pulumi-vault 6.7.0a1743576047__py3-none-any.whl → 6.7.0a1744267302__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -0
- pulumi_vault/_inputs.py +554 -553
- pulumi_vault/ad/__init__.py +1 -0
- pulumi_vault/ad/get_access_credentials.py +20 -19
- pulumi_vault/ad/secret_backend.py +477 -476
- pulumi_vault/ad/secret_library.py +99 -98
- pulumi_vault/ad/secret_role.py +85 -84
- pulumi_vault/alicloud/__init__.py +1 -0
- pulumi_vault/alicloud/auth_backend_role.py +183 -182
- pulumi_vault/approle/__init__.py +1 -0
- pulumi_vault/approle/auth_backend_login.py +106 -105
- pulumi_vault/approle/auth_backend_role.py +239 -238
- pulumi_vault/approle/auth_backend_role_secret_id.py +162 -161
- pulumi_vault/approle/get_auth_backend_role_id.py +18 -17
- pulumi_vault/audit.py +85 -84
- pulumi_vault/audit_request_header.py +43 -42
- pulumi_vault/auth_backend.py +106 -105
- pulumi_vault/aws/__init__.py +1 -0
- pulumi_vault/aws/auth_backend_cert.py +71 -70
- pulumi_vault/aws/auth_backend_client.py +253 -252
- pulumi_vault/aws/auth_backend_config_identity.py +85 -84
- pulumi_vault/aws/auth_backend_identity_whitelist.py +57 -56
- pulumi_vault/aws/auth_backend_login.py +209 -208
- pulumi_vault/aws/auth_backend_role.py +400 -399
- pulumi_vault/aws/auth_backend_role_tag.py +127 -126
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +57 -56
- pulumi_vault/aws/auth_backend_sts_role.py +71 -70
- pulumi_vault/aws/get_access_credentials.py +44 -43
- pulumi_vault/aws/get_static_access_credentials.py +13 -12
- pulumi_vault/aws/secret_backend.py +337 -336
- pulumi_vault/aws/secret_backend_role.py +211 -210
- pulumi_vault/aws/secret_backend_static_role.py +113 -112
- pulumi_vault/azure/__init__.py +1 -0
- pulumi_vault/azure/_inputs.py +21 -20
- pulumi_vault/azure/auth_backend_config.py +183 -182
- pulumi_vault/azure/auth_backend_role.py +253 -252
- pulumi_vault/azure/backend.py +239 -238
- pulumi_vault/azure/backend_role.py +141 -140
- pulumi_vault/azure/get_access_credentials.py +58 -57
- pulumi_vault/azure/outputs.py +11 -10
- pulumi_vault/cert_auth_backend_role.py +365 -364
- pulumi_vault/config/__init__.py +1 -0
- pulumi_vault/config/__init__.pyi +1 -0
- pulumi_vault/config/_inputs.py +11 -10
- pulumi_vault/config/outputs.py +287 -286
- pulumi_vault/config/ui_custom_message.py +113 -112
- pulumi_vault/config/vars.py +1 -0
- pulumi_vault/consul/__init__.py +1 -0
- pulumi_vault/consul/secret_backend.py +197 -196
- pulumi_vault/consul/secret_backend_role.py +183 -182
- pulumi_vault/database/__init__.py +1 -0
- pulumi_vault/database/_inputs.py +2525 -2524
- pulumi_vault/database/outputs.py +1529 -1528
- pulumi_vault/database/secret_backend_connection.py +169 -168
- pulumi_vault/database/secret_backend_role.py +169 -168
- pulumi_vault/database/secret_backend_static_role.py +179 -178
- pulumi_vault/database/secrets_mount.py +267 -266
- pulumi_vault/egp_policy.py +71 -70
- pulumi_vault/gcp/__init__.py +1 -0
- pulumi_vault/gcp/_inputs.py +82 -81
- pulumi_vault/gcp/auth_backend.py +260 -259
- pulumi_vault/gcp/auth_backend_role.py +281 -280
- pulumi_vault/gcp/get_auth_backend_role.py +70 -69
- pulumi_vault/gcp/outputs.py +50 -49
- pulumi_vault/gcp/secret_backend.py +232 -231
- pulumi_vault/gcp/secret_impersonated_account.py +92 -91
- pulumi_vault/gcp/secret_roleset.py +92 -91
- pulumi_vault/gcp/secret_static_account.py +92 -91
- pulumi_vault/generic/__init__.py +1 -0
- pulumi_vault/generic/endpoint.py +113 -112
- pulumi_vault/generic/get_secret.py +28 -27
- pulumi_vault/generic/secret.py +78 -77
- pulumi_vault/get_auth_backend.py +19 -18
- pulumi_vault/get_auth_backends.py +14 -13
- pulumi_vault/get_namespace.py +15 -14
- pulumi_vault/get_namespaces.py +8 -7
