pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,73 +20,73 @@ __all__ = ['BackendConfigAutoTidyArgs', 'BackendConfigAutoTidy']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class BackendConfigAutoTidyArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
backend: pulumi.Input[str],
|
23
|
-
enabled: pulumi.Input[bool],
|
24
|
-
acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
|
25
|
-
interval_duration: Optional[pulumi.Input[str]] = None,
|
26
|
-
issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
|
27
|
-
maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
|
28
|
-
max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
29
|
-
min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
30
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
31
|
-
pause_duration: Optional[pulumi.Input[str]] = None,
|
32
|
-
publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
|
33
|
-
revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
|
34
|
-
safety_buffer: Optional[pulumi.Input[str]] = None,
|
35
|
-
tidy_acme: Optional[pulumi.Input[bool]] = None,
|
36
|
-
tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
|
37
|
-
tidy_cert_store: Optional[pulumi.Input[bool]] = None,
|
38
|
-
tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
|
39
|
-
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
40
|
-
tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
|
41
|
-
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
|
42
|
-
tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
|
43
|
-
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
|
44
|
-
tidy_revoked_certs: Optional[pulumi.Input[bool]] = None):
|
23
|
+
backend: pulumi.Input[builtins.str],
|
24
|
+
enabled: pulumi.Input[builtins.bool],
|
25
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
26
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
27
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
30
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
34
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
38
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
39
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
40
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
42
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
43
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
44
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
45
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None):
|
45
46
|
"""
|
46
47
|
The set of arguments for constructing a BackendConfigAutoTidy resource.
|
47
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
48
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
48
49
|
read the configuration from, with no leading or trailing `/`s.
|
49
|
-
:param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
|
50
|
-
:param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
50
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
51
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
51
52
|
time after being marked revoked or deactivated.
|
52
|
-
:param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
53
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
53
54
|
between tidy invocations (after one finishes to the start of the next).
|
54
|
-
:param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
55
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
55
56
|
expiration before it is removed from the backend storage.
|
56
|
-
:param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
57
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
57
58
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
58
59
|
of certificates stored is maintained.
|
59
|
-
:param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
60
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
60
61
|
after startup.
|
61
|
-
:param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
62
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
62
63
|
after startup.
|
63
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
64
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
64
65
|
The value should not contain leading or trailing forward slashes.
|
65
66
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
66
67
|
*Available only for Vault Enterprise*.
|
67
|
-
:param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
|
68
|
-
:param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
68
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
69
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
69
70
|
certificate count is published to the metrics consumer.
|
70
|
-
:param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
71
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
71
72
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
72
|
-
:param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
73
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
73
74
|
expiration before it is removed from the backend storage and/or revocation list.
|
74
|
-
:param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
75
|
-
:param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
76
|
-
:param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
77
|
-
:param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
78
|
-
:param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
75
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
76
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
77
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
78
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
79
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
79
80
|
revoked certificate store.
|
80
|
-
:param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
81
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
81
82
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
82
|
-
:param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
83
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
83
84
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
84
|
-
:param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
85
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
85
86
|
haven't been confirmed by any active cluster.
|
86
|
-
:param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
87
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
87
88
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
88
|
-
:param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
89
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
89
90
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
90
91
|
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
91
92
|
the CRL, and the CRL will be rotated.
|
@@ -137,7 +138,7 @@ class BackendConfigAutoTidyArgs:
|
|
137
138
|
|
138
139
|
@property
|
139
140
|
@pulumi.getter
|
140
|
-
def backend(self) -> pulumi.Input[str]:
|
141
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
141
142
|
"""
|
142
143
|
The path to the PKI secret backend to
|
143
144
|
read the configuration from, with no leading or trailing `/`s.
|
@@ -145,24 +146,24 @@ class BackendConfigAutoTidyArgs:
|
|
145
146
|
return pulumi.get(self, "backend")
|
146
147
|
|
147
148
|
@backend.setter
|
148
|
-
def backend(self, value: pulumi.Input[str]):
|
149
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
149
150
|
pulumi.set(self, "backend", value)
|
150
151
|
|
151
152
|
@property
|
152
153
|
@pulumi.getter
|
153
|
-
def enabled(self) -> pulumi.Input[bool]:
|
154
|
+
def enabled(self) -> pulumi.Input[builtins.bool]:
|
154
155
|
"""
|
155
156
|
Specifies whether automatic tidy is enabled or not.
|
156
157
|
"""
|
157
158
|
return pulumi.get(self, "enabled")
|
158
159
|
|
159
160
|
@enabled.setter
|
160
|
-
def enabled(self, value: pulumi.Input[bool]):
|
161
|
+
def enabled(self, value: pulumi.Input[builtins.bool]):
|
161
162
|
pulumi.set(self, "enabled", value)
|
162
163
|
|
163
164
|
@property
|
164
165
|
@pulumi.getter(name="acmeAccountSafetyBuffer")
|
165
|
-
def acme_account_safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
166
|
+
def acme_account_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
166
167
|
"""
|
167
168
|
The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
168
169
|
time after being marked revoked or deactivated.
|
@@ -170,12 +171,12 @@ class BackendConfigAutoTidyArgs:
|
|
170
171
|
return pulumi.get(self, "acme_account_safety_buffer")
|
171
172
|
|
172
173
|
@acme_account_safety_buffer.setter
|
173
|
-
def acme_account_safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
174
|
+
def acme_account_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
174
175
|
pulumi.set(self, "acme_account_safety_buffer", value)
|
175
176
|
|
176
177
|
@property
|
177
178
|
@pulumi.getter(name="intervalDuration")
|
178
|
-
def interval_duration(self) -> Optional[pulumi.Input[str]]:
|
179
|
+
def interval_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
179
180
|
"""
|
180
181
|
Interval at which to run an auto-tidy operation. This is the time
|
181
182
|
between tidy invocations (after one finishes to the start of the next).
|
@@ -183,12 +184,12 @@ class BackendConfigAutoTidyArgs:
|
|
183
184
|
return pulumi.get(self, "interval_duration")
|
184
185
|
|
185
186
|
@interval_duration.setter
|
186
|
-
def interval_duration(self, value: Optional[pulumi.Input[str]]):
|
187
|
+
def interval_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
187
188
|
pulumi.set(self, "interval_duration", value)
|
188
189
|
|
189
190
|
@property
|
190
191
|
@pulumi.getter(name="issuerSafetyBuffer")
|
191
|
-
def issuer_safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
192
|
+
def issuer_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
192
193
|
"""
|
193
194
|
The amount of extra time that must have passed beyond issuer's
|
194
195
|
expiration before it is removed from the backend storage.
|
@@ -196,12 +197,12 @@ class BackendConfigAutoTidyArgs:
|
|
196
197
|
return pulumi.get(self, "issuer_safety_buffer")
|
197
198
|
|
198
199
|
@issuer_safety_buffer.setter
|
199
|
-
def issuer_safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
200
|
+
def issuer_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
200
201
|
pulumi.set(self, "issuer_safety_buffer", value)
|
201
202
|
|
202
203
|
@property
|
203
204
|
@pulumi.getter(name="maintainStoredCertificateCounts")
|
204
|
-
def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[bool]]:
|
205
|
+
def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[builtins.bool]]:
|
205
206
|
"""
|
206
207
|
This configures whether stored certificate are
|
207
208
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
@@ -210,12 +211,12 @@ class BackendConfigAutoTidyArgs:
|
|
210
211
|
return pulumi.get(self, "maintain_stored_certificate_counts")
|
211
212
|
|
212
213
|
@maintain_stored_certificate_counts.setter
|
213
|
-
def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[bool]]):
|
214
|
+
def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[builtins.bool]]):
|
214
215
|
pulumi.set(self, "maintain_stored_certificate_counts", value)
|
215
216
|
|
216
217
|
@property
|
217
218
|
@pulumi.getter(name="maxStartupBackoffDuration")
|
218
|
-
def max_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
|
219
|
+
def max_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
219
220
|
"""
|
220
221
|
The maximum amount of time auto-tidy will be delayed
|
221
222
|
after startup.
|
@@ -223,12 +224,12 @@ class BackendConfigAutoTidyArgs:
|
|
223
224
|
return pulumi.get(self, "max_startup_backoff_duration")
|
224
225
|
|
225
226
|
@max_startup_backoff_duration.setter
|
226
|
-
def max_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
|
227
|
+
def max_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
227
228
|
pulumi.set(self, "max_startup_backoff_duration", value)
|
228
229
|
|
229
230
|
@property
|
230
231
|
@pulumi.getter(name="minStartupBackoffDuration")
|
231
|
-
def min_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
|
232
|
+
def min_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
232
233
|
"""
|
233
234
|
The minimum amount of time auto-tidy will be delayed
|
234
235
|
after startup.
