pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -21,70 +22,70 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
21
22
|
@pulumi.input_type
|
22
23
|
class SecretBackendRoleArgs:
|
23
24
|
def __init__(__self__, *,
|
24
|
-
backend: pulumi.Input[str],
|
25
|
-
key_type: pulumi.Input[str],
|
26
|
-
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
27
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
28
|
-
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
29
|
-
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
30
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
31
|
-
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
32
|
-
allow_user_key_ids: Optional[pulumi.Input[bool]] = None,
|
33
|
-
allowed_critical_options: Optional[pulumi.Input[str]] = None,
|
34
|
-
allowed_domains: Optional[pulumi.Input[str]] = None,
|
35
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
36
|
-
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
25
|
+
backend: pulumi.Input[builtins.str],
|
26
|
+
key_type: pulumi.Input[builtins.str],
|
27
|
+
algorithm_signer: Optional[pulumi.Input[builtins.str]] = None,
|
28
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
29
|
+
allow_empty_principals: Optional[pulumi.Input[builtins.bool]] = None,
|
30
|
+
allow_host_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
31
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
32
|
+
allow_user_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
33
|
+
allow_user_key_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
34
|
+
allowed_critical_options: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
allowed_domains: Optional[pulumi.Input[builtins.str]] = None,
|
36
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
allowed_extensions: Optional[pulumi.Input[builtins.str]] = None,
|
37
38
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
38
|
-
allowed_users: Optional[pulumi.Input[str]] = None,
|
39
|
-
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
40
|
-
cidr_list: Optional[pulumi.Input[str]] = None,
|
41
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
42
|
-
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
43
|
-
default_user: Optional[pulumi.Input[str]] = None,
|
44
|
-
default_user_template: Optional[pulumi.Input[bool]] = None,
|
45
|
-
key_id_format: Optional[pulumi.Input[str]] = None,
|
46
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
47
|
-
name: Optional[pulumi.Input[str]] = None,
|
48
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
49
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
50
|
-
ttl: Optional[pulumi.Input[str]] = None):
|
39
|
+
allowed_users: Optional[pulumi.Input[builtins.str]] = None,
|
40
|
+
allowed_users_template: Optional[pulumi.Input[builtins.bool]] = None,
|
41
|
+
cidr_list: Optional[pulumi.Input[builtins.str]] = None,
|
42
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
43
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
44
|
+
default_user: Optional[pulumi.Input[builtins.str]] = None,
|
45
|
+
default_user_template: Optional[pulumi.Input[builtins.bool]] = None,
|
46
|
+
key_id_format: Optional[pulumi.Input[builtins.str]] = None,
|
47
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
48
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
49
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
50
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
51
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None):
|
51
52
|
"""
|
52
53
|
The set of arguments for constructing a SecretBackendRole resource.
|
53
|
-
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
54
|
-
:param pulumi.Input[str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
55
|
-
:param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
56
|
-
:param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
57
|
-
:param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
|
54
|
+
:param pulumi.Input[builtins.str] backend: The path where the SSH secret backend is mounted.
|
55
|
+
:param pulumi.Input[builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
56
|
+
:param pulumi.Input[builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
57
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
58
|
+
:param pulumi.Input[builtins.bool] allow_empty_principals: Allow signing certificates with no
|
58
59
|
valid principals (e.g. any valid principal). For backwards compatibility
|
59
60
|
only. The default of false is highly recommended.
|
60
|
-
:param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
61
|
-
:param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
62
|
-
:param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
63
|
-
:param pulumi.Input[bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
64
|
-
:param pulumi.Input[str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
65
|
-
:param pulumi.Input[str] allowed_domains: The list of domains for which a client can request a host certificate.
|
66
|
-
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
61
|
+
:param pulumi.Input[builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
62
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
63
|
+
:param pulumi.Input[builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
64
|
+
:param pulumi.Input[builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
65
|
+
:param pulumi.Input[builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
66
|
+
:param pulumi.Input[builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
67
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
67
68
|
identity template policies. Non-templated domains are also permitted.
|
68
|
-
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
69
|
+
:param pulumi.Input[builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
69
70
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
70
71
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
71
72
|
*See Configuration-Options for more info*
|
72
|
-
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
73
|
-
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
74
|
-
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
75
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
76
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
77
|
-
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
78
|
-
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
79
|
-
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
80
|
-
:param pulumi.Input[str] max_ttl: Specifies the maximum Time To Live value.
|
81
|
-
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
82
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
73
|
+
:param pulumi.Input[builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
74
|
+
:param pulumi.Input[builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
75
|
+
:param pulumi.Input[builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
76
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
77
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
78
|
+
:param pulumi.Input[builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
79
|
+
:param pulumi.Input[builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
80
|
+
:param pulumi.Input[builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
81
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
82
|
+
:param pulumi.Input[builtins.str] name: Specifies the name of the role to create.
|
83
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
83
84
|
The value should not contain leading or trailing forward slashes.
|
84
85
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
85
86
|
*Available only for Vault Enterprise*.
|
86
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
87
|
-
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
87
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
88
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the Time To Live value.
|
88
89
|
"""
|
89
90
|
pulumi.set(__self__, "backend", backend)
|
90
91
|
pulumi.set(__self__, "key_type", key_type)
|
@@ -141,55 +142,55 @@ class SecretBackendRoleArgs:
|
|
141
142
|
|
142
143
|
@property
|
143
144
|
@pulumi.getter
|
144
|
-
def backend(self) -> pulumi.Input[str]:
|
145
|
+
def backend(self) -> pulumi.Input[builtins.str]:
|
145
146
|
"""
|
146
147
|
The path where the SSH secret backend is mounted.
|
147
148
|
"""
|
148
149
|
return pulumi.get(self, "backend")
|
149
150
|
|
150
151
|
@backend.setter
|
151
|
-
def backend(self, value: pulumi.Input[str]):
|
152
|
+
def backend(self, value: pulumi.Input[builtins.str]):
|
152
153
|
pulumi.set(self, "backend", value)
|
153
154
|
|
154
155
|
@property
|
155
156
|
@pulumi.getter(name="keyType")
|
156
|
-
def key_type(self) -> pulumi.Input[str]:
|
157
|
+
def key_type(self) -> pulumi.Input[builtins.str]:
|
157
158
|
"""
|
158
159
|
Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
159
160
|
"""
|
160
161
|
return pulumi.get(self, "key_type")
|
161
162
|
|
162
163
|
@key_type.setter
|
163
|
-
def key_type(self, value: pulumi.Input[str]):
|
164
|
+
def key_type(self, value: pulumi.Input[builtins.str]):
|
164
165
|
pulumi.set(self, "key_type", value)
|
165
166
|
|
166
167
|
@property
|
167
168
|
@pulumi.getter(name="algorithmSigner")
|
168
|
-
def algorithm_signer(self) -> Optional[pulumi.Input[str]]:
|
169
|
+
def algorithm_signer(self) -> Optional[pulumi.Input[builtins.str]]:
|
169
170
|
"""
|
170
171
|
When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
171
172
|
"""
|
172
173
|
return pulumi.get(self, "algorithm_signer")
|
173
174
|
|
174
175
|
@algorithm_signer.setter
|
175
|
-
def algorithm_signer(self, value: Optional[pulumi.Input[str]]):
|
176
|
+
def algorithm_signer(self, value: Optional[pulumi.Input[builtins.str]]):
|
176
177
|
pulumi.set(self, "algorithm_signer", value)
|
177
178
|
|
178
179
|
@property
|
179
180
|
@pulumi.getter(name="allowBareDomains")
|
180
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
|
181
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
181
182
|
"""
|
182
183
|
Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
183
184
|
"""
|
184
185
|
return pulumi.get(self, "allow_bare_domains")
|
185
186
|
|
186
187
|
@allow_bare_domains.setter
|
187
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
188
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
188
189
|
pulumi.set(self, "allow_bare_domains", value)
|
189
190
|
|
190
191
|
@property
|
191
192
|
@pulumi.getter(name="allowEmptyPrincipals")
|
192
|
-
def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
|
193
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[builtins.bool]]:
|
193
194
|
"""
|
194
195
|
Allow signing certificates with no
|
195
196
|
valid principals (e.g. any valid principal). For backwards compatibility
|
@@ -198,84 +199,84 @@ class SecretBackendRoleArgs:
|
|
198
199
|
return pulumi.get(self, "allow_empty_principals")
|
199
200
|
|
200
201
|
@allow_empty_principals.setter
|
201
|
-
def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
|
202
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[builtins.bool]]):
|
202
203
|
pulumi.set(self, "allow_empty_principals", value)
|
203
204
|
|
204
205
|
@property
|
205
206
|
@pulumi.getter(name="allowHostCertificates")
|
206
|
-
def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
|
207
|
+
def allow_host_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
207
208
|
"""
|
208
209
|
Specifies if certificates are allowed to be signed for use as a 'host'.
