,7 +2478,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2477
2478
|
|
2478
2479
|
@property
|
2479
2480
|
@pulumi.getter(name="keyBits")
|
2480
|
-
def key_bits(self) -> pulumi.Output[Optional[int]]:
|
2481
|
+
def key_bits(self) -> pulumi.Output[Optional[builtins.int]]:
|
2481
2482
|
"""
|
2482
2483
|
The number of bits of generated keys
|
2483
2484
|
"""
|
@@ -2485,7 +2486,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2485
2486
|
|
2486
2487
|
@property
|
2487
2488
|
@pulumi.getter(name="keyType")
|
2488
|
-
def key_type(self) -> pulumi.Output[Optional[str]]:
|
2489
|
+
def key_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
2489
2490
|
"""
|
2490
2491
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
2491
2492
|
Defaults to `rsa`
|
@@ -2494,7 +2495,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2494
2495
|
|
2495
2496
|
@property
|
2496
2497
|
@pulumi.getter(name="keyUsages")
|
2497
|
-
def key_usages(self) -> pulumi.Output[Sequence[str]]:
|
2498
|
+
def key_usages(self) -> pulumi.Output[Sequence[builtins.str]]:
|
2498
2499
|
"""
|
2499
2500
|
Specify the allowed key usage constraint on issued
|
2500
2501
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
@@ -2504,7 +2505,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2504
2505
|
|
2505
2506
|
@property
|
2506
2507
|
@pulumi.getter
|
2507
|
-
def localities(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2508
|
+
def localities(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2508
2509
|
"""
|
2509
2510
|
The locality of generated certificates
|
2510
2511
|
"""
|
@@ -2512,7 +2513,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2512
2513
|
|
2513
2514
|
@property
|
2514
2515
|
@pulumi.getter(name="maxTtl")
|
2515
|
-
def max_ttl(self) -> pulumi.Output[str]:
|
2516
|
+
def max_ttl(self) -> pulumi.Output[builtins.str]:
|
2516
2517
|
"""
|
2517
2518
|
The maximum lease TTL, in seconds, for the role.
|
2518
2519
|
"""
|
@@ -2520,7 +2521,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2520
2521
|
|
2521
2522
|
@property
|
2522
2523
|
@pulumi.getter
|
2523
|
-
def name(self) -> pulumi.Output[str]:
|
2524
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
2524
2525
|
"""
|
2525
2526
|
The name to identify this role within the backend. Must be unique within the backend.
|
2526
2527
|
"""
|
@@ -2528,7 +2529,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2528
2529
|
|
2529
2530
|
@property
|
2530
2531
|
@pulumi.getter
|
2531
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
2532
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
2532
2533
|
"""
|
2533
2534
|
The namespace to provision the resource in.
|
2534
2535
|
The value should not contain leading or trailing forward slashes.
|
@@ -2539,7 +2540,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2539
2540
|
|
2540
2541
|
@property
|
2541
2542
|
@pulumi.getter(name="noStore")
|
2542
|
-
def no_store(self) -> pulumi.Output[Optional[bool]]:
|
2543
|
+
def no_store(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2543
2544
|
"""
|
2544
2545
|
Flag to not store certificates in the storage backend
|
2545
2546
|
"""
|
@@ -2547,7 +2548,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2547
2548
|
|
2548
2549
|
@property
|
2549
2550
|
@pulumi.getter(name="noStoreMetadata")
|
2550
|
-
def no_store_metadata(self) -> pulumi.Output[Optional[bool]]:
|
2551
|
+
def no_store_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2551
2552
|
"""
|
2552
2553
|
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
2553
2554
|
"""
|
@@ -2555,7 +2556,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2555
2556
|
|
2556
2557
|
@property
|
2557
2558
|
@pulumi.getter(name="notAfter")
|
2558
|
-
def not_after(self) -> pulumi.Output[Optional[str]]:
|
2559
|
+
def not_after(self) -> pulumi.Output[Optional[builtins.str]]:
|
2559
2560
|
"""
|
2560
2561
|
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
2561
2562
|
"""
|
@@ -2563,7 +2564,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2563
2564
|
|
2564
2565
|
@property
|
2565
2566
|
@pulumi.getter(name="notBeforeDuration")
|
2566
|
-
def not_before_duration(self) -> pulumi.Output[str]:
|
2567
|
+
def not_before_duration(self) -> pulumi.Output[builtins.str]:
|
2567
2568
|
"""
|
2568
2569
|
Specifies the duration by which to backdate the NotBefore property.