- pulumi_vault/get_nomad_access_token.py +19 -18
- pulumi_vault/get_policy_document.py +6 -5
- pulumi_vault/get_raft_autopilot_state.py +18 -17
- pulumi_vault/github/__init__.py +1 -0
- pulumi_vault/github/_inputs.py +42 -41
- pulumi_vault/github/auth_backend.py +232 -231
- pulumi_vault/github/outputs.py +26 -25
- pulumi_vault/github/team.py +57 -56
- pulumi_vault/github/user.py +57 -56
- pulumi_vault/identity/__init__.py +1 -0
- pulumi_vault/identity/entity.py +85 -84
- pulumi_vault/identity/entity_alias.py +71 -70
- pulumi_vault/identity/entity_policies.py +64 -63
- pulumi_vault/identity/get_entity.py +43 -42
- pulumi_vault/identity/get_group.py +50 -49
- pulumi_vault/identity/get_oidc_client_creds.py +14 -13
- pulumi_vault/identity/get_oidc_openid_config.py +24 -23
- pulumi_vault/identity/get_oidc_public_keys.py +13 -12
- pulumi_vault/identity/group.py +141 -140
- pulumi_vault/identity/group_alias.py +57 -56
- pulumi_vault/identity/group_member_entity_ids.py +57 -56
- pulumi_vault/identity/group_member_group_ids.py +57 -56
- pulumi_vault/identity/group_policies.py +64 -63
- pulumi_vault/identity/mfa_duo.py +148 -147
- pulumi_vault/identity/mfa_login_enforcement.py +120 -119
- pulumi_vault/identity/mfa_okta.py +134 -133
- pulumi_vault/identity/mfa_pingid.py +127 -126
- pulumi_vault/identity/mfa_totp.py +176 -175
- pulumi_vault/identity/oidc.py +29 -28
- pulumi_vault/identity/oidc_assignment.py +57 -56
- pulumi_vault/identity/oidc_client.py +127 -126
- pulumi_vault/identity/oidc_key.py +85 -84
- pulumi_vault/identity/oidc_key_allowed_client_id.py +43 -42
- pulumi_vault/identity/oidc_provider.py +92 -91
- pulumi_vault/identity/oidc_role.py +85 -84
- pulumi_vault/identity/oidc_scope.py +57 -56
- pulumi_vault/identity/outputs.py +32 -31
- pulumi_vault/jwt/__init__.py +1 -0
- pulumi_vault/jwt/_inputs.py +42 -41
- pulumi_vault/jwt/auth_backend.py +288 -287
- pulumi_vault/jwt/auth_backend_role.py +407 -406
- pulumi_vault/jwt/outputs.py +26 -25
- pulumi_vault/kmip/__init__.py +1 -0
- pulumi_vault/kmip/secret_backend.py +183 -182
- pulumi_vault/kmip/secret_role.py +295 -294
- pulumi_vault/kmip/secret_scope.py +57 -56
- pulumi_vault/kubernetes/__init__.py +1 -0
- pulumi_vault/kubernetes/auth_backend_config.py +141 -140
- pulumi_vault/kubernetes/auth_backend_role.py +225 -224
- pulumi_vault/kubernetes/get_auth_backend_config.py +47 -46
- pulumi_vault/kubernetes/get_auth_backend_role.py +70 -69
- pulumi_vault/kubernetes/get_service_account_token.py +38 -37
- pulumi_vault/kubernetes/secret_backend.py +316 -315
- pulumi_vault/kubernetes/secret_backend_role.py +197 -196
- pulumi_vault/kv/__init__.py +1 -0
- pulumi_vault/kv/_inputs.py +21 -20
- pulumi_vault/kv/get_secret.py +17 -16
- pulumi_vault/kv/get_secret_subkeys_v2.py +30 -29
- pulumi_vault/kv/get_secret_v2.py +29 -28
- pulumi_vault/kv/get_secrets_list.py +13 -12
- pulumi_vault/kv/get_secrets_list_v2.py +19 -18
- pulumi_vault/kv/outputs.py +13 -12
- pulumi_vault/kv/secret.py +50 -49
- pulumi_vault/kv/secret_backend_v2.py +71 -70
- pulumi_vault/kv/secret_v2.py +134 -133
- pulumi_vault/ldap/__init__.py +1 -0
- pulumi_vault/ldap/auth_backend.py +588 -587
- pulumi_vault/ldap/auth_backend_group.py +57 -56
- pulumi_vault/ldap/auth_backend_user.py +71 -70
- pulumi_vault/ldap/get_dynamic_credentials.py +17 -16
- pulumi_vault/ldap/get_static_credentials.py +18 -17
- pulumi_vault/ldap/secret_backend.py +554 -553
- pulumi_vault/ldap/secret_backend_dynamic_role.py +127 -126
- pulumi_vault/ldap/secret_backend_library_set.py +99 -98
- pulumi_vault/ldap/secret_backend_static_role.py +99 -98
- pulumi_vault/managed/__init__.py +1 -0
- pulumi_vault/managed/_inputs.py +229 -228
- pulumi_vault/managed/keys.py +15 -14