|
@@ -236,12 +237,12 @@ class BackendConfigAutoTidyArgs:
|
|
236
237
|
return pulumi.get(self, "min_startup_backoff_duration")
|
237
238
|
|
238
239
|
@min_startup_backoff_duration.setter
|
239
|
-
def min_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
|
240
|
+
def min_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
240
241
|
pulumi.set(self, "min_startup_backoff_duration", value)
|
241
242
|
|
242
243
|
@property
|
243
244
|
@pulumi.getter
|
244
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
245
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
245
246
|
"""
|
246
247
|
The namespace of the target resource.
|
247
248
|
The value should not contain leading or trailing forward slashes.
|
@@ -251,24 +252,24 @@ class BackendConfigAutoTidyArgs:
|
|
251
252
|
return pulumi.get(self, "namespace")
|
252
253
|
|
253
254
|
@namespace.setter
|
254
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
255
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
255
256
|
pulumi.set(self, "namespace", value)
|
256
257
|
|
257
258
|
@property
|
258
259
|
@pulumi.getter(name="pauseDuration")
|
259
|
-
def pause_duration(self) -> Optional[pulumi.Input[str]]:
|
260
|
+
def pause_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
260
261
|
"""
|
261
262
|
The amount of time to wait between processing certificates.
|
262
263
|
"""
|
263
264
|
return pulumi.get(self, "pause_duration")
|
264
265
|
|
265
266
|
@pause_duration.setter
|
266
|
-
def pause_duration(self, value: Optional[pulumi.Input[str]]):
|
267
|
+
def pause_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
267
268
|
pulumi.set(self, "pause_duration", value)
|
268
269
|
|
269
270
|
@property
|
270
271
|
@pulumi.getter(name="publishStoredCertificateCountMetrics")
|
271
|
-
def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[bool]]:
|
272
|
+
def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[builtins.bool]]:
|
272
273
|
"""
|
273
274
|
This configures whether the stored
|
274
275
|
certificate count is published to the metrics consumer.
|
@@ -276,12 +277,12 @@ class BackendConfigAutoTidyArgs:
|
|
276
277
|
return pulumi.get(self, "publish_stored_certificate_count_metrics")
|
277
278
|
|
278
279
|
@publish_stored_certificate_count_metrics.setter
|
279
|
-
def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[bool]]):
|
280
|
+
def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[builtins.bool]]):
|
280
281
|
pulumi.set(self, "publish_stored_certificate_count_metrics", value)
|
281
282
|
|
282
283
|
@property
|
283
284
|
@pulumi.getter(name="revocationQueueSafetyBuffer")
|
284
|
-
def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
285
|
+
def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
285
286
|
"""
|
286
287
|
The amount of time that must pass from the
|
287
288
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
@@ -289,12 +290,12 @@ class BackendConfigAutoTidyArgs:
|
|
289
290
|
return pulumi.get(self, "revocation_queue_safety_buffer")
|
290
291
|
|
291
292
|
@revocation_queue_safety_buffer.setter
|
292
|
-
def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
293
|
+
def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
293
294
|
pulumi.set(self, "revocation_queue_safety_buffer", value)
|
294
295
|
|
295
296
|
@property
|
296
297
|
@pulumi.getter(name="safetyBuffer")
|
297
|
-
def safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
298
|
+
def safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
298
299
|
"""
|
299
300
|
The amount of extra time that must have passed beyond certificate
|
300
301
|
expiration before it is removed from the backend storage and/or revocation list.
|
@@ -302,60 +303,60 @@ class BackendConfigAutoTidyArgs:
|
|
302
303
|
return pulumi.get(self, "safety_buffer")
|
303
304
|
|
304
305
|
@safety_buffer.setter
|
305
|
-
def safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
306
|
+
def safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
306
307
|
pulumi.set(self, "safety_buffer", value)
|
307
308
|
|
308
309
|
@property
|
309
310
|
@pulumi.getter(name="tidyAcme")
|
310
|
-
def tidy_acme(self) -> Optional[pulumi.Input[bool]]:
|
311
|
+
def tidy_acme(self) -> Optional[pulumi.Input[builtins.bool]]:
|
311
312
|
"""
|
312
313
|
Set to true to enable tidying ACME accounts, orders and authorizations.
|
313
314
|
"""
|
314
315
|
return pulumi.get(self, "tidy_acme")
|
315
316
|
|
316
317
|
@tidy_acme.setter
|
317
|
-
def tidy_acme(self, value: Optional[pulumi.Input[bool]]):
|
318
|
+
def tidy_acme(self, value: Optional[pulumi.Input[builtins.bool]]):
|
318
319
|
pulumi.set(self, "tidy_acme", value)
|
319
320
|
|
320
321
|
@property
|
321
322
|
@pulumi.getter(name="tidyCertMetadata")
|
322
|
-
def tidy_cert_metadata(self) -> Optional[pulumi.Input[bool]]:
|
323
|
+
def tidy_cert_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
323
324
|
"""
|
324
325
|
Set to true to enable tidying up certificate metadata.
|
325
326
|
"""
|
326
327
|
return pulumi.get(self, "tidy_cert_metadata")
|
327
328
|
|
328
329
|
@tidy_cert_metadata.setter
|
329
|
-
def tidy_cert_metadata(self, value: Optional[pulumi.Input[bool]]):
|
330
|
+
def tidy_cert_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
330
331
|
pulumi.set(self, "tidy_cert_metadata", value)
|
331
332
|
|
332
333
|
@property
|
333
334
|
@pulumi.getter(name="tidyCertStore")
|
334
|
-
def tidy_cert_store(self) -> Optional[pulumi.Input[bool]]:
|
335
|
+
def tidy_cert_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
335
336
|
"""
|
336
337
|
Set to true to enable tidying up the certificate store
|
337
338
|
"""
|
338
339
|
return pulumi.get(self, "tidy_cert_store")
|
339
340
|
|
340
341
|
@tidy_cert_store.setter
|
341
|
-
def tidy_cert_store(self, value: Optional[pulumi.Input[bool]]):
|
342
|
+
def tidy_cert_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
342
343
|
pulumi.set(self, "tidy_cert_store", value)
|
343
344
|
|
344
345
|
@property
|
345
346
|
@pulumi.getter(name="tidyCmpv2NonceStore")
|
346
|
-
def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[bool]]:
|
347
|
+
def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
347
348
|
"""
|
348
349
|
Set to true to enable tidying up the CMPv2 nonce store.
|
349
350
|
"""
|
350
351
|
return pulumi.get(self, "tidy_cmpv2_nonce_store")
|
351
352
|
|
352
353
|
@tidy_cmpv2_nonce_store.setter
|
353
|
-
def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[bool]]):
|
354
|
+
def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
354
355
|
pulumi.set(self, "tidy_cmpv2_nonce_store", value)
|
355
356
|
|
356
357
|
@property
|
357
358
|
@pulumi.getter(name="tidyCrossClusterRevokedCerts")
|
358
|
-
def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
|
359
|
+
def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
359
360
|
"""
|
360
361
|
Set to true to enable tidying up the cross-cluster
|
361
362
|
revoked certificate store.