|
209
210
|
"""
|
210
211
|
return pulumi.get(self, "allow_host_certificates")
|
211
212
|
|
212
213
|
@allow_host_certificates.setter
|
213
|
-
def allow_host_certificates(self, value: Optional[pulumi.Input[bool]]):
|
214
|
+
def allow_host_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
214
215
|
pulumi.set(self, "allow_host_certificates", value)
|
215
216
|
|
216
217
|
@property
|
217
218
|
@pulumi.getter(name="allowSubdomains")
|
218
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
|
219
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
219
220
|
"""
|
220
221
|
Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
221
222
|
"""
|
222
223
|
return pulumi.get(self, "allow_subdomains")
|
223
224
|
|
224
225
|
@allow_subdomains.setter
|
225
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
|
226
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
226
227
|
pulumi.set(self, "allow_subdomains", value)
|
227
228
|
|
228
229
|
@property
|
229
230
|
@pulumi.getter(name="allowUserCertificates")
|
230
|
-
def allow_user_certificates(self) -> Optional[pulumi.Input[bool]]:
|
231
|
+
def allow_user_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
231
232
|
"""
|
232
233
|
Specifies if certificates are allowed to be signed for use as a 'user'.
|
233
234
|
"""
|
234
235
|
return pulumi.get(self, "allow_user_certificates")
|
235
236
|
|
236
237
|
@allow_user_certificates.setter
|
237
|
-
def allow_user_certificates(self, value: Optional[pulumi.Input[bool]]):
|
238
|
+
def allow_user_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
238
239
|
pulumi.set(self, "allow_user_certificates", value)
|
239
240
|
|
240
241
|
@property
|
241
242
|
@pulumi.getter(name="allowUserKeyIds")
|
242
|
-
def allow_user_key_ids(self) -> Optional[pulumi.Input[bool]]:
|
243
|
+
def allow_user_key_ids(self) -> Optional[pulumi.Input[builtins.bool]]:
|
243
244
|
"""
|
244
245
|
Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
245
246
|
"""
|
246
247
|
return pulumi.get(self, "allow_user_key_ids")
|
247
248
|
|
248
249
|
@allow_user_key_ids.setter
|
249
|
-
def allow_user_key_ids(self, value: Optional[pulumi.Input[bool]]):
|
250
|
+
def allow_user_key_ids(self, value: Optional[pulumi.Input[builtins.bool]]):
|
250
251
|
pulumi.set(self, "allow_user_key_ids", value)
|
251
252
|
|
252
253
|
@property
|
253
254
|
@pulumi.getter(name="allowedCriticalOptions")
|
254
|
-
def allowed_critical_options(self) -> Optional[pulumi.Input[str]]:
|
255
|
+
def allowed_critical_options(self) -> Optional[pulumi.Input[builtins.str]]:
|
255
256
|
"""
|
256
257
|
Specifies a comma-separated list of critical options that certificates can have when signed.
|
257
258
|
"""
|
258
259
|
return pulumi.get(self, "allowed_critical_options")
|
259
260
|
|
260
261
|
@allowed_critical_options.setter
|
261
|
-
def allowed_critical_options(self, value: Optional[pulumi.Input[str]]):
|
262
|
+
def allowed_critical_options(self, value: Optional[pulumi.Input[builtins.str]]):
|
262
263
|
pulumi.set(self, "allowed_critical_options", value)
|
263
264
|
|
264
265
|
@property
|
265
266
|
@pulumi.getter(name="allowedDomains")
|
266
|
-
def allowed_domains(self) -> Optional[pulumi.Input[str]]:
|
267
|
+
def allowed_domains(self) -> Optional[pulumi.Input[builtins.str]]:
|
267
268
|
"""
|
268
269
|
The list of domains for which a client can request a host certificate.
|
269
270
|
"""
|
270
271
|
return pulumi.get(self, "allowed_domains")
|
271
272
|
|
272
273
|
@allowed_domains.setter
|
273
|
-
def allowed_domains(self, value: Optional[pulumi.Input[str]]):
|
274
|
+
def allowed_domains(self, value: Optional[pulumi.Input[builtins.str]]):
|
274
275
|
pulumi.set(self, "allowed_domains", value)
|
275
276
|
|
276
277
|
@property
|
277
278
|
@pulumi.getter(name="allowedDomainsTemplate")
|
278
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
|
279
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
279
280
|
"""
|
280
281
|
Specifies if `allowed_domains` can be declared using
|
281
282
|
identity template policies. Non-templated domains are also permitted.
|
@@ -283,19 +284,19 @@ class SecretBackendRoleArgs:
|
|
283
284
|
return pulumi.get(self, "allowed_domains_template")
|
284
285
|
|
285
286
|
@allowed_domains_template.setter
|
286
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
|
287
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
287
288
|
pulumi.set(self, "allowed_domains_template", value)
|
288
289
|
|
289
290
|
@property
|
290
291
|
@pulumi.getter(name="allowedExtensions")
|
291
|
-
def allowed_extensions(self) -> Optional[pulumi.Input[str]]:
|
292
|
+
def allowed_extensions(self) -> Optional[pulumi.Input[builtins.str]]:
|
292
293
|
"""
|
293
294
|
Specifies a comma-separated list of extensions that certificates can have when signed.
|
294
295
|
"""
|
295
296
|
return pulumi.get(self, "allowed_extensions")
|
296
297
|
|
297
298
|
@allowed_extensions.setter
|
298
|
-
def allowed_extensions(self, value: Optional[pulumi.Input[str]]):
|
299
|
+
def allowed_extensions(self, value: Optional[pulumi.Input[builtins.str]]):
|
299
300
|
pulumi.set(self, "allowed_extensions", value)
|
300
301
|
|
301
302
|
@property
|
@@ -314,127 +315,127 @@ class SecretBackendRoleArgs:
|
|
314
315
|
|
315
316
|
@property
|
316
317
|
@pulumi.getter(name="allowedUsers")
|
317
|
-
def allowed_users(self) -> Optional[pulumi.Input[str]]:
|
318
|
+
def allowed_users(self) -> Optional[pulumi.Input[builtins.str]]:
|
318
319
|
"""
|
319
320
|
Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
320
321
|
"""
|
321
322
|
return pulumi.get(self, "allowed_users")
|
322
323
|
|
323
324
|
@allowed_users.setter
|
324
|
-
def allowed_users(self, value: Optional[pulumi.Input[str]]):
|
325
|
+
def allowed_users(self, value: Optional[pulumi.Input[builtins.str]]):
|
325
326
|
pulumi.set(self, "allowed_users", value)
|
326
327
|
|
327
328
|
@property
|
328
329
|
@pulumi.getter(name="allowedUsersTemplate")
|
329
|
-
def allowed_users_template(self) -> Optional[pulumi.Input[bool]]:
|
330
|
+
def allowed_users_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
330
331
|
"""
|
331
332
|
Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
332
333
|
"""
|
333
334
|
return pulumi.get(self, "allowed_users_template")
|
334
335
|
|
335
336
|
@allowed_users_template.setter
|
336
|
-
def allowed_users_template(self, value: Optional[pulumi.Input[bool]]):
|
337
|
+
def allowed_users_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
337
338
|
pulumi.set(self, "allowed_users_template", value)
|
338
339
|
|
339
340
|
@property
|
340
341
|
@pulumi.getter(name="cidrList")
|
341
|
-
def cidr_list(self) -> Optional[pulumi.Input[str]]:
|
342
|
+
def cidr_list(self) -> Optional[pulumi.Input[builtins.str]]:
|
342
343
|
"""
|
343
344
|
The comma-separated string of CIDR blocks for which this role is applicable.
|
344
345
|
"""
|
345
346
|
return pulumi.get(self, "cidr_list")
|
346
347
|
|
347
348
|
@cidr_list.setter
|
348
|
-
def cidr_list(self, value: Optional[pulumi.Input[str]]):
|
349
|
+
def cidr_list(self, value: Optional[pulumi.Input[builtins.str]]):
|
349
350
|
pulumi.set(self, "cidr_list", value)
|
350
351
|
|
351
352
|
@property
|
352
353
|
@pulumi.getter(name="defaultCriticalOptions")
|
353
|
-
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
354
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
354
355
|
"""
|
355
356
|
Specifies a map of critical options that certificates have when signed.
|
356
357
|
"""
|
357
358
|
return pulumi.get(self, "default_critical_options")
|
358
359
|
|
359
360
|
@default_critical_options.setter
|
360
|
-
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
361
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
361
362
|
pulumi.set(self, "default_critical_options", value)
|
362
363
|
|
363
364
|
@property
|
364
365
|
@pulumi.getter(name="defaultExtensions")
|
365
|
-
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
366
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
366
367
|
"""
|
367
368
|
Specifies a map of extensions that certificates have when signed.
|
368
369
|
"""
|
369
370
|
return pulumi.get(self, "default_extensions")
|
370
371
|
|
371
372
|
@default_extensions.setter
|
372
|
-
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
373
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
373
374
|
pulumi.set(self, "default_extensions", value)
|
374
375
|
|
375
376
|
@property
|
376
377
|
@pulumi.getter(name="defaultUser")
|
377
|
-
def default_user(self) -> Optional[pulumi.Input[str]]:
|
378
|
+
def default_user(self) -> Optional[pulumi.Input[builtins.str]]:
|
378
379
|
"""
|
379
380
|
Specifies the default username for which a credential will be generated.