- pulumi_vault/managed/outputs.py +139 -138
- pulumi_vault/mfa_duo.py +113 -112
- pulumi_vault/mfa_okta.py +113 -112
- pulumi_vault/mfa_pingid.py +120 -119
- pulumi_vault/mfa_totp.py +127 -126
- pulumi_vault/mongodbatlas/__init__.py +1 -0
- pulumi_vault/mongodbatlas/secret_backend.py +64 -63
- pulumi_vault/mongodbatlas/secret_role.py +155 -154
- pulumi_vault/mount.py +274 -273
- pulumi_vault/namespace.py +64 -63
- pulumi_vault/nomad_secret_backend.py +211 -210
- pulumi_vault/nomad_secret_role.py +85 -84
- pulumi_vault/okta/__init__.py +1 -0
- pulumi_vault/okta/_inputs.py +26 -25
- pulumi_vault/okta/auth_backend.py +274 -273
- pulumi_vault/okta/auth_backend_group.py +57 -56
- pulumi_vault/okta/auth_backend_user.py +71 -70
- pulumi_vault/okta/outputs.py +16 -15
- pulumi_vault/outputs.py +56 -55
- pulumi_vault/password_policy.py +43 -42
- pulumi_vault/pkisecret/__init__.py +1 -0
- pulumi_vault/pkisecret/_inputs.py +31 -30
- pulumi_vault/pkisecret/backend_acme_eab.py +92 -91
- pulumi_vault/pkisecret/backend_config_acme.py +141 -140
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +323 -322
- pulumi_vault/pkisecret/backend_config_cluster.py +57 -56
- pulumi_vault/pkisecret/backend_config_cmpv2.py +106 -105
- pulumi_vault/pkisecret/backend_config_est.py +120 -119
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +22 -21
- pulumi_vault/pkisecret/get_backend_config_est.py +19 -18
- pulumi_vault/pkisecret/get_backend_issuer.py +45 -44
- pulumi_vault/pkisecret/get_backend_issuers.py +15 -14
- pulumi_vault/pkisecret/get_backend_key.py +20 -19
- pulumi_vault/pkisecret/get_backend_keys.py +15 -14
- pulumi_vault/pkisecret/outputs.py +28 -27
- pulumi_vault/pkisecret/secret_backend_cert.py +337 -336
- pulumi_vault/pkisecret/secret_backend_config_ca.py +43 -42
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +57 -56
- pulumi_vault/pkisecret/secret_backend_config_urls.py +85 -84
- pulumi_vault/pkisecret/secret_backend_crl_config.py +197 -196
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +421 -420
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +57 -56
- pulumi_vault/pkisecret/secret_backend_issuer.py +232 -231
- pulumi_vault/pkisecret/secret_backend_key.py +120 -119
- pulumi_vault/pkisecret/secret_backend_role.py +715 -714
- pulumi_vault/pkisecret/secret_backend_root_cert.py +554 -553
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +526 -525
- pulumi_vault/pkisecret/secret_backend_sign.py +281 -280
- pulumi_vault/plugin.py +127 -126
- pulumi_vault/plugin_pinned_version.py +43 -42
- pulumi_vault/policy.py +43 -42
- pulumi_vault/provider.py +120 -119
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +85 -84
- pulumi_vault/quota_rate_limit.py +113 -112
- pulumi_vault/rabbitmq/__init__.py +1 -0
- pulumi_vault/rabbitmq/_inputs.py +41 -40
- pulumi_vault/rabbitmq/outputs.py +25 -24
- pulumi_vault/rabbitmq/secret_backend.py +169 -168
- pulumi_vault/rabbitmq/secret_backend_role.py +57 -56
- pulumi_vault/raft_autopilot.py +113 -112
- pulumi_vault/raft_snapshot_agent_config.py +393 -392
- pulumi_vault/rgp_policy.py +57 -56
- pulumi_vault/saml/__init__.py +1 -0
- pulumi_vault/saml/auth_backend.py +155 -154
- pulumi_vault/saml/auth_backend_role.py +239 -238
- pulumi_vault/secrets/__init__.py +1 -0
- pulumi_vault/secrets/_inputs.py +16 -15
- pulumi_vault/secrets/outputs.py +10 -9
- pulumi_vault/secrets/sync_association.py +71 -70
- pulumi_vault/secrets/sync_aws_destination.py +148 -147
- pulumi_vault/secrets/sync_azure_destination.py +148 -147
- pulumi_vault/secrets/sync_config.py +43 -42
- pulumi_vault/secrets/sync_gcp_destination.py +106 -105
- pulumi_vault/secrets/sync_gh_destination.py +134 -133
- pulumi_vault/secrets/sync_github_apps.py +64 -63