|
@@ -363,12 +364,12 @@ class BackendConfigAutoTidyArgs:
|
|
363
364
|
return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
|
364
365
|
|
365
366
|
@tidy_cross_cluster_revoked_certs.setter
|
366
|
-
def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
|
367
|
+
def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
367
368
|
pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
|
368
369
|
|
369
370
|
@property
|
370
371
|
@pulumi.getter(name="tidyExpiredIssuers")
|
371
|
-
def tidy_expired_issuers(self) -> Optional[pulumi.Input[bool]]:
|
372
|
+
def tidy_expired_issuers(self) -> Optional[pulumi.Input[builtins.bool]]:
|
372
373
|
"""
|
373
374
|
Set to true to automatically remove expired issuers past the
|
374
375
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
@@ -376,12 +377,12 @@ class BackendConfigAutoTidyArgs:
|
|
376
377
|
return pulumi.get(self, "tidy_expired_issuers")
|
377
378
|
|
378
379
|
@tidy_expired_issuers.setter
|
379
|
-
def tidy_expired_issuers(self, value: Optional[pulumi.Input[bool]]):
|
380
|
+
def tidy_expired_issuers(self, value: Optional[pulumi.Input[builtins.bool]]):
|
380
381
|
pulumi.set(self, "tidy_expired_issuers", value)
|
381
382
|
|
382
383
|
@property
|
383
384
|
@pulumi.getter(name="tidyMoveLegacyCaBundle")
|
384
|
-
def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[bool]]:
|
385
|
+
def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[builtins.bool]]:
|
385
386
|
"""
|
386
387
|
Set to true to move the legacy `ca_bundle` from
|
387
388
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
@@ -389,12 +390,12 @@ class BackendConfigAutoTidyArgs:
|
|
389
390
|
return pulumi.get(self, "tidy_move_legacy_ca_bundle")
|
390
391
|
|
391
392
|
@tidy_move_legacy_ca_bundle.setter
|
392
|
-
def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[bool]]):
|
393
|
+
def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[builtins.bool]]):
|
393
394
|
pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
|
394
395
|
|
395
396
|
@property
|
396
397
|
@pulumi.getter(name="tidyRevocationQueue")
|
397
|
-
def tidy_revocation_queue(self) -> Optional[pulumi.Input[bool]]:
|
398
|
+
def tidy_revocation_queue(self) -> Optional[pulumi.Input[builtins.bool]]:
|
398
399
|
"""
|
399
400
|
Set to true to remove stale revocation queue entries that
|
400
401
|
haven't been confirmed by any active cluster.
|
@@ -402,12 +403,12 @@ class BackendConfigAutoTidyArgs:
|
|
402
403
|
return pulumi.get(self, "tidy_revocation_queue")
|
403
404
|
|
404
405
|
@tidy_revocation_queue.setter
|
405
|
-
def tidy_revocation_queue(self, value: Optional[pulumi.Input[bool]]):
|
406
|
+
def tidy_revocation_queue(self, value: Optional[pulumi.Input[builtins.bool]]):
|
406
407
|
pulumi.set(self, "tidy_revocation_queue", value)
|
407
408
|
|
408
409
|
@property
|
409
410
|
@pulumi.getter(name="tidyRevokedCertIssuerAssociations")
|
410
|
-
def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[bool]]:
|
411
|
+
def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[builtins.bool]]:
|
411
412
|
"""
|
412
413
|
Set to true to validate issuer associations
|
413
414
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
@@ -415,12 +416,12 @@ class BackendConfigAutoTidyArgs:
|
|
415
416
|
return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
|
416
417
|
|
417
418
|
@tidy_revoked_cert_issuer_associations.setter
|
418
|
-
def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[bool]]):
|
419
|
+
def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[builtins.bool]]):
|
419
420
|
pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
|
420
421
|
|
421
422
|
@property
|
422
423
|
@pulumi.getter(name="tidyRevokedCerts")
|
423
|
-
def tidy_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
|
424
|
+
def tidy_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
424
425
|
"""
|
425
426
|
Set to true to remove all invalid and expired certificates from
|
426
427
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
@@ -430,80 +431,80 @@ class BackendConfigAutoTidyArgs:
|
|
430
431
|
return pulumi.get(self, "tidy_revoked_certs")
|
431
432
|
|
432
433
|
@tidy_revoked_certs.setter
|
433
|
-
def tidy_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
|
434
|
+
def tidy_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
434
435
|
pulumi.set(self, "tidy_revoked_certs", value)
|
435
436
|
|
436
437
|
|
437
438
|
@pulumi.input_type
|
438
439
|
class _BackendConfigAutoTidyState:
|
439
440
|
def __init__(__self__, *,
|
440
|
-
acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
|
441
|
-
backend: Optional[pulumi.Input[str]] = None,
|
442
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
443
|
-
interval_duration: Optional[pulumi.Input[str]] = None,
|
444
|
-
issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
|
445
|
-
maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
|
446
|
-
max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
447
|
-
min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
448
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
449
|
-
pause_duration: Optional[pulumi.Input[str]] = None,
|
450
|
-
publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
|
451
|
-
revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
|
452
|
-
safety_buffer: Optional[pulumi.Input[str]] = None,
|
453
|
-
tidy_acme: Optional[pulumi.Input[bool]] = None,
|
454
|
-
tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
|
455
|
-
tidy_cert_store: Optional[pulumi.Input[bool]] = None,
|
456
|
-
tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
|
457
|
-
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
458
|
-
tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
|
459
|
-
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
|
460
|
-
tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
|
461
|
-
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
|
462
|
-
tidy_revoked_certs: Optional[pulumi.Input[bool]] = None):
|
441
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
442
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
443
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
444
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
445
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
446
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
447
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
448
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
449
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
450
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
451
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
452
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
453
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
454
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
455
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
456
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
457
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
458
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
459
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
460
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
461
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
462
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
463
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None):
|
463
464
|
"""
|
464
465
|
Input properties used for looking up and filtering BackendConfigAutoTidy resources.
|
465
|
-
:param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
466
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
466
467
|
time after being marked revoked or deactivated.
|
467
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
468
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
468
469
|
read the configuration from, with no leading or trailing `/`s.
|
469
|
-
:param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
|
470
|
-
:param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
470
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
471
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
471
472
|
between tidy invocations (after one finishes to the start of the next).
|
472
|
-
:param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
473
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
473
474
|
expiration before it is removed from the backend storage.
|
474
|
-
:param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
475
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
475
476
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
476
477
|
of certificates stored is maintained.
|
477
|
-
:param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
478
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
478
479
|
after startup.
|
479
|
-
:param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
480
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
480
481
|
after startup.
|
481
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
482
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
482
483
|
The value should not contain leading or trailing forward slashes.
|
483
484
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
484
485
|
*Available only for Vault Enterprise*.
|
485
|
-
:param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
|
486
|
-
:param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
486
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
487
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
487
488
|
certificate count is published to the metrics consumer.
|
488
|
-
:param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
489
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
489
490
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
490
|
-
:param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
491
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
491
492
|
expiration before it is removed from the backend storage and/or revocation list.
|
492
|
-
:param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
493
|
-
:param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
494
|
-
:param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
495
|
-
:param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
496
|
-
:param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
493
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
494
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
495
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
496
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
497
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
497
498
|
revoked certificate store.
|
498
|
-
:param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
499
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
499
500
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
500
|
-
:param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
501
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
501
502
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
502
|
-
:param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
503
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
503
504
|
haven't been confirmed by any active cluster.
|
504
|
-
:param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
505
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
505
506
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
506
|
-
:param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
507
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
507
508
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
508
509
|
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
509
510
|
the CRL, and the CRL will be rotated.
|
@@ -557,7 +558,7 @@ class _BackendConfigAutoTidyState:
|
|
557
558
|
|
558
559
|
@property
|
559
560
|
@pulumi.getter(name="acmeAccountSafetyBuffer")
|
560
|
-
def acme_account_safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
561
|
+
def acme_account_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
561
562
|
"""
|
562
563
|
The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
563
564
|
time after being marked revoked or deactivated.
|
@@ -565,12 +566,12 @@ class _BackendConfigAutoTidyState:
|
|
565
566
|
return pulumi.get(self, "acme_account_safety_buffer")
|
566
567
|
|
567
568
|
@acme_account_safety_buffer.setter
|
568
|
-
def acme_account_safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
569
|
+
def acme_account_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
569
570
|
pulumi.set(self, "acme_account_safety_buffer", value)
|
570
571
|
|
571
572
|
@property
|
572
573
|
@pulumi.getter
|
573
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
574
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
574
575
|
"""
|
575
576
|
The path to the PKI secret backend to
|
576
577
|
read the configuration from, with no leading or trailing `/`s.
|
@@ -578,24 +579,24 @@ class _BackendConfigAutoTidyState:
|
|
578
579
|
return pulumi.get(self, "backend")
|
579
580
|
|
580
581
|
@backend.setter
|
581
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
582
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
582
583
|
pulumi.set(self, "backend", value)
|
583
584
|
|
584
585
|
@property
|
585
586
|
@pulumi.getter
|
586
|
-
def enabled(self) -> Optional[pulumi.Input[bool]]:
|
587
|
+
def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
|
587
588
|
"""
|
588
589
|
Specifies whether automatic tidy is enabled or not.