|
380
381
|
"""
|
381
382
|
return pulumi.get(self, "default_user")
|
382
383
|
|
383
384
|
@default_user.setter
|
384
|
-
def default_user(self, value: Optional[pulumi.Input[str]]):
|
385
|
+
def default_user(self, value: Optional[pulumi.Input[builtins.str]]):
|
385
386
|
pulumi.set(self, "default_user", value)
|
386
387
|
|
387
388
|
@property
|
388
389
|
@pulumi.getter(name="defaultUserTemplate")
|
389
|
-
def default_user_template(self) -> Optional[pulumi.Input[bool]]:
|
390
|
+
def default_user_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
390
391
|
"""
|
391
392
|
If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
392
393
|
"""
|
393
394
|
return pulumi.get(self, "default_user_template")
|
394
395
|
|
395
396
|
@default_user_template.setter
|
396
|
-
def default_user_template(self, value: Optional[pulumi.Input[bool]]):
|
397
|
+
def default_user_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
397
398
|
pulumi.set(self, "default_user_template", value)
|
398
399
|
|
399
400
|
@property
|
400
401
|
@pulumi.getter(name="keyIdFormat")
|
401
|
-
def key_id_format(self) -> Optional[pulumi.Input[str]]:
|
402
|
+
def key_id_format(self) -> Optional[pulumi.Input[builtins.str]]:
|
402
403
|
"""
|
403
404
|
Specifies a custom format for the key id of a signed certificate.
|
404
405
|
"""
|
405
406
|
return pulumi.get(self, "key_id_format")
|
406
407
|
|
407
408
|
@key_id_format.setter
|
408
|
-
def key_id_format(self, value: Optional[pulumi.Input[str]]):
|
409
|
+
def key_id_format(self, value: Optional[pulumi.Input[builtins.str]]):
|
409
410
|
pulumi.set(self, "key_id_format", value)
|
410
411
|
|
411
412
|
@property
|
412
413
|
@pulumi.getter(name="maxTtl")
|
413
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
414
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
414
415
|
"""
|
415
416
|
Specifies the maximum Time To Live value.
|
416
417
|
"""
|
417
418
|
return pulumi.get(self, "max_ttl")
|
418
419
|
|
419
420
|
@max_ttl.setter
|
420
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
421
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
421
422
|
pulumi.set(self, "max_ttl", value)
|
422
423
|
|
423
424
|
@property
|
424
425
|
@pulumi.getter
|
425
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
426
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
426
427
|
"""
|
427
428
|
Specifies the name of the role to create.
|
428
429
|
"""
|
429
430
|
return pulumi.get(self, "name")
|
430
431
|
|
431
432
|
@name.setter
|
432
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
433
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
433
434
|
pulumi.set(self, "name", value)
|
434
435
|
|
435
436
|
@property
|
436
437
|
@pulumi.getter
|
437
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
438
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
438
439
|
"""
|
439
440
|
The namespace to provision the resource in.
|
440
441
|
The value should not contain leading or trailing forward slashes.
|
@@ -444,101 +445,101 @@ class SecretBackendRoleArgs:
|
|
444
445
|
return pulumi.get(self, "namespace")
|
445
446
|
|
446
447
|
@namespace.setter
|
447
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
448
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
448
449
|
pulumi.set(self, "namespace", value)
|
449
450
|
|
450
451
|
@property
|
451
452
|
@pulumi.getter(name="notBeforeDuration")
|
452
|
-
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
453
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
453
454
|
"""
|
454
455
|
Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
455
456
|
"""
|
456
457
|
return pulumi.get(self, "not_before_duration")
|
457
458
|
|
458
459
|
@not_before_duration.setter
|
459
|
-
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
460
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
460
461
|
pulumi.set(self, "not_before_duration", value)
|
461
462
|
|
462
463
|
@property
|
463
464
|
@pulumi.getter
|
464
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
465
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
465
466
|
"""
|
466
467
|
Specifies the Time To Live value.
|
467
468
|
"""
|
468
469
|
return pulumi.get(self, "ttl")
|
469
470
|
|
470
471
|
@ttl.setter
|
471
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
472
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
472
473
|
pulumi.set(self, "ttl", value)
|
473
474
|
|
474
475
|
|
475
476
|
@pulumi.input_type
|
476
477
|
class _SecretBackendRoleState:
|
477
478
|
def __init__(__self__, *,
|
478
|
-
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
479
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
480
|
-
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
481
|
-
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
482
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
483
|
-
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
484
|
-
allow_user_key_ids: Optional[pulumi.Input[bool]] = None,
|
485
|
-
allowed_critical_options: Optional[pulumi.Input[str]] = None,
|
486
|
-
allowed_domains: Optional[pulumi.Input[str]] = None,
|
487
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
488
|
-
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
479
|
+
algorithm_signer: Optional[pulumi.Input[builtins.str]] = None,
|
480
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
481
|
+
allow_empty_principals: Optional[pulumi.Input[builtins.bool]] = None,
|
482
|
+
allow_host_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
483
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
484
|
+
allow_user_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
485
|
+
allow_user_key_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
486
|
+
allowed_critical_options: Optional[pulumi.Input[builtins.str]] = None,
|
487
|
+
allowed_domains: Optional[pulumi.Input[builtins.str]] = None,
|
488
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
489
|
+
allowed_extensions: Optional[pulumi.Input[builtins.str]] = None,
|
489
490
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]]] = None,
|
490
|
-
allowed_users: Optional[pulumi.Input[str]] = None,
|
491
|
-
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
492
|
-
backend: Optional[pulumi.Input[str]] = None,
|
493
|
-
cidr_list: Optional[pulumi.Input[str]] = None,
|
494
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
495
|
-
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
496
|
-
default_user: Optional[pulumi.Input[str]] = None,
|
497
|
-
default_user_template: Optional[pulumi.Input[bool]] = None,
|
498
|
-
key_id_format: Optional[pulumi.Input[str]] = None,
|
499
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
500
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
501
|
-
name: Optional[pulumi.Input[str]] = None,
|
502
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
503
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
504
|
-
ttl: Optional[pulumi.Input[str]] = None):
|
491
|
+
allowed_users: Optional[pulumi.Input[builtins.str]] = None,
|
492
|
+
allowed_users_template: Optional[pulumi.Input[builtins.bool]] = None,
|
493
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
494
|
+
cidr_list: Optional[pulumi.Input[builtins.str]] = None,
|
495
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
496
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
497
|
+
default_user: Optional[pulumi.Input[builtins.str]] = None,
|
498
|
+
default_user_template: Optional[pulumi.Input[builtins.bool]] = None,
|
499
|
+
key_id_format: Optional[pulumi.Input[builtins.str]] = None,
|
500
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
501
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
502
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
503
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
504
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
505
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None):
|
505
506
|
"""
|
506
507
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
507
|
-
:param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
508
|
-
:param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
509
|
-
:param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
|
508
|
+
:param pulumi.Input[builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
509
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
510
|
+
:param pulumi.Input[builtins.bool] allow_empty_principals: Allow signing certificates with no
|
510
511
|
valid principals (e.g. any valid principal). For backwards compatibility
|
511
512
|
only. The default of false is highly recommended.
|
512
|
-
:param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
513
|
-
:param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
514
|
-
:param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
515
|
-
:param pulumi.Input[bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
516
|
-
:param pulumi.Input[str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
517
|
-
:param pulumi.Input[str] allowed_domains: The list of domains for which a client can request a host certificate.
|
518
|
-
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
513
|
+
:param pulumi.Input[builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
514
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
515
|
+
:param pulumi.Input[builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
516
|
+
:param pulumi.Input[builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
517
|
+
:param pulumi.Input[builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
518
|
+
:param pulumi.Input[builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
519
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
519
520
|
identity template policies. Non-templated domains are also permitted.
|
520
|
-
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
521
|
+
:param pulumi.Input[builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
521
522
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRoleAllowedUserKeyConfigArgs']]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
522
523
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
523
524
|
*See Configuration-Options for more info*
|
524
|
-
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
525
|
-
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
526
|
-
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
527
|
-
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
528
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
529
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
530
|
-
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
531
|
-
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
532
|
-
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
533
|
-
:param pulumi.Input[str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
534
|
-
:param pulumi.Input[str] max_ttl: Specifies the maximum Time To Live value.
|
535
|
-
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
536
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
525
|
+
:param pulumi.Input[builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
526
|
+
:param pulumi.Input[builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
527
|
+
:param pulumi.Input[builtins.str] backend: The path where the SSH secret backend is mounted.
|
528
|
+
:param pulumi.Input[builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
529
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
530
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
531
|
+
:param pulumi.Input[builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
532
|
+
:param pulumi.Input[builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
533
|
+
:param pulumi.Input[builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
534
|
+
:param pulumi.Input[builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
535
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
536
|
+
:param pulumi.Input[builtins.str] name: Specifies the name of the role to create.
|
537
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
537
538
|
The value should not contain leading or trailing forward slashes.
|
538
539
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
539
540
|
*Available only for Vault Enterprise*.
|
540
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
541
|
-
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
541
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
542
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the Time To Live value.