- pulumi_vault/secrets/sync_vercel_destination.py +120 -119
- pulumi_vault/ssh/__init__.py +1 -0
- pulumi_vault/ssh/_inputs.py +11 -10
- pulumi_vault/ssh/get_secret_backend_sign.py +52 -51
- pulumi_vault/ssh/outputs.py +7 -6
- pulumi_vault/ssh/secret_backend_ca.py +99 -98
- pulumi_vault/ssh/secret_backend_role.py +365 -364
- pulumi_vault/terraformcloud/__init__.py +1 -0
- pulumi_vault/terraformcloud/secret_backend.py +111 -110
- pulumi_vault/terraformcloud/secret_creds.py +74 -73
- pulumi_vault/terraformcloud/secret_role.py +93 -92
- pulumi_vault/token.py +246 -245
- pulumi_vault/tokenauth/__init__.py +1 -0
- pulumi_vault/tokenauth/auth_backend_role.py +267 -266
- pulumi_vault/transform/__init__.py +1 -0
- pulumi_vault/transform/alphabet.py +57 -56
- pulumi_vault/transform/get_decode.py +47 -46
- pulumi_vault/transform/get_encode.py +47 -46
- pulumi_vault/transform/role.py +57 -56
- pulumi_vault/transform/template.py +113 -112
- pulumi_vault/transform/transformation.py +141 -140
- pulumi_vault/transit/__init__.py +1 -0
- pulumi_vault/transit/get_decrypt.py +18 -17
- pulumi_vault/transit/get_encrypt.py +21 -20
- pulumi_vault/transit/get_sign.py +54 -53
- pulumi_vault/transit/get_verify.py +60 -59
- pulumi_vault/transit/secret_backend_key.py +274 -273
- pulumi_vault/transit/secret_cache_config.py +43 -42
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/METADATA +1 -1
- pulumi_vault-6.7.0a1744267302.dist-info/RECORD +265 -0
- pulumi_vault-6.7.0a1743576047.dist-info/RECORD +0 -265
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/WHEEL +0 -0
- {pulumi_vault-6.7.0a1743576047.dist-info → pulumi_vault-6.7.0a1744267302.dist-info}/top_level.txt +0 -0
@@ -2,6 +2,7 @@
|
|
2
2
|
# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
4
4
|
|
5
|
+
import builtins
|
5
6
|
import copy
|
6
7
|
import warnings
|
7
8
|
import sys
|
@@ -19,76 +20,76 @@ __all__ = ['CertAuthBackendRoleArgs', 'CertAuthBackendRole']
|
|
19
20
|
@pulumi.input_type
|
20
21
|
class CertAuthBackendRoleArgs:
|
21
22
|
def __init__(__self__, *,
|
22
|
-
certificate: pulumi.Input[str],
|
23
|
-
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
24
|
-
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
25
|
-
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
26
|
-
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
27
|
-
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
28
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
29
|
-
backend: Optional[pulumi.Input[str]] = None,
|
30
|
-
display_name: Optional[pulumi.Input[str]] = None,
|
31
|
-
name: Optional[pulumi.Input[str]] = None,
|
32
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
33
|
-
ocsp_ca_certificates: Optional[pulumi.Input[str]] = None,
|
34
|
-
ocsp_enabled: Optional[pulumi.Input[bool]] = None,
|
35
|
-
ocsp_fail_open: Optional[pulumi.Input[bool]] = None,
|
36
|
-
ocsp_query_all_servers: Optional[pulumi.Input[bool]] = None,
|
37
|
-
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
38
|
-
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
39
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
40
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
41
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
42
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
43
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
44
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
45
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
46
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
47
|
-
token_type: Optional[pulumi.Input[str]] = None):
|
23
|
+
certificate: pulumi.Input[builtins.str],
|
24
|
+
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
25
|
+
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