|
589
590
|
"""
|
590
591
|
return pulumi.get(self, "enabled")
|
591
592
|
|
592
593
|
@enabled.setter
|
593
|
-
def enabled(self, value: Optional[pulumi.Input[bool]]):
|
594
|
+
def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
|
594
595
|
pulumi.set(self, "enabled", value)
|
595
596
|
|
596
597
|
@property
|
597
598
|
@pulumi.getter(name="intervalDuration")
|
598
|
-
def interval_duration(self) -> Optional[pulumi.Input[str]]:
|
599
|
+
def interval_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
599
600
|
"""
|
600
601
|
Interval at which to run an auto-tidy operation. This is the time
|
601
602
|
between tidy invocations (after one finishes to the start of the next).
|
@@ -603,12 +604,12 @@ class _BackendConfigAutoTidyState:
|
|
603
604
|
return pulumi.get(self, "interval_duration")
|
604
605
|
|
605
606
|
@interval_duration.setter
|
606
|
-
def interval_duration(self, value: Optional[pulumi.Input[str]]):
|
607
|
+
def interval_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
607
608
|
pulumi.set(self, "interval_duration", value)
|
608
609
|
|
609
610
|
@property
|
610
611
|
@pulumi.getter(name="issuerSafetyBuffer")
|
611
|
-
def issuer_safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
612
|
+
def issuer_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
612
613
|
"""
|
613
614
|
The amount of extra time that must have passed beyond issuer's
|
614
615
|
expiration before it is removed from the backend storage.
|
@@ -616,12 +617,12 @@ class _BackendConfigAutoTidyState:
|
|
616
617
|
return pulumi.get(self, "issuer_safety_buffer")
|
617
618
|
|
618
619
|
@issuer_safety_buffer.setter
|
619
|
-
def issuer_safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
620
|
+
def issuer_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
620
621
|
pulumi.set(self, "issuer_safety_buffer", value)
|
621
622
|
|
622
623
|
@property
|
623
624
|
@pulumi.getter(name="maintainStoredCertificateCounts")
|
624
|
-
def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[bool]]:
|
625
|
+
def maintain_stored_certificate_counts(self) -> Optional[pulumi.Input[builtins.bool]]:
|
625
626
|
"""
|
626
627
|
This configures whether stored certificate are
|
627
628
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
@@ -630,12 +631,12 @@ class _BackendConfigAutoTidyState:
|
|
630
631
|
return pulumi.get(self, "maintain_stored_certificate_counts")
|
631
632
|
|
632
633
|
@maintain_stored_certificate_counts.setter
|
633
|
-
def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[bool]]):
|
634
|
+
def maintain_stored_certificate_counts(self, value: Optional[pulumi.Input[builtins.bool]]):
|
634
635
|
pulumi.set(self, "maintain_stored_certificate_counts", value)
|
635
636
|
|
636
637
|
@property
|
637
638
|
@pulumi.getter(name="maxStartupBackoffDuration")
|
638
|
-
def max_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
|
639
|
+
def max_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
639
640
|
"""
|
640
641
|
The maximum amount of time auto-tidy will be delayed
|
641
642
|
after startup.
|
@@ -643,12 +644,12 @@ class _BackendConfigAutoTidyState:
|
|
643
644
|
return pulumi.get(self, "max_startup_backoff_duration")
|
644
645
|
|
645
646
|
@max_startup_backoff_duration.setter
|
646
|
-
def max_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
|
647
|
+
def max_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
647
648
|
pulumi.set(self, "max_startup_backoff_duration", value)
|
648
649
|
|
649
650
|
@property
|
650
651
|
@pulumi.getter(name="minStartupBackoffDuration")
|
651
|
-
def min_startup_backoff_duration(self) -> Optional[pulumi.Input[str]]:
|
652
|
+
def min_startup_backoff_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
652
653
|
"""
|
653
654
|
The minimum amount of time auto-tidy will be delayed
|
654
655
|
after startup.
|
@@ -656,12 +657,12 @@ class _BackendConfigAutoTidyState:
|
|
656
657
|
return pulumi.get(self, "min_startup_backoff_duration")
|
657
658
|
|
658
659
|
@min_startup_backoff_duration.setter
|
659
|
-
def min_startup_backoff_duration(self, value: Optional[pulumi.Input[str]]):
|
660
|
+
def min_startup_backoff_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
660
661
|
pulumi.set(self, "min_startup_backoff_duration", value)
|
661
662
|
|
662
663
|
@property
|
663
664
|
@pulumi.getter
|
664
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
665
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
665
666
|
"""
|
666
667
|
The namespace of the target resource.
|
667
668
|
The value should not contain leading or trailing forward slashes.
|
@@ -671,24 +672,24 @@ class _BackendConfigAutoTidyState:
|
|
671
672
|
return pulumi.get(self, "namespace")
|
672
673
|
|
673
674
|
@namespace.setter
|
674
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
675
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
675
676
|
pulumi.set(self, "namespace", value)
|
676
677
|
|
677
678
|
@property
|
678
679
|
@pulumi.getter(name="pauseDuration")
|
679
|
-
def pause_duration(self) -> Optional[pulumi.Input[str]]:
|
680
|
+
def pause_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
680
681
|
"""
|
681
682
|
The amount of time to wait between processing certificates.
|
682
683
|
"""
|
683
684
|
return pulumi.get(self, "pause_duration")
|
684
685
|
|
685
686
|
@pause_duration.setter
|
686
|
-
def pause_duration(self, value: Optional[pulumi.Input[str]]):
|
687
|
+
def pause_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
687
688
|
pulumi.set(self, "pause_duration", value)
|
688
689
|
|
689
690
|
@property
|
690
691
|
@pulumi.getter(name="publishStoredCertificateCountMetrics")
|
691
|
-
def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[bool]]:
|
692
|
+
def publish_stored_certificate_count_metrics(self) -> Optional[pulumi.Input[builtins.bool]]:
|
692
693
|
"""
|
693
694
|
This configures whether the stored
|
694
695
|
certificate count is published to the metrics consumer.
|
@@ -696,12 +697,12 @@ class _BackendConfigAutoTidyState:
|
|
696
697
|
return pulumi.get(self, "publish_stored_certificate_count_metrics")
|
697
698
|
|
698
699
|
@publish_stored_certificate_count_metrics.setter
|
699
|
-
def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[bool]]):
|
700
|
+
def publish_stored_certificate_count_metrics(self, value: Optional[pulumi.Input[builtins.bool]]):
|
700
701
|
pulumi.set(self, "publish_stored_certificate_count_metrics", value)
|
701
702
|
|
702
703
|
@property
|
703
704
|
@pulumi.getter(name="revocationQueueSafetyBuffer")
|
704
|
-
def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
705
|
+
def revocation_queue_safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
705
706
|
"""
|
706
707
|
The amount of time that must pass from the
|
707
708
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
@@ -709,12 +710,12 @@ class _BackendConfigAutoTidyState:
|
|
709
710
|
return pulumi.get(self, "revocation_queue_safety_buffer")
|
710
711
|
|
711
712
|
@revocation_queue_safety_buffer.setter
|
712
|
-
def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
713
|
+
def revocation_queue_safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
713
714
|
pulumi.set(self, "revocation_queue_safety_buffer", value)
|
714
715
|
|
715
716
|
@property
|
716
717
|
@pulumi.getter(name="safetyBuffer")
|
717
|
-
def safety_buffer(self) -> Optional[pulumi.Input[str]]:
|
718
|
+
def safety_buffer(self) -> Optional[pulumi.Input[builtins.str]]:
|
718
719
|
"""
|
719
720
|
The amount of extra time that must have passed beyond certificate
|
720
721
|
expiration before it is removed from the backend storage and/or revocation list.
|
@@ -722,60 +723,60 @@ class _BackendConfigAutoTidyState:
|
|
722
723
|
return pulumi.get(self, "safety_buffer")
|
723
724
|
|
724
725
|
@safety_buffer.setter
|
725
|
-
def safety_buffer(self, value: Optional[pulumi.Input[str]]):
|
726
|
+
def safety_buffer(self, value: Optional[pulumi.Input[builtins.str]]):
|
726
727
|
pulumi.set(self, "safety_buffer", value)
|
727
728
|
|
728
729
|
@property
|
729
730
|
@pulumi.getter(name="tidyAcme")
|
730
|
-
def tidy_acme(self) -> Optional[pulumi.Input[bool]]:
|
731
|
+
def tidy_acme(self) -> Optional[pulumi.Input[builtins.bool]]:
|
731
732
|
"""
|
732
733
|
Set to true to enable tidying ACME accounts, orders and authorizations.