|
542
543
|
"""
|
543
544
|
if algorithm_signer is not None:
|
544
545
|
pulumi.set(__self__, "algorithm_signer", algorithm_signer)
|
@@ -597,31 +598,31 @@ class _SecretBackendRoleState:
|
|
597
598
|
|
598
599
|
@property
|
599
600
|
@pulumi.getter(name="algorithmSigner")
|
600
|
-
def algorithm_signer(self) -> Optional[pulumi.Input[str]]:
|
601
|
+
def algorithm_signer(self) -> Optional[pulumi.Input[builtins.str]]:
|
601
602
|
"""
|
602
603
|
When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
603
604
|
"""
|
604
605
|
return pulumi.get(self, "algorithm_signer")
|
605
606
|
|
606
607
|
@algorithm_signer.setter
|
607
|
-
def algorithm_signer(self, value: Optional[pulumi.Input[str]]):
|
608
|
+
def algorithm_signer(self, value: Optional[pulumi.Input[builtins.str]]):
|
608
609
|
pulumi.set(self, "algorithm_signer", value)
|
609
610
|
|
610
611
|
@property
|
611
612
|
@pulumi.getter(name="allowBareDomains")
|
612
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[bool]]:
|
613
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
613
614
|
"""
|
614
615
|
Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
615
616
|
"""
|
616
617
|
return pulumi.get(self, "allow_bare_domains")
|
617
618
|
|
618
619
|
@allow_bare_domains.setter
|
619
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[bool]]):
|
620
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
620
621
|
pulumi.set(self, "allow_bare_domains", value)
|
621
622
|
|
622
623
|
@property
|
623
624
|
@pulumi.getter(name="allowEmptyPrincipals")
|
624
|
-
def allow_empty_principals(self) -> Optional[pulumi.Input[bool]]:
|
625
|
+
def allow_empty_principals(self) -> Optional[pulumi.Input[builtins.bool]]:
|
625
626
|
"""
|
626
627
|
Allow signing certificates with no
|
627
628
|
valid principals (e.g. any valid principal). For backwards compatibility
|
@@ -630,84 +631,84 @@ class _SecretBackendRoleState:
|
|
630
631
|
return pulumi.get(self, "allow_empty_principals")
|
631
632
|
|
632
633
|
@allow_empty_principals.setter
|
633
|
-
def allow_empty_principals(self, value: Optional[pulumi.Input[bool]]):
|
634
|
+
def allow_empty_principals(self, value: Optional[pulumi.Input[builtins.bool]]):
|
634
635
|
pulumi.set(self, "allow_empty_principals", value)
|
635
636
|
|
636
637
|
@property
|
637
638
|
@pulumi.getter(name="allowHostCertificates")
|
638
|
-
def allow_host_certificates(self) -> Optional[pulumi.Input[bool]]:
|
639
|
+
def allow_host_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
639
640
|
"""
|
640
641
|
Specifies if certificates are allowed to be signed for use as a 'host'.
|
641
642
|
"""
|
642
643
|
return pulumi.get(self, "allow_host_certificates")
|
643
644
|
|
644
645
|
@allow_host_certificates.setter
|
645
|
-
def allow_host_certificates(self, value: Optional[pulumi.Input[bool]]):
|
646
|
+
def allow_host_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
646
647
|
pulumi.set(self, "allow_host_certificates", value)
|
647
648
|
|
648
649
|
@property
|
649
650
|
@pulumi.getter(name="allowSubdomains")
|
650
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[bool]]:
|
651
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[builtins.bool]]:
|
651
652
|
"""
|
652
653
|
Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
653
654
|
"""
|
654
655
|
return pulumi.get(self, "allow_subdomains")
|
655
656
|
|
656
657
|
@allow_subdomains.setter
|
657
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[bool]]):
|
658
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[builtins.bool]]):
|
658
659
|
pulumi.set(self, "allow_subdomains", value)
|
659
660
|
|
660
661
|
@property
|
661
662
|
@pulumi.getter(name="allowUserCertificates")
|
662
|
-
def allow_user_certificates(self) -> Optional[pulumi.Input[bool]]:
|
663
|
+
def allow_user_certificates(self) -> Optional[pulumi.Input[builtins.bool]]:
|
663
664
|
"""
|
664
665
|
Specifies if certificates are allowed to be signed for use as a 'user'.
|
665
666
|
"""
|
666
667
|
return pulumi.get(self, "allow_user_certificates")
|
667
668
|
|
668
669
|
@allow_user_certificates.setter
|
669
|
-
def allow_user_certificates(self, value: Optional[pulumi.Input[bool]]):
|
670
|
+
def allow_user_certificates(self, value: Optional[pulumi.Input[builtins.bool]]):
|
670
671
|
pulumi.set(self, "allow_user_certificates", value)
|
671
672
|
|
672
673
|
@property
|
673
674
|
@pulumi.getter(name="allowUserKeyIds")
|
674
|
-
def allow_user_key_ids(self) -> Optional[pulumi.Input[bool]]:
|
675
|
+
def allow_user_key_ids(self) -> Optional[pulumi.Input[builtins.bool]]:
|
675
676
|
"""
|
676
677
|
Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
677
678
|
"""
|
678
679
|
return pulumi.get(self, "allow_user_key_ids")
|
679
680
|
|
680
681
|
@allow_user_key_ids.setter
|
681
|
-
def allow_user_key_ids(self, value: Optional[pulumi.Input[bool]]):
|
682
|
+
def allow_user_key_ids(self, value: Optional[pulumi.Input[builtins.bool]]):
|
682
683
|
pulumi.set(self, "allow_user_key_ids", value)
|
683
684
|
|
684
685
|
@property
|
685
686
|
@pulumi.getter(name="allowedCriticalOptions")
|
686
|
-
def allowed_critical_options(self) -> Optional[pulumi.Input[str]]:
|
687
|
+
def allowed_critical_options(self) -> Optional[pulumi.Input[builtins.str]]:
|
687
688
|
"""
|
688
689
|
Specifies a comma-separated list of critical options that certificates can have when signed.
|
689
690
|
"""
|
690
691
|
return pulumi.get(self, "allowed_critical_options")
|
691
692
|
|
692
693
|
@allowed_critical_options.setter
|
693
|
-
def allowed_critical_options(self, value: Optional[pulumi.Input[str]]):
|
694
|
+
def allowed_critical_options(self, value: Optional[pulumi.Input[builtins.str]]):
|
694
695
|
pulumi.set(self, "allowed_critical_options", value)
|
695
696
|
|
696
697
|
@property
|
697
698
|
@pulumi.getter(name="allowedDomains")
|
698
|
-
def allowed_domains(self) -> Optional[pulumi.Input[str]]:
|
699
|
+
def allowed_domains(self) -> Optional[pulumi.Input[builtins.str]]:
|
699
700
|
"""
|
700
701
|
The list of domains for which a client can request a host certificate.
|
701
702
|
"""
|
702
703
|
return pulumi.get(self, "allowed_domains")
|
703
704
|
|
704
705
|
@allowed_domains.setter
|
705
|
-
def allowed_domains(self, value: Optional[pulumi.Input[str]]):
|
706
|
+
def allowed_domains(self, value: Optional[pulumi.Input[builtins.str]]):
|
706
707
|
pulumi.set(self, "allowed_domains", value)
|
707
708
|
|
708
709
|
@property
|
709
710
|
@pulumi.getter(name="allowedDomainsTemplate")
|
710
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[bool]]:
|
711
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
711
712
|
"""
|
712
713
|
Specifies if `allowed_domains` can be declared using
|
713
714
|
identity template policies. Non-templated domains are also permitted.
|
@@ -715,19 +716,19 @@ class _SecretBackendRoleState:
|
|
715
716
|
return pulumi.get(self, "allowed_domains_template")
|
716
717
|
|
717
718
|
@allowed_domains_template.setter
|
718
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[bool]]):
|
719
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
719
720
|
pulumi.set(self, "allowed_domains_template", value)
|
720
721
|
|
721
722
|
@property
|
722
723
|
@pulumi.getter(name="allowedExtensions")
|
723
|
-
def allowed_extensions(self) -> Optional[pulumi.Input[str]]:
|
724
|
+
def allowed_extensions(self) -> Optional[pulumi.Input[builtins.str]]:
|
724
725
|
"""
|
725
726
|
Specifies a comma-separated list of extensions that certificates can have when signed.
|
726
727
|
"""
|
727
728
|
return pulumi.get(self, "allowed_extensions")
|
728
729
|
|
729
730
|
@allowed_extensions.setter
|
730
|
-
def allowed_extensions(self, value: Optional[pulumi.Input[str]]):
|
731
|
+
def allowed_extensions(self, value: Optional[pulumi.Input[builtins.str]]):
|
731
732
|
pulumi.set(self, "allowed_extensions", value)
|
732
733
|
|
733
734
|
@property
|
@@ -746,151 +747,151 @@ class _SecretBackendRoleState:
|
|
746
747
|
|
747
748
|
@property
|
748
749
|
@pulumi.getter(name="allowedUsers")
|
749
|
-
def allowed_users(self) -> Optional[pulumi.Input[str]]:
|
750
|
+
def allowed_users(self) -> Optional[pulumi.Input[builtins.str]]:
|
750
751
|
"""
|
751
752
|
Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
752
753
|
"""
|
753
754
|
return pulumi.get(self, "allowed_users")
|
754
755
|
|
755
756
|
@allowed_users.setter
|
756
|
-
def allowed_users(self, value: Optional[pulumi.Input[str]]):
|
757
|
+
def allowed_users(self, value: Optional[pulumi.Input[builtins.str]]):
|
757
758
|
pulumi.set(self, "allowed_users", value)
|
758
759
|
|
759
760
|
@property
|
760
761
|
@pulumi.getter(name="allowedUsersTemplate")
|
761
|
-
def allowed_users_template(self) -> Optional[pulumi.Input[bool]]:
|
762
|
+
def allowed_users_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
762
763
|
"""
|
763
764
|
Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
764
765
|
"""
|
765
766
|
return pulumi.get(self, "allowed_users_template")
|
766
767
|
|
767
768
|
@allowed_users_template.setter
|
768
|
-
def allowed_users_template(self, value: Optional[pulumi.Input[bool]]):
|
769
|
+
def allowed_users_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
769
770
|
pulumi.set(self, "allowed_users_template", value)
|
770
771
|
|
771
772
|
@property
|
772
773
|
@pulumi.getter
|
773
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
774
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
774
775
|
"""
|
775
776
|
The path where the SSH secret backend is mounted.