|
2569
2570
|
"""
|
@@ -2571,7 +2572,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2571
2572
|
|
2572
2573
|
@property
|
2573
2574
|
@pulumi.getter(name="organizationUnit")
|
2574
|
-
def organization_unit(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2575
|
+
def organization_unit(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2575
2576
|
"""
|
2576
2577
|
The organization unit of generated certificates
|
2577
2578
|
"""
|
@@ -2579,7 +2580,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2579
2580
|
|
2580
2581
|
@property
|
2581
2582
|
@pulumi.getter
|
2582
|
-
def organizations(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2583
|
+
def organizations(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2583
2584
|
"""
|
2584
2585
|
The organization of generated certificates
|
2585
2586
|
"""
|
@@ -2595,7 +2596,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2595
2596
|
|
2596
2597
|
@property
|
2597
2598
|
@pulumi.getter(name="policyIdentifiers")
|
2598
|
-
def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2599
|
+
def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2599
2600
|
"""
|
2600
2601
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
2601
2602
|
"""
|
@@ -2603,7 +2604,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2603
2604
|
|
2604
2605
|
@property
|
2605
2606
|
@pulumi.getter(name="postalCodes")
|
2606
|
-
def postal_codes(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2607
|
+
def postal_codes(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2607
2608
|
"""
|
2608
2609
|
The postal code of generated certificates
|
2609
2610
|
"""
|
@@ -2611,7 +2612,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2611
2612
|
|
2612
2613
|
@property
|
2613
2614
|
@pulumi.getter
|
2614
|
-
def provinces(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2615
|
+
def provinces(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2615
2616
|
"""
|
2616
2617
|
The province of generated certificates
|
2617
2618
|
"""
|
@@ -2619,7 +2620,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2619
2620
|
|
2620
2621
|
@property
|
2621
2622
|
@pulumi.getter(name="requireCn")
|
2622
|
-
def require_cn(self) -> pulumi.Output[Optional[bool]]:
|
2623
|
+
def require_cn(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2623
2624
|
"""
|
2624
2625
|
Flag to force CN usage
|
2625
2626
|
"""
|
@@ -2627,7 +2628,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2627
2628
|
|
2628
2629
|
@property
|
2629
2630
|
@pulumi.getter(name="serialNumberSource")
|
2630
|
-
def serial_number_source(self) -> pulumi.Output[str]:
|
2631
|
+
def serial_number_source(self) -> pulumi.Output[builtins.str]:
|
2631
2632
|
"""
|
2632
2633
|
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
2633
2634
|
|
@@ -2637,7 +2638,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2637
2638
|
|
2638
2639
|
@property
|
2639
2640
|
@pulumi.getter(name="serverFlag")
|
2640
|
-
def server_flag(self) -> pulumi.Output[Optional[bool]]:
|
2641
|
+
def server_flag(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2641
2642
|
"""
|
2642
2643
|
Flag to specify certificates for server use
|
2643
2644
|
"""
|
@@ -2645,7 +2646,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2645
2646
|
|
2646
2647
|
@property
|
2647
2648
|
@pulumi.getter(name="signatureBits")
|
2648
|
-
def signature_bits(self) -> pulumi.Output[int]:
|
2649
|
+
def signature_bits(self) -> pulumi.Output[builtins.int]:
|
2649
2650
|
"""
|
2650
2651
|
The number of bits to use in the signature algorithm
|
2651
2652
|
"""
|
@@ -2653,7 +2654,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2653
2654
|
|
2654
2655
|
@property
|
2655
2656
|
@pulumi.getter(name="streetAddresses")
|
2656
|
-
def street_addresses(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
2657
|
+
def street_addresses(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
2657
2658
|
"""
|
2658
2659
|
The street address of generated certificates
|
2659
2660
|
"""
|
@@ -2661,7 +2662,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2661
2662
|
|
2662
2663
|
@property
|
2663
2664
|
@pulumi.getter
|
2664
|
-
def ttl(self) -> pulumi.Output[str]:
|
2665
|
+
def ttl(self) -> pulumi.Output[builtins.str]:
|
2665
2666
|
"""
|
2666
2667
|
The TTL, in seconds, for any certificate issued against this role.
|
2667
2668
|
"""
|
@@ -2669,7 +2670,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2669
2670
|
|
2670
2671
|
@property
|
2671
2672
|
@pulumi.getter(name="useCsrCommonName")
|
2672
|
-
def use_csr_common_name(self) -> pulumi.Output[Optional[bool]]:
|
2673
|
+
def use_csr_common_name(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2673
2674
|
"""
|
2674
2675
|
Flag to use the CN in the CSR
|
2675
2676
|
"""
|
@@ -2677,7 +2678,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2677
2678
|
|
2678
2679
|
@property
|
2679
2680
|
@pulumi.getter(name="useCsrSans")
|
2680
|
-
def use_csr_sans(self) -> pulumi.Output[Optional[bool]]:
|
2681
|
+
def use_csr_sans(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2681
2682
|
"""
|
2682
2683
|
Flag to use the SANs in the CSR
|
2683
2684
|
"""
|
@@ -2685,7 +2686,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
2685
2686
|
|
2686
2687
|
@property
|
2687
2688
|
@pulumi.getter(name="usePss")
|
2688
|
-
def use_pss(self) -> pulumi.Output[Optional[bool]]:
|
2689
|
+
def use_pss(self) -> pulumi.Output[Optional[builtins.bool]]:
|
2689
2690
|
"""
|
2690
2691
|
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
2691
2692
|
"""
|