|
733
734
|
"""
|
734
735
|
return pulumi.get(self, "tidy_acme")
|
735
736
|
|
736
737
|
@tidy_acme.setter
|
737
|
-
def tidy_acme(self, value: Optional[pulumi.Input[bool]]):
|
738
|
+
def tidy_acme(self, value: Optional[pulumi.Input[builtins.bool]]):
|
738
739
|
pulumi.set(self, "tidy_acme", value)
|
739
740
|
|
740
741
|
@property
|
741
742
|
@pulumi.getter(name="tidyCertMetadata")
|
742
|
-
def tidy_cert_metadata(self) -> Optional[pulumi.Input[bool]]:
|
743
|
+
def tidy_cert_metadata(self) -> Optional[pulumi.Input[builtins.bool]]:
|
743
744
|
"""
|
744
745
|
Set to true to enable tidying up certificate metadata.
|
745
746
|
"""
|
746
747
|
return pulumi.get(self, "tidy_cert_metadata")
|
747
748
|
|
748
749
|
@tidy_cert_metadata.setter
|
749
|
-
def tidy_cert_metadata(self, value: Optional[pulumi.Input[bool]]):
|
750
|
+
def tidy_cert_metadata(self, value: Optional[pulumi.Input[builtins.bool]]):
|
750
751
|
pulumi.set(self, "tidy_cert_metadata", value)
|
751
752
|
|
752
753
|
@property
|
753
754
|
@pulumi.getter(name="tidyCertStore")
|
754
|
-
def tidy_cert_store(self) -> Optional[pulumi.Input[bool]]:
|
755
|
+
def tidy_cert_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
755
756
|
"""
|
756
757
|
Set to true to enable tidying up the certificate store
|
757
758
|
"""
|
758
759
|
return pulumi.get(self, "tidy_cert_store")
|
759
760
|
|
760
761
|
@tidy_cert_store.setter
|
761
|
-
def tidy_cert_store(self, value: Optional[pulumi.Input[bool]]):
|
762
|
+
def tidy_cert_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
762
763
|
pulumi.set(self, "tidy_cert_store", value)
|
763
764
|
|
764
765
|
@property
|
765
766
|
@pulumi.getter(name="tidyCmpv2NonceStore")
|
766
|
-
def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[bool]]:
|
767
|
+
def tidy_cmpv2_nonce_store(self) -> Optional[pulumi.Input[builtins.bool]]:
|
767
768
|
"""
|
768
769
|
Set to true to enable tidying up the CMPv2 nonce store.
|
769
770
|
"""
|
770
771
|
return pulumi.get(self, "tidy_cmpv2_nonce_store")
|
771
772
|
|
772
773
|
@tidy_cmpv2_nonce_store.setter
|
773
|
-
def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[bool]]):
|
774
|
+
def tidy_cmpv2_nonce_store(self, value: Optional[pulumi.Input[builtins.bool]]):
|
774
775
|
pulumi.set(self, "tidy_cmpv2_nonce_store", value)
|
775
776
|
|
776
777
|
@property
|
777
778
|
@pulumi.getter(name="tidyCrossClusterRevokedCerts")
|
778
|
-
def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
|
779
|
+
def tidy_cross_cluster_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
779
780
|
"""
|
780
781
|
Set to true to enable tidying up the cross-cluster
|
781
782
|
revoked certificate store.
|
@@ -783,12 +784,12 @@ class _BackendConfigAutoTidyState:
|
|
783
784
|
return pulumi.get(self, "tidy_cross_cluster_revoked_certs")
|
784
785
|
|
785
786
|
@tidy_cross_cluster_revoked_certs.setter
|
786
|
-
def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
|
787
|
+
def tidy_cross_cluster_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
787
788
|
pulumi.set(self, "tidy_cross_cluster_revoked_certs", value)
|
788
789
|
|
789
790
|
@property
|
790
791
|
@pulumi.getter(name="tidyExpiredIssuers")
|
791
|
-
def tidy_expired_issuers(self) -> Optional[pulumi.Input[bool]]:
|
792
|
+
def tidy_expired_issuers(self) -> Optional[pulumi.Input[builtins.bool]]:
|
792
793
|
"""
|
793
794
|
Set to true to automatically remove expired issuers past the
|
794
795
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
@@ -796,12 +797,12 @@ class _BackendConfigAutoTidyState:
|
|
796
797
|
return pulumi.get(self, "tidy_expired_issuers")
|
797
798
|
|
798
799
|
@tidy_expired_issuers.setter
|
799
|
-
def tidy_expired_issuers(self, value: Optional[pulumi.Input[bool]]):
|
800
|
+
def tidy_expired_issuers(self, value: Optional[pulumi.Input[builtins.bool]]):
|
800
801
|
pulumi.set(self, "tidy_expired_issuers", value)
|
801
802
|
|
802
803
|
@property
|
803
804
|
@pulumi.getter(name="tidyMoveLegacyCaBundle")
|
804
|
-
def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[bool]]:
|
805
|
+
def tidy_move_legacy_ca_bundle(self) -> Optional[pulumi.Input[builtins.bool]]:
|
805
806
|
"""
|
806
807
|
Set to true to move the legacy `ca_bundle` from
|
807
808
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
@@ -809,12 +810,12 @@ class _BackendConfigAutoTidyState:
|
|
809
810
|
return pulumi.get(self, "tidy_move_legacy_ca_bundle")
|
810
811
|
|
811
812
|
@tidy_move_legacy_ca_bundle.setter
|
812
|
-
def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[bool]]):
|
813
|
+
def tidy_move_legacy_ca_bundle(self, value: Optional[pulumi.Input[builtins.bool]]):
|
813
814
|
pulumi.set(self, "tidy_move_legacy_ca_bundle", value)
|
814
815
|
|
815
816
|
@property
|
816
817
|
@pulumi.getter(name="tidyRevocationQueue")
|
817
|
-
def tidy_revocation_queue(self) -> Optional[pulumi.Input[bool]]:
|
818
|
+
def tidy_revocation_queue(self) -> Optional[pulumi.Input[builtins.bool]]:
|
818
819
|
"""
|
819
820
|
Set to true to remove stale revocation queue entries that
|
820
821
|
haven't been confirmed by any active cluster.
|
@@ -822,12 +823,12 @@ class _BackendConfigAutoTidyState:
|
|
822
823
|
return pulumi.get(self, "tidy_revocation_queue")
|
823
824
|
|
824
825
|
@tidy_revocation_queue.setter
|
825
|
-
def tidy_revocation_queue(self, value: Optional[pulumi.Input[bool]]):
|
826
|
+
def tidy_revocation_queue(self, value: Optional[pulumi.Input[builtins.bool]]):
|
826
827
|
pulumi.set(self, "tidy_revocation_queue", value)
|
827
828
|
|
828
829
|
@property
|
829
830
|
@pulumi.getter(name="tidyRevokedCertIssuerAssociations")
|
830
|
-
def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[bool]]:
|
831
|
+
def tidy_revoked_cert_issuer_associations(self) -> Optional[pulumi.Input[builtins.bool]]:
|
831
832
|
"""
|
832
833
|
Set to true to validate issuer associations
|
833
834
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
@@ -835,12 +836,12 @@ class _BackendConfigAutoTidyState:
|
|
835
836
|
return pulumi.get(self, "tidy_revoked_cert_issuer_associations")
|
836
837
|
|
837
838
|
@tidy_revoked_cert_issuer_associations.setter
|
838
|
-
def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[bool]]):
|
839
|
+
def tidy_revoked_cert_issuer_associations(self, value: Optional[pulumi.Input[builtins.bool]]):
|
839
840
|
pulumi.set(self, "tidy_revoked_cert_issuer_associations", value)
|
840
841
|
|
841
842
|
@property
|
842
843
|
@pulumi.getter(name="tidyRevokedCerts")
|
843
|
-
def tidy_revoked_certs(self) -> Optional[pulumi.Input[bool]]:
|
844
|
+
def tidy_revoked_certs(self) -> Optional[pulumi.Input[builtins.bool]]:
|
844
845
|
"""
|
845
846
|
Set to true to remove all invalid and expired certificates from
|
846
847
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
@@ -850,7 +851,7 @@ class _BackendConfigAutoTidyState:
|
|
850
851
|
return pulumi.get(self, "tidy_revoked_certs")
|
851
852
|
|
852
853
|
@tidy_revoked_certs.setter
|
853
|
-
def tidy_revoked_certs(self, value: Optional[pulumi.Input[bool]]):
|
854
|
+
def tidy_revoked_certs(self, value: Optional[pulumi.Input[builtins.bool]]):
|
854
855
|
pulumi.set(self, "tidy_revoked_certs", value)
|
855
856
|
|
856
857
|
|
@@ -859,29 +860,29 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
859
860
|
def __init__(__self__,
|
860
861
|
resource_name: str,
|
861
862
|
opts: Optional[pulumi.ResourceOptions] = None,
|
862
|
-
acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
|
863
|
-
backend: Optional[pulumi.Input[str]] = None,
|
864
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
865
|
-
interval_duration: Optional[pulumi.Input[str]] = None,
|
866
|
-
issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
|
867
|
-
maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
|
868
|
-
max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
869
|
-
min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
870
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
871
|
-
pause_duration: Optional[pulumi.Input[str]] = None,
|
872
|
-
publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
|
873
|
-
revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
|
874
|
-
safety_buffer: Optional[pulumi.Input[str]] = None,
|
875
|
-
tidy_acme: Optional[pulumi.Input[bool]] = None,
|
876
|
-
tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
|
877
|
-
tidy_cert_store: Optional[pulumi.Input[bool]] = None,
|
878
|
-
tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
|
879
|
-
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
880
|
-
tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
|
881
|
-
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
|
882
|
-
tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
|
883
|
-
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
|
884
|
-
tidy_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
863
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
864
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
865
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
866
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
867
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
868
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
869
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
870
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
871
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
872
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
873
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
874
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
875
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
876
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
877
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
878
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
879
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
880
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
881
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
882
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
883
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
884
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
885
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
885
886
|
__props__=None):
|
886
887
|
"""
|
887
888
|
Allows setting the Auto Tidy configuration on a PKI Secret Backend
|
@@ -906,48 +907,48 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
906
907
|
|
907
908
|
:param str resource_name: The name of the resource.