|
776
777
|
"""
|
777
778
|
return pulumi.get(self, "backend")
|
778
779
|
|
779
780
|
@backend.setter
|
780
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
781
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
781
782
|
pulumi.set(self, "backend", value)
|
782
783
|
|
783
784
|
@property
|
784
785
|
@pulumi.getter(name="cidrList")
|
785
|
-
def cidr_list(self) -> Optional[pulumi.Input[str]]:
|
786
|
+
def cidr_list(self) -> Optional[pulumi.Input[builtins.str]]:
|
786
787
|
"""
|
787
788
|
The comma-separated string of CIDR blocks for which this role is applicable.
|
788
789
|
"""
|
789
790
|
return pulumi.get(self, "cidr_list")
|
790
791
|
|
791
792
|
@cidr_list.setter
|
792
|
-
def cidr_list(self, value: Optional[pulumi.Input[str]]):
|
793
|
+
def cidr_list(self, value: Optional[pulumi.Input[builtins.str]]):
|
793
794
|
pulumi.set(self, "cidr_list", value)
|
794
795
|
|
795
796
|
@property
|
796
797
|
@pulumi.getter(name="defaultCriticalOptions")
|
797
|
-
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
798
|
+
def default_critical_options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
798
799
|
"""
|
799
800
|
Specifies a map of critical options that certificates have when signed.
|
800
801
|
"""
|
801
802
|
return pulumi.get(self, "default_critical_options")
|
802
803
|
|
803
804
|
@default_critical_options.setter
|
804
|
-
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
805
|
+
def default_critical_options(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
805
806
|
pulumi.set(self, "default_critical_options", value)
|
806
807
|
|
807
808
|
@property
|
808
809
|
@pulumi.getter(name="defaultExtensions")
|
809
|
-
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
|
810
|
+
def default_extensions(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]:
|
810
811
|
"""
|
811
812
|
Specifies a map of extensions that certificates have when signed.
|
812
813
|
"""
|
813
814
|
return pulumi.get(self, "default_extensions")
|
814
815
|
|
815
816
|
@default_extensions.setter
|
816
|
-
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
|
817
|
+
def default_extensions(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]):
|
817
818
|
pulumi.set(self, "default_extensions", value)
|
818
819
|
|
819
820
|
@property
|
820
821
|
@pulumi.getter(name="defaultUser")
|
821
|
-
def default_user(self) -> Optional[pulumi.Input[str]]:
|
822
|
+
def default_user(self) -> Optional[pulumi.Input[builtins.str]]:
|
822
823
|
"""
|
823
824
|
Specifies the default username for which a credential will be generated.
|
824
825
|
"""
|
825
826
|
return pulumi.get(self, "default_user")
|
826
827
|
|
827
828
|
@default_user.setter
|
828
|
-
def default_user(self, value: Optional[pulumi.Input[str]]):
|
829
|
+
def default_user(self, value: Optional[pulumi.Input[builtins.str]]):
|
829
830
|
pulumi.set(self, "default_user", value)
|
830
831
|
|
831
832
|
@property
|
832
833
|
@pulumi.getter(name="defaultUserTemplate")
|
833
|
-
def default_user_template(self) -> Optional[pulumi.Input[bool]]:
|
834
|
+
def default_user_template(self) -> Optional[pulumi.Input[builtins.bool]]:
|
834
835
|
"""
|
835
836
|
If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
836
837
|
"""
|
837
838
|
return pulumi.get(self, "default_user_template")
|
838
839
|
|
839
840
|
@default_user_template.setter
|
840
|
-
def default_user_template(self, value: Optional[pulumi.Input[bool]]):
|
841
|
+
def default_user_template(self, value: Optional[pulumi.Input[builtins.bool]]):
|
841
842
|
pulumi.set(self, "default_user_template", value)
|
842
843
|
|
843
844
|
@property
|
844
845
|
@pulumi.getter(name="keyIdFormat")
|
845
|
-
def key_id_format(self) -> Optional[pulumi.Input[str]]:
|
846
|
+
def key_id_format(self) -> Optional[pulumi.Input[builtins.str]]:
|
846
847
|
"""
|
847
848
|
Specifies a custom format for the key id of a signed certificate.
|
848
849
|
"""
|
849
850
|
return pulumi.get(self, "key_id_format")
|
850
851
|
|
851
852
|
@key_id_format.setter
|
852
|
-
def key_id_format(self, value: Optional[pulumi.Input[str]]):
|
853
|
+
def key_id_format(self, value: Optional[pulumi.Input[builtins.str]]):
|
853
854
|
pulumi.set(self, "key_id_format", value)
|
854
855
|
|
855
856
|
@property
|
856
857
|
@pulumi.getter(name="keyType")
|
857
|
-
def key_type(self) -> Optional[pulumi.Input[str]]:
|
858
|
+
def key_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
858
859
|
"""
|
859
860
|
Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
860
861
|
"""
|
861
862
|
return pulumi.get(self, "key_type")
|
862
863
|
|
863
864
|
@key_type.setter
|
864
|
-
def key_type(self, value: Optional[pulumi.Input[str]]):
|
865
|
+
def key_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
865
866
|
pulumi.set(self, "key_type", value)
|
866
867
|
|
867
868
|
@property
|
868
869
|
@pulumi.getter(name="maxTtl")
|
869
|
-
def max_ttl(self) -> Optional[pulumi.Input[str]]:
|
870
|
+
def max_ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
870
871
|
"""
|
871
872
|
Specifies the maximum Time To Live value.
|
872
873
|
"""
|
873
874
|
return pulumi.get(self, "max_ttl")
|
874
875
|
|
875
876
|
@max_ttl.setter
|
876
|
-
def max_ttl(self, value: Optional[pulumi.Input[str]]):
|
877
|
+
def max_ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
877
878
|
pulumi.set(self, "max_ttl", value)
|
878
879
|
|
879
880
|
@property
|
880
881
|
@pulumi.getter
|
881
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
882
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
882
883
|
"""
|
883
884
|
Specifies the name of the role to create.
|
884
885
|
"""
|
885
886
|
return pulumi.get(self, "name")
|
886
887
|
|
887
888
|
@name.setter
|
888
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
889
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
889
890
|
pulumi.set(self, "name", value)
|
890
891
|
|
891
892
|
@property
|
892
893
|
@pulumi.getter
|
893
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
894
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
894
895
|
"""
|
895
896
|
The namespace to provision the resource in.
|
896
897
|
The value should not contain leading or trailing forward slashes.
|
@@ -900,31 +901,31 @@ class _SecretBackendRoleState:
|
|
900
901
|
return pulumi.get(self, "namespace")
|
901
902
|
|
902
903
|
@namespace.setter
|
903
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
904
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
904
905
|
pulumi.set(self, "namespace", value)
|
905
906
|
|
906
907
|
@property
|
907
908
|
@pulumi.getter(name="notBeforeDuration")
|
908
|
-
def not_before_duration(self) -> Optional[pulumi.Input[str]]:
|
909
|
+
def not_before_duration(self) -> Optional[pulumi.Input[builtins.str]]:
|
909
910
|
"""
|
910
911
|
Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
911
912
|
"""
|
912
913
|
return pulumi.get(self, "not_before_duration")
|
913
914
|
|
914
915
|
@not_before_duration.setter
|
915
|
-
def not_before_duration(self, value: Optional[pulumi.Input[str]]):
|
916
|
+
def not_before_duration(self, value: Optional[pulumi.Input[builtins.str]]):
|
916
917
|
pulumi.set(self, "not_before_duration", value)
|
917
918
|
|
918
919
|
@property
|
919
920
|
@pulumi.getter
|
920
|
-
def ttl(self) -> Optional[pulumi.Input[str]]:
|
921
|
+
def ttl(self) -> Optional[pulumi.Input[builtins.str]]:
|
921
922
|
"""
|
922
923
|
Specifies the Time To Live value.