|
908
909
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
909
|
-
:param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
910
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
910
911
|
time after being marked revoked or deactivated.
|
911
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
912
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
912
913
|
read the configuration from, with no leading or trailing `/`s.
|
913
|
-
:param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
|
914
|
-
:param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
914
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
915
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
915
916
|
between tidy invocations (after one finishes to the start of the next).
|
916
|
-
:param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
917
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
917
918
|
expiration before it is removed from the backend storage.
|
918
|
-
:param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
919
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
919
920
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
920
921
|
of certificates stored is maintained.
|
921
|
-
:param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
922
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
922
923
|
after startup.
|
923
|
-
:param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
924
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
924
925
|
after startup.
|
925
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
926
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
926
927
|
The value should not contain leading or trailing forward slashes.
|
927
928
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
928
929
|
*Available only for Vault Enterprise*.
|
929
|
-
:param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
|
930
|
-
:param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
930
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
931
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
931
932
|
certificate count is published to the metrics consumer.
|
932
|
-
:param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
933
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
933
934
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
934
|
-
:param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
935
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
935
936
|
expiration before it is removed from the backend storage and/or revocation list.
|
936
|
-
:param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
937
|
-
:param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
938
|
-
:param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
939
|
-
:param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
940
|
-
:param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
937
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
938
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
939
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
940
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
941
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
941
942
|
revoked certificate store.
|
942
|
-
:param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
943
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
943
944
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
944
|
-
:param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
945
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
945
946
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
946
|
-
:param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
947
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
947
948
|
haven't been confirmed by any active cluster.
|
948
|
-
:param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
949
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
949
950
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
950
|
-
:param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
951
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
951
952
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
952
953
|
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
953
954
|
the CRL, and the CRL will be rotated.
|
@@ -994,29 +995,29 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
994
995
|
def _internal_init(__self__,
|
995
996
|
resource_name: str,
|
996
997
|
opts: Optional[pulumi.ResourceOptions] = None,
|
997
|
-
acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
|
998
|
-
backend: Optional[pulumi.Input[str]] = None,
|
999
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
1000
|
-
interval_duration: Optional[pulumi.Input[str]] = None,
|
1001
|
-
issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
|
1002
|
-
maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
|
1003
|
-
max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
1004
|
-
min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
1005
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1006
|
-
pause_duration: Optional[pulumi.Input[str]] = None,
|
1007
|
-
publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
|
1008
|
-
revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
|
1009
|
-
safety_buffer: Optional[pulumi.Input[str]] = None,
|
1010
|
-
tidy_acme: Optional[pulumi.Input[bool]] = None,
|
1011
|
-
tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
|
1012
|
-
tidy_cert_store: Optional[pulumi.Input[bool]] = None,
|
1013
|
-
tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
|
1014
|
-
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
1015
|
-
tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
|
1016
|
-
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
|
1017
|
-
tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
|
1018
|
-
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
|
1019
|
-
tidy_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
998
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
999
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1000
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
1001
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1002
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1003
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
1004
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1005
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1006
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1007
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1008
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
1009
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1010
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1011
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
1012
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1013
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1014
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1015
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
1016
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
1017
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
1018
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
1019
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
1020
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
1020
1021
|
__props__=None):
|
1021
1022
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1022
1023
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1063,29 +1064,29 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1063
1064
|
def get(resource_name: str,
|
1064
1065
|
id: pulumi.Input[str],
|
1065
1066
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1066
|
-
acme_account_safety_buffer: Optional[pulumi.Input[str]] = None,
|
1067
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1068
|
-
enabled: Optional[pulumi.Input[bool]] = None,
|
1069
|
-
interval_duration: Optional[pulumi.Input[str]] = None,
|
1070
|
-
issuer_safety_buffer: Optional[pulumi.Input[str]] = None,
|
1071
|
-
maintain_stored_certificate_counts: Optional[pulumi.Input[bool]] = None,
|
1072
|
-
max_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
1073
|
-
min_startup_backoff_duration: Optional[pulumi.Input[str]] = None,
|
1074
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1075
|
-
pause_duration: Optional[pulumi.Input[str]] = None,
|
1076
|
-
publish_stored_certificate_count_metrics: Optional[pulumi.Input[bool]] = None,
|
1077
|
-
revocation_queue_safety_buffer: Optional[pulumi.Input[str]] = None,
|
1078
|
-
safety_buffer: Optional[pulumi.Input[str]] = None,
|
1079
|
-
tidy_acme: Optional[pulumi.Input[bool]] = None,
|
1080
|
-
tidy_cert_metadata: Optional[pulumi.Input[bool]] = None,
|
1081
|
-
tidy_cert_store: Optional[pulumi.Input[bool]] = None,
|
1082
|
-
tidy_cmpv2_nonce_store: Optional[pulumi.Input[bool]] = None,
|
1083
|
-
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[bool]] = None,
|
1084
|
-
tidy_expired_issuers: Optional[pulumi.Input[bool]] = None,
|
1085
|
-
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[bool]] = None,
|
1086
|
-
tidy_revocation_queue: Optional[pulumi.Input[bool]] = None,
|
1087
|
-
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[bool]] = None,
|
1088
|
-
tidy_revoked_certs: Optional[pulumi.Input[bool]] = None) -> 'BackendConfigAutoTidy':
|
1067
|
+
acme_account_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1068
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1069
|
+
enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
1070
|
+
interval_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1071
|
+
issuer_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1072
|
+
maintain_stored_certificate_counts: Optional[pulumi.Input[builtins.bool]] = None,
|
1073
|
+
max_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1074
|
+
min_startup_backoff_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1075
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1076
|
+
pause_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1077
|
+
publish_stored_certificate_count_metrics: Optional[pulumi.Input[builtins.bool]] = None,
|
1078
|
+
revocation_queue_safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1079
|
+
safety_buffer: Optional[pulumi.Input[builtins.str]] = None,
|
1080
|
+
tidy_acme: Optional[pulumi.Input[builtins.bool]] = None,
|
1081
|
+
tidy_cert_metadata: Optional[pulumi.Input[builtins.bool]] = None,
|
1082
|
+
tidy_cert_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1083
|
+
tidy_cmpv2_nonce_store: Optional[pulumi.Input[builtins.bool]] = None,
|
1084
|
+
tidy_cross_cluster_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None,
|
1085
|
+
tidy_expired_issuers: Optional[pulumi.Input[builtins.bool]] = None,
|
1086
|
+
tidy_move_legacy_ca_bundle: Optional[pulumi.Input[builtins.bool]] = None,
|
1087
|
+
tidy_revocation_queue: Optional[pulumi.Input[builtins.bool]] = None,
|
1088
|
+
tidy_revoked_cert_issuer_associations: Optional[pulumi.Input[builtins.bool]] = None,
|
1089
|
+
tidy_revoked_certs: Optional[pulumi.Input[builtins.bool]] = None) -> 'BackendConfigAutoTidy':
|
1089
1090
|
"""
|
1090
1091
|
Get an existing BackendConfigAutoTidy resource's state with the given name, id, and optional extra
|
1091
1092
|
properties used to qualify the lookup.