|
923
924
|
"""
|
924
925
|
return pulumi.get(self, "ttl")
|
925
926
|
|
926
927
|
@ttl.setter
|
927
|
-
def ttl(self, value: Optional[pulumi.Input[str]]):
|
928
|
+
def ttl(self, value: Optional[pulumi.Input[builtins.str]]):
|
928
929
|
pulumi.set(self, "ttl", value)
|
929
930
|
|
930
931
|
|
@@ -933,33 +934,33 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
933
934
|
def __init__(__self__,
|
934
935
|
resource_name: str,
|
935
936
|
opts: Optional[pulumi.ResourceOptions] = None,
|
936
|
-
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
937
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
938
|
-
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
939
|
-
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
940
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
941
|
-
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
942
|
-
allow_user_key_ids: Optional[pulumi.Input[bool]] = None,
|
943
|
-
allowed_critical_options: Optional[pulumi.Input[str]] = None,
|
944
|
-
allowed_domains: Optional[pulumi.Input[str]] = None,
|
945
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
946
|
-
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
937
|
+
algorithm_signer: Optional[pulumi.Input[builtins.str]] = None,
|
938
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
939
|
+
allow_empty_principals: Optional[pulumi.Input[builtins.bool]] = None,
|
940
|
+
allow_host_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
941
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
942
|
+
allow_user_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
943
|
+
allow_user_key_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
944
|
+
allowed_critical_options: Optional[pulumi.Input[builtins.str]] = None,
|
945
|
+
allowed_domains: Optional[pulumi.Input[builtins.str]] = None,
|
946
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
947
|
+
allowed_extensions: Optional[pulumi.Input[builtins.str]] = None,
|
947
948
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
948
|
-
allowed_users: Optional[pulumi.Input[str]] = None,
|
949
|
-
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
950
|
-
backend: Optional[pulumi.Input[str]] = None,
|
951
|
-
cidr_list: Optional[pulumi.Input[str]] = None,
|
952
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
953
|
-
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
954
|
-
default_user: Optional[pulumi.Input[str]] = None,
|
955
|
-
default_user_template: Optional[pulumi.Input[bool]] = None,
|
956
|
-
key_id_format: Optional[pulumi.Input[str]] = None,
|
957
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
958
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
959
|
-
name: Optional[pulumi.Input[str]] = None,
|
960
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
961
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
962
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
949
|
+
allowed_users: Optional[pulumi.Input[builtins.str]] = None,
|
950
|
+
allowed_users_template: Optional[pulumi.Input[builtins.bool]] = None,
|
951
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
952
|
+
cidr_list: Optional[pulumi.Input[builtins.str]] = None,
|
953
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
954
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
955
|
+
default_user: Optional[pulumi.Input[builtins.str]] = None,
|
956
|
+
default_user_template: Optional[pulumi.Input[builtins.bool]] = None,
|
957
|
+
key_id_format: Optional[pulumi.Input[builtins.str]] = None,
|
958
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
959
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
960
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
961
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
962
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
963
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
963
964
|
__props__=None):
|
964
965
|
"""
|
965
966
|
Provides a resource to manage roles in an SSH secret backend
|
@@ -996,41 +997,41 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
996
997
|
|
997
998
|
:param str resource_name: The name of the resource.
|
998
999
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
999
|
-
:param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
1000
|
-
:param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
1001
|
-
:param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
|
1000
|
+
:param pulumi.Input[builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
1001
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
1002
|
+
:param pulumi.Input[builtins.bool] allow_empty_principals: Allow signing certificates with no
|
1002
1003
|
valid principals (e.g. any valid principal). For backwards compatibility
|
1003
1004
|
only. The default of false is highly recommended.
|
1004
|
-
:param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
1005
|
-
:param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
1006
|
-
:param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
1007
|
-
:param pulumi.Input[bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
1008
|
-
:param pulumi.Input[str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
1009
|
-
:param pulumi.Input[str] allowed_domains: The list of domains for which a client can request a host certificate.
|
1010
|
-
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1005
|
+
:param pulumi.Input[builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
1006
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
1007
|
+
:param pulumi.Input[builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
1008
|
+
:param pulumi.Input[builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
1009
|
+
:param pulumi.Input[builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
1010
|
+
:param pulumi.Input[builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
1011
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1011
1012
|
identity template policies. Non-templated domains are also permitted.
|
1012
|
-
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1013
|
+
:param pulumi.Input[builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1013
1014
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
1014
1015
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
1015
1016
|
*See Configuration-Options for more info*
|
1016
|
-
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1017
|
-
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1018
|
-
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
1019
|
-
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1020
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1021
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1022
|
-
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
1023
|
-
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1024
|
-
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
1025
|
-
:param pulumi.Input[str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
1026
|
-
:param pulumi.Input[str] max_ttl: Specifies the maximum Time To Live value.
|
1027
|
-
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
1028
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1017
|
+
:param pulumi.Input[builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1018
|
+
:param pulumi.Input[builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1019
|
+
:param pulumi.Input[builtins.str] backend: The path where the SSH secret backend is mounted.
|
1020
|
+
:param pulumi.Input[builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1021
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1022
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1023
|
+
:param pulumi.Input[builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
1024
|
+
:param pulumi.Input[builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1025
|
+
:param pulumi.Input[builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
1026
|
+
:param pulumi.Input[builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
1027
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
1028
|
+
:param pulumi.Input[builtins.str] name: Specifies the name of the role to create.
|
1029
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1029
1030
|
The value should not contain leading or trailing forward slashes.
|
1030
1031
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1031
1032
|
*Available only for Vault Enterprise*.
|
1032
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1033
|
-
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
1033
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1034
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the Time To Live value.
|
1034
1035
|
"""
|
1035
1036
|
...
|
1036
1037
|
@overload
|
@@ -1086,33 +1087,33 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1086
1087
|
def _internal_init(__self__,
|
1087
1088
|
resource_name: str,
|
1088
1089
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1089
|
-
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
1090
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1091
|
-
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
1092
|
-
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
1093
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1094
|
-
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
1095
|
-
allow_user_key_ids: Optional[pulumi.Input[bool]] = None,
|
1096
|
-
allowed_critical_options: Optional[pulumi.Input[str]] = None,
|
1097
|
-
allowed_domains: Optional[pulumi.Input[str]] = None,
|
1098
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1099
|
-
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
1090
|
+
algorithm_signer: Optional[pulumi.Input[builtins.str]] = None,
|
1091
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1092
|
+
allow_empty_principals: Optional[pulumi.Input[builtins.bool]] = None,
|
1093
|
+
allow_host_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1094
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
1095
|
+
allow_user_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1096
|
+
allow_user_key_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
1097
|
+
allowed_critical_options: Optional[pulumi.Input[builtins.str]] = None,
|
1098
|
+
allowed_domains: Optional[pulumi.Input[builtins.str]] = None,
|
1099
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1100
|
+
allowed_extensions: Optional[pulumi.Input[builtins.str]] = None,
|
1100
1101
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
1101
|
-
allowed_users: Optional[pulumi.Input[str]] = None,
|
1102
|
-
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
1103
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1104
|
-
cidr_list: Optional[pulumi.Input[str]] = None,
|
1105
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1106
|
-
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1107
|
-
default_user: Optional[pulumi.Input[str]] = None,
|
1108
|
-
default_user_template: Optional[pulumi.Input[bool]] = None,
|
1109
|
-
key_id_format: Optional[pulumi.Input[str]] = None,
|
1110
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1111
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1112
|
-
name: Optional[pulumi.Input[str]] = None,
|
1113
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1114
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
1115
|
-
ttl: Optional[pulumi.Input[str]] = None,
|
1102
|
+
allowed_users: Optional[pulumi.Input[builtins.str]] = None,
|
1103
|
+
allowed_users_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1104
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1105
|
+
cidr_list: Optional[pulumi.Input[builtins.str]] = None,
|
1106
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1107
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1108
|
+
default_user: Optional[pulumi.Input[builtins.str]] = None,
|
1109
|
+
default_user_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1110
|
+
key_id_format: Optional[pulumi.Input[builtins.str]] = None,
|
1111
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
1112
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1113
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1114
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1115
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1116
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1116
1117
|
__props__=None):
|
1117
1118
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1118
1119
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1163,33 +1164,33 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1163
1164
|
def get(resource_name: str,
|
1164
1165
|
id: pulumi.Input[str],
|
1165
1166
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1166
|
-
algorithm_signer: Optional[pulumi.Input[str]] = None,
|
1167
|
-
allow_bare_domains: Optional[pulumi.Input[bool]] = None,
|
1168
|
-
allow_empty_principals: Optional[pulumi.Input[bool]] = None,
|
1169
|
-
allow_host_certificates: Optional[pulumi.Input[bool]] = None,
|
1170
|
-
allow_subdomains: Optional[pulumi.Input[bool]] = None,
|
1171
|
-
allow_user_certificates: Optional[pulumi.Input[bool]] = None,
|
1172
|
-
allow_user_key_ids: Optional[pulumi.Input[bool]] = None,
|
1173
|
-
allowed_critical_options: Optional[pulumi.Input[str]] = None,
|
1174
|
-
allowed_domains: Optional[pulumi.Input[str]] = None,
|
1175
|
-
allowed_domains_template: Optional[pulumi.Input[bool]] = None,
|
1176
|
-
allowed_extensions: Optional[pulumi.Input[str]] = None,
|
1167
|
+
algorithm_signer: Optional[pulumi.Input[builtins.str]] = None,
|
1168
|
+
allow_bare_domains: Optional[pulumi.Input[builtins.bool]] = None,
|
1169
|
+
allow_empty_principals: Optional[pulumi.Input[builtins.bool]] = None,
|
1170
|
+
allow_host_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1171
|
+
allow_subdomains: Optional[pulumi.Input[builtins.bool]] = None,
|
1172
|
+
allow_user_certificates: Optional[pulumi.Input[builtins.bool]] = None,
|
1173
|
+
allow_user_key_ids: Optional[pulumi.Input[builtins.bool]] = None,
|
1174
|
+
allowed_critical_options: Optional[pulumi.Input[builtins.str]] = None,
|
1175
|
+
allowed_domains: Optional[pulumi.Input[builtins.str]] = None,
|
1176
|
+
allowed_domains_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1177
|
+
allowed_extensions: Optional[pulumi.Input[builtins.str]] = None,
|
1177
1178
|
allowed_user_key_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]]] = None,
|
1178
|
-
allowed_users: Optional[pulumi.Input[str]] = None,
|
1179
|
-
allowed_users_template: Optional[pulumi.Input[bool]] = None,
|
1180
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1181
|
-
cidr_list: Optional[pulumi.Input[str]] = None,
|
1182
|
-
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1183
|
-
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
|
1184
|
-
default_user: Optional[pulumi.Input[str]] = None,
|
1185
|
-
default_user_template: Optional[pulumi.Input[bool]] = None,
|
1186
|
-
key_id_format: Optional[pulumi.Input[str]] = None,
|
1187
|
-
key_type: Optional[pulumi.Input[str]] = None,
|
1188
|
-
max_ttl: Optional[pulumi.Input[str]] = None,
|
1189
|
-
name: Optional[pulumi.Input[str]] = None,
|
1190
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1191
|
-
not_before_duration: Optional[pulumi.Input[str]] = None,
|
1192
|
-
ttl: Optional[pulumi.Input[str]] = None) -> 'SecretBackendRole':
|
1179
|
+
allowed_users: Optional[pulumi.Input[builtins.str]] = None,
|
1180
|
+
allowed_users_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1181
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1182
|
+
cidr_list: Optional[pulumi.Input[builtins.str]] = None,
|
1183
|
+
default_critical_options: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1184
|
+
default_extensions: Optional[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]] = None,
|
1185
|
+
default_user: Optional[pulumi.Input[builtins.str]] = None,
|
1186
|
+
default_user_template: Optional[pulumi.Input[builtins.bool]] = None,
|
1187
|
+
key_id_format: Optional[pulumi.Input[builtins.str]] = None,
|
1188
|
+
key_type: Optional[pulumi.Input[builtins.str]] = None,
|
1189
|
+
max_ttl: Optional[pulumi.Input[builtins.str]] = None,
|
1190
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1191
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1192
|
+
not_before_duration: Optional[pulumi.Input[builtins.str]] = None,
|
1193
|
+
ttl: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendRole':
|
1193
1194
|
"""
|
1194
1195
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
1195
1196
|
properties used to qualify the lookup.