|
@@ -1093,48 +1094,48 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1093
1094
|
:param str resource_name: The unique name of the resulting resource.
|
1094
1095
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1095
1096
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1096
|
-
:param pulumi.Input[str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
1097
|
+
:param pulumi.Input[builtins.str] acme_account_safety_buffer: The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
1097
1098
|
time after being marked revoked or deactivated.
|
1098
|
-
:param pulumi.Input[str] backend: The path to the PKI secret backend to
|
1099
|
+
:param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
|
1099
1100
|
read the configuration from, with no leading or trailing `/`s.
|
1100
|
-
:param pulumi.Input[bool] enabled: Specifies whether automatic tidy is enabled or not.
|
1101
|
-
:param pulumi.Input[str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
1101
|
+
:param pulumi.Input[builtins.bool] enabled: Specifies whether automatic tidy is enabled or not.
|
1102
|
+
:param pulumi.Input[builtins.str] interval_duration: Interval at which to run an auto-tidy operation. This is the time
|
1102
1103
|
between tidy invocations (after one finishes to the start of the next).
|
1103
|
-
:param pulumi.Input[str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
1104
|
+
:param pulumi.Input[builtins.str] issuer_safety_buffer: The amount of extra time that must have passed beyond issuer's
|
1104
1105
|
expiration before it is removed from the backend storage.
|
1105
|
-
:param pulumi.Input[bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
1106
|
+
:param pulumi.Input[builtins.bool] maintain_stored_certificate_counts: This configures whether stored certificate are
|
1106
1107
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
1107
1108
|
of certificates stored is maintained.
|
1108
|
-
:param pulumi.Input[str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
1109
|
+
:param pulumi.Input[builtins.str] max_startup_backoff_duration: The maximum amount of time auto-tidy will be delayed
|
1109
1110
|
after startup.
|
1110
|
-
:param pulumi.Input[str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
1111
|
+
:param pulumi.Input[builtins.str] min_startup_backoff_duration: The minimum amount of time auto-tidy will be delayed
|
1111
1112
|
after startup.
|
1112
|
-
:param pulumi.Input[str] namespace: The namespace of the target resource.
|
1113
|
+
:param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
|
1113
1114
|
The value should not contain leading or trailing forward slashes.
|
1114
1115
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1115
1116
|
*Available only for Vault Enterprise*.
|
1116
|
-
:param pulumi.Input[str] pause_duration: The amount of time to wait between processing certificates.
|
1117
|
-
:param pulumi.Input[bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
1117
|
+
:param pulumi.Input[builtins.str] pause_duration: The amount of time to wait between processing certificates.
|
1118
|
+
:param pulumi.Input[builtins.bool] publish_stored_certificate_count_metrics: This configures whether the stored
|
1118
1119
|
certificate count is published to the metrics consumer.
|
1119
|
-
:param pulumi.Input[str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
1120
|
+
:param pulumi.Input[builtins.str] revocation_queue_safety_buffer: The amount of time that must pass from the
|
1120
1121
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
1121
|
-
:param pulumi.Input[str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
1122
|
+
:param pulumi.Input[builtins.str] safety_buffer: The amount of extra time that must have passed beyond certificate
|
1122
1123
|
expiration before it is removed from the backend storage and/or revocation list.
|
1123
|
-
:param pulumi.Input[bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
1124
|
-
:param pulumi.Input[bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
1125
|
-
:param pulumi.Input[bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
1126
|
-
:param pulumi.Input[bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
1127
|
-
:param pulumi.Input[bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
1124
|
+
:param pulumi.Input[builtins.bool] tidy_acme: Set to true to enable tidying ACME accounts, orders and authorizations.
|
1125
|
+
:param pulumi.Input[builtins.bool] tidy_cert_metadata: Set to true to enable tidying up certificate metadata.
|
1126
|
+
:param pulumi.Input[builtins.bool] tidy_cert_store: Set to true to enable tidying up the certificate store
|
1127
|
+
:param pulumi.Input[builtins.bool] tidy_cmpv2_nonce_store: Set to true to enable tidying up the CMPv2 nonce store.
|
1128
|
+
:param pulumi.Input[builtins.bool] tidy_cross_cluster_revoked_certs: Set to true to enable tidying up the cross-cluster
|
1128
1129
|
revoked certificate store.
|
1129
|
-
:param pulumi.Input[bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
1130
|
+
:param pulumi.Input[builtins.bool] tidy_expired_issuers: Set to true to automatically remove expired issuers past the
|
1130
1131
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
1131
|
-
:param pulumi.Input[bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
1132
|
+
:param pulumi.Input[builtins.bool] tidy_move_legacy_ca_bundle: Set to true to move the legacy `ca_bundle` from
|
1132
1133
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
1133
|
-
:param pulumi.Input[bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
1134
|
+
:param pulumi.Input[builtins.bool] tidy_revocation_queue: Set to true to remove stale revocation queue entries that
|
1134
1135
|
haven't been confirmed by any active cluster.
|
1135
|
-
:param pulumi.Input[bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
1136
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_cert_issuer_associations: Set to true to validate issuer associations
|
1136
1137
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
1137
|
-
:param pulumi.Input[bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
1138
|
+
:param pulumi.Input[builtins.bool] tidy_revoked_certs: Set to true to remove all invalid and expired certificates from
|
1138
1139
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|
1139
1140
|
the entry is empty. If a certificate is removed due to expiry, the entry will also be removed from
|
1140
1141
|
the CRL, and the CRL will be rotated.
|
@@ -1170,7 +1171,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1170
1171
|
|
1171
1172
|
@property
|
1172
1173
|
@pulumi.getter(name="acmeAccountSafetyBuffer")
|
1173
|
-
def acme_account_safety_buffer(self) -> pulumi.Output[str]:
|
1174
|
+
def acme_account_safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1174
1175
|
"""
|
1175
1176
|
The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of
|
1176
1177
|
time after being marked revoked or deactivated.
|
@@ -1179,7 +1180,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1179
1180
|
|
1180
1181
|
@property
|
1181
1182
|
@pulumi.getter
|
1182
|
-
def backend(self) -> pulumi.Output[str]:
|
1183
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
1183
1184
|
"""
|
1184
1185
|
The path to the PKI secret backend to
|
1185
1186
|
read the configuration from, with no leading or trailing `/`s.
|
@@ -1188,7 +1189,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1188
1189
|
|
1189
1190
|
@property
|
1190
1191
|
@pulumi.getter
|
1191
|
-
def enabled(self) -> pulumi.Output[bool]:
|
1192
|
+
def enabled(self) -> pulumi.Output[builtins.bool]:
|
1192
1193
|
"""
|
1193
1194
|
Specifies whether automatic tidy is enabled or not.
|
1194
1195
|
"""
|
@@ -1196,7 +1197,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1196
1197
|
|
1197
1198
|
@property
|
1198
1199
|
@pulumi.getter(name="intervalDuration")
|
1199
|
-
def interval_duration(self) -> pulumi.Output[str]:
|
1200
|
+
def interval_duration(self) -> pulumi.Output[builtins.str]:
|
1200
1201
|
"""
|
1201
1202
|
Interval at which to run an auto-tidy operation. This is the time
|
1202
1203
|
between tidy invocations (after one finishes to the start of the next).
|
@@ -1205,7 +1206,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1205
1206
|
|
1206
1207
|
@property
|
1207
1208
|
@pulumi.getter(name="issuerSafetyBuffer")
|
1208
|
-
def issuer_safety_buffer(self) -> pulumi.Output[str]:
|
1209
|
+
def issuer_safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1209
1210
|
"""
|
1210
1211
|
The amount of extra time that must have passed beyond issuer's
|
1211
1212
|
expiration before it is removed from the backend storage.
|
@@ -1214,7 +1215,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1214
1215
|
|
1215
1216
|
@property
|
1216
1217
|
@pulumi.getter(name="maintainStoredCertificateCounts")
|
1217
|
-
def maintain_stored_certificate_counts(self) -> pulumi.Output[Optional[bool]]:
|
1218
|
+
def maintain_stored_certificate_counts(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1218
1219
|
"""
|
1219
1220
|
This configures whether stored certificate are
|
1220
1221
|
counted upon initialization of the backend, and whether during normal operation, a running count
|
@@ -1224,7 +1225,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1224
1225
|
|
1225
1226
|
@property
|
1226
1227
|
@pulumi.getter(name="maxStartupBackoffDuration")
|
1227
|
-
def max_startup_backoff_duration(self) -> pulumi.Output[str]:
|
1228
|
+
def max_startup_backoff_duration(self) -> pulumi.Output[builtins.str]:
|
1228
1229
|
"""
|
1229
1230
|
The maximum amount of time auto-tidy will be delayed
|
1230
1231
|
after startup.
|
@@ -1233,7 +1234,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1233
1234
|
|
1234
1235
|
@property
|
1235
1236
|
@pulumi.getter(name="minStartupBackoffDuration")
|
1236
|
-
def min_startup_backoff_duration(self) -> pulumi.Output[str]:
|
1237
|
+
def min_startup_backoff_duration(self) -> pulumi.Output[builtins.str]:
|
1237
1238
|
"""
|
1238
1239
|
The minimum amount of time auto-tidy will be delayed
|
1239
1240
|
after startup.
|
@@ -1242,7 +1243,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1242
1243
|
|
1243
1244
|
@property
|
1244
1245
|
@pulumi.getter
|
1245
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1246
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1246
1247
|
"""
|
1247
1248
|
The namespace of the target resource.
|
1248
1249
|
The value should not contain leading or trailing forward slashes.
|
@@ -1253,7 +1254,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1253
1254
|
|
1254
1255
|
@property
|
1255
1256
|
@pulumi.getter(name="pauseDuration")
|
1256
|
-
def pause_duration(self) -> pulumi.Output[str]:
|
1257
|
+
def pause_duration(self) -> pulumi.Output[builtins.str]:
|
1257
1258
|
"""
|
1258
1259
|
The amount of time to wait between processing certificates.
|
1259
1260
|
"""
|
@@ -1261,7 +1262,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1261
1262
|
|
1262
1263
|
@property
|
1263
1264
|
@pulumi.getter(name="publishStoredCertificateCountMetrics")
|
1264
|
-
def publish_stored_certificate_count_metrics(self) -> pulumi.Output[Optional[bool]]:
|
1265
|
+
def publish_stored_certificate_count_metrics(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1265
1266
|
"""
|
1266
1267
|
This configures whether the stored
|
1267
1268
|
certificate count is published to the metrics consumer.
|
@@ -1270,7 +1271,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1270
1271
|
|
1271
1272
|
@property
|
1272
1273
|
@pulumi.getter(name="revocationQueueSafetyBuffer")
|
1273
|
-
def revocation_queue_safety_buffer(self) -> pulumi.Output[str]:
|
1274
|
+
def revocation_queue_safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1274
1275
|
"""
|
1275
1276
|
The amount of time that must pass from the
|
1276
1277
|
cross-cluster revocation request being initiated to when it will be slated for removal.
|
@@ -1279,7 +1280,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1279
1280
|
|
1280
1281
|
@property
|
1281
1282
|
@pulumi.getter(name="safetyBuffer")
|
1282
|
-
def safety_buffer(self) -> pulumi.Output[str]:
|
1283
|
+
def safety_buffer(self) -> pulumi.Output[builtins.str]:
|
1283
1284
|
"""
|
1284
1285
|
The amount of extra time that must have passed beyond certificate
|
1285
1286
|
expiration before it is removed from the backend storage and/or revocation list.
|
@@ -1288,7 +1289,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1288
1289
|
|
1289
1290
|
@property
|
1290
1291
|
@pulumi.getter(name="tidyAcme")
|
1291
|
-
def tidy_acme(self) -> pulumi.Output[Optional[bool]]:
|
1292
|
+
def tidy_acme(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1292
1293
|
"""
|
1293
1294
|
Set to true to enable tidying ACME accounts, orders and authorizations.
|
1294
1295
|
"""
|
@@ -1296,7 +1297,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1296
1297
|
|
1297
1298
|
@property
|
1298
1299
|
@pulumi.getter(name="tidyCertMetadata")
|
1299
|
-
def tidy_cert_metadata(self) -> pulumi.Output[Optional[bool]]:
|
1300
|
+
def tidy_cert_metadata(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1300
1301
|
"""
|
1301
1302
|
Set to true to enable tidying up certificate metadata.
|
1302
1303
|
"""
|
@@ -1304,7 +1305,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1304
1305
|
|
1305
1306
|
@property
|
1306
1307
|
@pulumi.getter(name="tidyCertStore")
|
1307
|
-
def tidy_cert_store(self) -> pulumi.Output[Optional[bool]]:
|
1308
|
+
def tidy_cert_store(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1308
1309
|
"""
|
1309
1310
|
Set to true to enable tidying up the certificate store
|
1310
1311
|
"""
|
@@ -1312,7 +1313,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1312
1313
|
|
1313
1314
|
@property
|
1314
1315
|
@pulumi.getter(name="tidyCmpv2NonceStore")
|
1315
|
-
def tidy_cmpv2_nonce_store(self) -> pulumi.Output[Optional[bool]]:
|
1316
|
+
def tidy_cmpv2_nonce_store(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1316
1317
|
"""
|
1317
1318
|
Set to true to enable tidying up the CMPv2 nonce store.
|
1318
1319
|
"""
|
@@ -1320,7 +1321,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1320
1321
|
|
1321
1322
|
@property
|
1322
1323
|
@pulumi.getter(name="tidyCrossClusterRevokedCerts")
|
1323
|
-
def tidy_cross_cluster_revoked_certs(self) -> pulumi.Output[Optional[bool]]:
|
1324
|
+
def tidy_cross_cluster_revoked_certs(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1324
1325
|
"""
|
1325
1326
|
Set to true to enable tidying up the cross-cluster
|
1326
1327
|
revoked certificate store.
|
@@ -1329,7 +1330,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1329
1330
|
|
1330
1331
|
@property
|
1331
1332
|
@pulumi.getter(name="tidyExpiredIssuers")
|
1332
|
-
def tidy_expired_issuers(self) -> pulumi.Output[Optional[bool]]:
|
1333
|
+
def tidy_expired_issuers(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1333
1334
|
"""
|
1334
1335
|
Set to true to automatically remove expired issuers past the
|
1335
1336
|
`issuer_safety_buffer`. No keys will be removed as part of this operation.
|
@@ -1338,7 +1339,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1338
1339
|
|
1339
1340
|
@property
|
1340
1341
|
@pulumi.getter(name="tidyMoveLegacyCaBundle")
|
1341
|
-
def tidy_move_legacy_ca_bundle(self) -> pulumi.Output[Optional[bool]]:
|
1342
|
+
def tidy_move_legacy_ca_bundle(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1342
1343
|
"""
|
1343
1344
|
Set to true to move the legacy `ca_bundle` from
|
1344
1345
|
`/config/ca_bundle` to `/config/ca_bundle.bak`.
|
@@ -1347,7 +1348,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1347
1348
|
|
1348
1349
|
@property
|
1349
1350
|
@pulumi.getter(name="tidyRevocationQueue")
|
1350
|
-
def tidy_revocation_queue(self) -> pulumi.Output[Optional[bool]]:
|
1351
|
+
def tidy_revocation_queue(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1351
1352
|
"""
|
1352
1353
|
Set to true to remove stale revocation queue entries that
|
1353
1354
|
haven't been confirmed by any active cluster.
|
@@ -1356,7 +1357,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1356
1357
|
|
1357
1358
|
@property
|
1358
1359
|
@pulumi.getter(name="tidyRevokedCertIssuerAssociations")
|
1359
|
-
def tidy_revoked_cert_issuer_associations(self) -> pulumi.Output[Optional[bool]]:
|
1360
|
+
def tidy_revoked_cert_issuer_associations(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1360
1361
|
"""
|
1361
1362
|
Set to true to validate issuer associations
|
1362
1363
|
on revocation entries. This helps increase the performance of CRL building and OCSP responses.
|
@@ -1365,7 +1366,7 @@ class BackendConfigAutoTidy(pulumi.CustomResource):
|
|
1365
1366
|
|
1366
1367
|
@property
|
1367
1368
|
@pulumi.getter(name="tidyRevokedCerts")
|
1368
|
-
def tidy_revoked_certs(self) -> pulumi.Output[Optional[bool]]:
|
1369
|
+
def tidy_revoked_certs(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1369
1370
|
"""
|
1370
1371
|
Set to true to remove all invalid and expired certificates from
|
1371
1372
|
storage. A revoked storage entry is considered invalid if the entry is empty, or the value within
|