|
@@ -1197,41 +1198,41 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1197
1198
|
:param str resource_name: The unique name of the resulting resource.
|
1198
1199
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1199
1200
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1200
|
-
:param pulumi.Input[str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
1201
|
-
:param pulumi.Input[bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
1202
|
-
:param pulumi.Input[bool] allow_empty_principals: Allow signing certificates with no
|
1201
|
+
:param pulumi.Input[builtins.str] algorithm_signer: When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
1202
|
+
:param pulumi.Input[builtins.bool] allow_bare_domains: Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
1203
|
+
:param pulumi.Input[builtins.bool] allow_empty_principals: Allow signing certificates with no
|
1203
1204
|
valid principals (e.g. any valid principal). For backwards compatibility
|
1204
1205
|
only. The default of false is highly recommended.
|
1205
|
-
:param pulumi.Input[bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
1206
|
-
:param pulumi.Input[bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
1207
|
-
:param pulumi.Input[bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
1208
|
-
:param pulumi.Input[bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
1209
|
-
:param pulumi.Input[str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
1210
|
-
:param pulumi.Input[str] allowed_domains: The list of domains for which a client can request a host certificate.
|
1211
|
-
:param pulumi.Input[bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1206
|
+
:param pulumi.Input[builtins.bool] allow_host_certificates: Specifies if certificates are allowed to be signed for use as a 'host'.
|
1207
|
+
:param pulumi.Input[builtins.bool] allow_subdomains: Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
1208
|
+
:param pulumi.Input[builtins.bool] allow_user_certificates: Specifies if certificates are allowed to be signed for use as a 'user'.
|
1209
|
+
:param pulumi.Input[builtins.bool] allow_user_key_ids: Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
1210
|
+
:param pulumi.Input[builtins.str] allowed_critical_options: Specifies a comma-separated list of critical options that certificates can have when signed.
|
1211
|
+
:param pulumi.Input[builtins.str] allowed_domains: The list of domains for which a client can request a host certificate.
|
1212
|
+
:param pulumi.Input[builtins.bool] allowed_domains_template: Specifies if `allowed_domains` can be declared using
|
1212
1213
|
identity template policies. Non-templated domains are also permitted.
|
1213
|
-
:param pulumi.Input[str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1214
|
+
:param pulumi.Input[builtins.str] allowed_extensions: Specifies a comma-separated list of extensions that certificates can have when signed.
|
1214
1215
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRoleAllowedUserKeyConfigArgs', 'SecretBackendRoleAllowedUserKeyConfigArgsDict']]]] allowed_user_key_configs: Set of configuration blocks to define allowed
|
1215
1216
|
user key configuration, like key type and their lengths. Can be specified multiple times.
|
1216
1217
|
*See Configuration-Options for more info*
|
1217
|
-
:param pulumi.Input[str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1218
|
-
:param pulumi.Input[bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1219
|
-
:param pulumi.Input[str] backend: The path where the SSH secret backend is mounted.
|
1220
|
-
:param pulumi.Input[str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1221
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1222
|
-
:param pulumi.Input[Mapping[str, pulumi.Input[str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1223
|
-
:param pulumi.Input[str] default_user: Specifies the default username for which a credential will be generated.
|
1224
|
-
:param pulumi.Input[bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1225
|
-
:param pulumi.Input[str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
1226
|
-
:param pulumi.Input[str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
1227
|
-
:param pulumi.Input[str] max_ttl: Specifies the maximum Time To Live value.
|
1228
|
-
:param pulumi.Input[str] name: Specifies the name of the role to create.
|
1229
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1218
|
+
:param pulumi.Input[builtins.str] allowed_users: Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1219
|
+
:param pulumi.Input[builtins.bool] allowed_users_template: Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1220
|
+
:param pulumi.Input[builtins.str] backend: The path where the SSH secret backend is mounted.
|
1221
|
+
:param pulumi.Input[builtins.str] cidr_list: The comma-separated string of CIDR blocks for which this role is applicable.
|
1222
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_critical_options: Specifies a map of critical options that certificates have when signed.
|
1223
|
+
:param pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]] default_extensions: Specifies a map of extensions that certificates have when signed.
|
1224
|
+
:param pulumi.Input[builtins.str] default_user: Specifies the default username for which a credential will be generated.
|
1225
|
+
:param pulumi.Input[builtins.bool] default_user_template: If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1226
|
+
:param pulumi.Input[builtins.str] key_id_format: Specifies a custom format for the key id of a signed certificate.
|
1227
|
+
:param pulumi.Input[builtins.str] key_type: Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
1228
|
+
:param pulumi.Input[builtins.str] max_ttl: Specifies the maximum Time To Live value.
|
1229
|
+
:param pulumi.Input[builtins.str] name: Specifies the name of the role to create.
|
1230
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1230
1231
|
The value should not contain leading or trailing forward slashes.
|
1231
1232
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1232
1233
|
*Available only for Vault Enterprise*.
|
1233
|
-
:param pulumi.Input[str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1234
|
-
:param pulumi.Input[str] ttl: Specifies the Time To Live value.
|
1234
|
+
:param pulumi.Input[builtins.str] not_before_duration: Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1235
|
+
:param pulumi.Input[builtins.str] ttl: Specifies the Time To Live value.
|
1235
1236
|
"""
|
1236
1237
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1237
1238
|
|
@@ -1268,7 +1269,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1268
1269
|
|
1269
1270
|
@property
|
1270
1271
|
@pulumi.getter(name="algorithmSigner")
|
1271
|
-
def algorithm_signer(self) -> pulumi.Output[str]:
|
1272
|
+
def algorithm_signer(self) -> pulumi.Output[builtins.str]:
|
1272
1273
|
"""
|
1273
1274
|
When supplied, this value specifies a signing algorithm for the key. Possible values: ssh-rsa, rsa-sha2-256, rsa-sha2-512.
|
1274
1275
|
"""
|
@@ -1276,7 +1277,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1276
1277
|
|
1277
1278
|
@property
|
1278
1279
|
@pulumi.getter(name="allowBareDomains")
|
1279
|
-
def allow_bare_domains(self) -> pulumi.Output[Optional[bool]]:
|
1280
|
+
def allow_bare_domains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1280
1281
|
"""
|
1281
1282
|
Specifies if host certificates that are requested are allowed to use the base domains listed in `allowed_domains`.
|
1282
1283
|
"""
|
@@ -1284,7 +1285,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1284
1285
|
|
1285
1286
|
@property
|
1286
1287
|
@pulumi.getter(name="allowEmptyPrincipals")
|
1287
|
-
def allow_empty_principals(self) -> pulumi.Output[Optional[bool]]:
|
1288
|
+
def allow_empty_principals(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1288
1289
|
"""
|
1289
1290
|
Allow signing certificates with no
|
1290
1291
|
valid principals (e.g. any valid principal). For backwards compatibility
|
@@ -1294,7 +1295,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1294
1295
|
|
1295
1296
|
@property
|
1296
1297
|
@pulumi.getter(name="allowHostCertificates")
|
1297
|
-
def allow_host_certificates(self) -> pulumi.Output[Optional[bool]]:
|
1298
|
+
def allow_host_certificates(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1298
1299
|
"""
|
1299
1300
|
Specifies if certificates are allowed to be signed for use as a 'host'.
|
1300
1301
|
"""
|
@@ -1302,7 +1303,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1302
1303
|
|
1303
1304
|
@property
|
1304
1305
|
@pulumi.getter(name="allowSubdomains")
|
1305
|
-
def allow_subdomains(self) -> pulumi.Output[Optional[bool]]:
|
1306
|
+
def allow_subdomains(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1306
1307
|
"""
|
1307
1308
|
Specifies if host certificates that are requested are allowed to be subdomains of those listed in `allowed_domains`.
|
1308
1309
|
"""
|
@@ -1310,7 +1311,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1310
1311
|
|
1311
1312
|
@property
|
1312
1313
|
@pulumi.getter(name="allowUserCertificates")
|
1313
|
-
def allow_user_certificates(self) -> pulumi.Output[Optional[bool]]:
|
1314
|
+
def allow_user_certificates(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1314
1315
|
"""
|
1315
1316
|
Specifies if certificates are allowed to be signed for use as a 'user'.
|
1316
1317
|
"""
|
@@ -1318,7 +1319,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1318
1319
|
|
1319
1320
|
@property
|
1320
1321
|
@pulumi.getter(name="allowUserKeyIds")
|
1321
|
-
def allow_user_key_ids(self) -> pulumi.Output[Optional[bool]]:
|
1322
|
+
def allow_user_key_ids(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1322
1323
|
"""
|
1323
1324
|
Specifies if users can override the key ID for a signed certificate with the `key_id` field.
|
1324
1325
|
"""
|
@@ -1326,7 +1327,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1326
1327
|
|
1327
1328
|
@property
|
1328
1329
|
@pulumi.getter(name="allowedCriticalOptions")
|
1329
|
-
def allowed_critical_options(self) -> pulumi.Output[Optional[str]]:
|
1330
|
+
def allowed_critical_options(self) -> pulumi.Output[Optional[builtins.str]]:
|
1330
1331
|
"""
|
1331
1332
|
Specifies a comma-separated list of critical options that certificates can have when signed.
|
1332
1333
|
"""
|
@@ -1334,7 +1335,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1334
1335
|
|
1335
1336
|
@property
|
1336
1337
|
@pulumi.getter(name="allowedDomains")
|
1337
|
-
def allowed_domains(self) -> pulumi.Output[Optional[str]]:
|
1338
|
+
def allowed_domains(self) -> pulumi.Output[Optional[builtins.str]]:
|
1338
1339
|
"""
|
1339
1340
|
The list of domains for which a client can request a host certificate.
|
1340
1341
|
"""
|
@@ -1342,7 +1343,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1342
1343
|
|
1343
1344
|
@property
|
1344
1345
|
@pulumi.getter(name="allowedDomainsTemplate")
|
1345
|
-
def allowed_domains_template(self) -> pulumi.Output[bool]:
|
1346
|
+
def allowed_domains_template(self) -> pulumi.Output[builtins.bool]:
|
1346
1347
|
"""
|
1347
1348
|
Specifies if `allowed_domains` can be declared using
|
1348
1349
|
identity template policies. Non-templated domains are also permitted.
|
@@ -1351,7 +1352,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1351
1352
|
|
1352
1353
|
@property
|
1353
1354
|
@pulumi.getter(name="allowedExtensions")
|
1354
|
-
def allowed_extensions(self) -> pulumi.Output[Optional[str]]:
|
1355
|
+
def allowed_extensions(self) -> pulumi.Output[Optional[builtins.str]]:
|
1355
1356
|
"""
|
1356
1357
|
Specifies a comma-separated list of extensions that certificates can have when signed.
|
1357
1358
|
"""
|
@@ -1369,7 +1370,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1369
1370
|
|
1370
1371
|
@property
|
1371
1372
|
@pulumi.getter(name="allowedUsers")
|
1372
|
-
def allowed_users(self) -> pulumi.Output[Optional[str]]:
|
1373
|
+
def allowed_users(self) -> pulumi.Output[Optional[builtins.str]]:
|
1373
1374
|
"""
|
1374
1375
|
Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed.
|
1375
1376
|
"""
|
@@ -1377,7 +1378,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1377
1378
|
|
1378
1379
|
@property
|
1379
1380
|
@pulumi.getter(name="allowedUsersTemplate")
|
1380
|
-
def allowed_users_template(self) -> pulumi.Output[Optional[bool]]:
|
1381
|
+
def allowed_users_template(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1381
1382
|
"""
|
1382
1383
|
Specifies if `allowed_users` can be declared using identity template policies. Non-templated users are also permitted.
|
1383
1384
|
"""
|
@@ -1385,7 +1386,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1385
1386
|
|
1386
1387
|
@property
|
1387
1388
|
@pulumi.getter
|
1388
|
-
def backend(self) -> pulumi.Output[str]:
|
1389
|
+
def backend(self) -> pulumi.Output[builtins.str]:
|
1389
1390
|
"""
|
1390
1391
|
The path where the SSH secret backend is mounted.
|
1391
1392
|
"""
|
@@ -1393,7 +1394,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1393
1394
|
|
1394
1395
|
@property
|
1395
1396
|
@pulumi.getter(name="cidrList")
|
1396
|
-
def cidr_list(self) -> pulumi.Output[Optional[str]]:
|
1397
|
+
def cidr_list(self) -> pulumi.Output[Optional[builtins.str]]:
|
1397
1398
|
"""
|
1398
1399
|
The comma-separated string of CIDR blocks for which this role is applicable.
|
1399
1400
|
"""
|
@@ -1401,7 +1402,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1401
1402
|
|
1402
1403
|
@property
|
1403
1404
|
@pulumi.getter(name="defaultCriticalOptions")
|
1404
|
-
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1405
|
+
def default_critical_options(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1405
1406
|
"""
|
1406
1407
|
Specifies a map of critical options that certificates have when signed.
|
1407
1408
|
"""
|
@@ -1409,7 +1410,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1409
1410
|
|
1410
1411
|
@property
|
1411
1412
|
@pulumi.getter(name="defaultExtensions")
|
1412
|
-
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
|
1413
|
+
def default_extensions(self) -> pulumi.Output[Optional[Mapping[str, builtins.str]]]:
|
1413
1414
|
"""
|
1414
1415
|
Specifies a map of extensions that certificates have when signed.
|
1415
1416
|
"""
|
@@ -1417,7 +1418,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1417
1418
|
|
1418
1419
|
@property
|
1419
1420
|
@pulumi.getter(name="defaultUser")
|
1420
|
-
def default_user(self) -> pulumi.Output[Optional[str]]:
|
1421
|
+
def default_user(self) -> pulumi.Output[Optional[builtins.str]]:
|
1421
1422
|
"""
|
1422
1423
|
Specifies the default username for which a credential will be generated.
|
1423
1424
|
"""
|
@@ -1425,7 +1426,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1425
1426
|
|
1426
1427
|
@property
|
1427
1428
|
@pulumi.getter(name="defaultUserTemplate")
|
1428
|
-
def default_user_template(self) -> pulumi.Output[Optional[bool]]:
|
1429
|
+
def default_user_template(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1429
1430
|
"""
|
1430
1431
|
If set, `default_users` can be specified using identity template values. A non-templated user is also permitted.
|
1431
1432
|
"""
|
@@ -1433,7 +1434,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1433
1434
|
|
1434
1435
|
@property
|
1435
1436
|
@pulumi.getter(name="keyIdFormat")
|
1436
|
-
def key_id_format(self) -> pulumi.Output[Optional[str]]:
|
1437
|
+
def key_id_format(self) -> pulumi.Output[Optional[builtins.str]]:
|
1437
1438
|
"""
|
1438
1439
|
Specifies a custom format for the key id of a signed certificate.
|
1439
1440
|
"""
|
@@ -1441,7 +1442,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1441
1442
|
|
1442
1443
|
@property
|
1443
1444
|
@pulumi.getter(name="keyType")
|
1444
|
-
def key_type(self) -> pulumi.Output[str]:
|
1445
|
+
def key_type(self) -> pulumi.Output[builtins.str]:
|
1445
1446
|
"""
|
1446
1447
|
Specifies the type of credentials generated by this role. This can be either `otp`, `dynamic` or `ca`.
|
1447
1448
|
"""
|
@@ -1449,7 +1450,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1449
1450
|
|
1450
1451
|
@property
|
1451
1452
|
@pulumi.getter(name="maxTtl")
|
1452
|
-
def max_ttl(self) -> pulumi.Output[str]:
|
1453
|
+
def max_ttl(self) -> pulumi.Output[builtins.str]:
|
1453
1454
|
"""
|
1454
1455
|
Specifies the maximum Time To Live value.
|
1455
1456
|
"""
|
@@ -1457,7 +1458,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1457
1458
|
|
1458
1459
|
@property
|
1459
1460
|
@pulumi.getter
|
1460
|
-
def name(self) -> pulumi.Output[str]:
|
1461
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
1461
1462
|
"""
|
1462
1463
|
Specifies the name of the role to create.
|
1463
1464
|
"""
|
@@ -1465,7 +1466,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1465
1466
|
|
1466
1467
|
@property
|
1467
1468
|
@pulumi.getter
|
1468
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1469
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1469
1470
|
"""
|
1470
1471
|
The namespace to provision the resource in.
|
1471
1472
|
The value should not contain leading or trailing forward slashes.
|
@@ -1476,7 +1477,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1476
1477
|
|
1477
1478
|
@property
|
1478
1479
|
@pulumi.getter(name="notBeforeDuration")
|
1479
|
-
def not_before_duration(self) -> pulumi.Output[str]:
|
1480
|
+
def not_before_duration(self) -> pulumi.Output[builtins.str]:
|
1480
1481
|
"""
|
1481
1482
|
Specifies the duration by which to backdate the ValidAfter property. Uses duration format strings.
|
1482
1483
|
"""
|
@@ -1484,7 +1485,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
1484
1485
|
|
1485
1486
|
@property
|
1486
1487
|
@pulumi.getter
|
1487
|
-
def ttl(self) -> pulumi.Output[str]:
|
1488
|
+
def ttl(self) -> pulumi.Output[builtins.str]:
|
1488
1489
|
"""
|
1489
1490
|
Specifies the Time To Live value.
|
1490
1491
|
"""
|