26
|
+
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
27
|
+
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
28
|
+
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
29
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
30
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
31
|
+
display_name: Optional[pulumi.Input[builtins.str]] = None,
|
32
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
33
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
34
|
+
ocsp_ca_certificates: Optional[pulumi.Input[builtins.str]] = None,
|
35
|
+
ocsp_enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
36
|
+
ocsp_fail_open: Optional[pulumi.Input[builtins.bool]] = None,
|
37
|
+
ocsp_query_all_servers: Optional[pulumi.Input[builtins.bool]] = None,
|
38
|
+
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
39
|
+
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
40
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
41
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
42
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
43
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
44
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
45
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
46
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
47
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
48
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None):
|
48
49
|
"""
|
49
50
|
The set of arguments for constructing a CertAuthBackendRole resource.
|
50
|
-
:param pulumi.Input[str] certificate: CA certificate used to validate client certificates
|
51
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
52
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
53
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
54
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
55
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
56
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
57
|
-
:param pulumi.Input[str] backend: Path to the mounted Cert auth backend
|
58
|
-
:param pulumi.Input[str] display_name: The name to display on tokens issued under this role.
|
59
|
-
:param pulumi.Input[str] name: Name of the role
|
60
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
51
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate used to validate client certificates
|
52
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
53
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
54
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
55
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
56
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
57
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
58
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Cert auth backend
|
59
|
+
:param pulumi.Input[builtins.str] display_name: The name to display on tokens issued under this role.
|
60
|
+
:param pulumi.Input[builtins.str] name: Name of the role
|
61
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
61
62
|
The value should not contain leading or trailing forward slashes.
|
62
63
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
63
64
|
*Available only for Vault Enterprise*.
|
64
|
-
:param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
|
65
|
+
:param pulumi.Input[builtins.str] ocsp_ca_certificates: Any additional CA certificates
|
65
66
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
66
67
|
Requires Vault version 1.13+.
|
67
|
-
:param pulumi.Input[bool] ocsp_enabled: If enabled, validate certificates'
|
68
|
+
:param pulumi.Input[builtins.bool] ocsp_enabled: If enabled, validate certificates'
|
68
69
|
revocation status using OCSP. Requires Vault version 1.13+.
|
69
|
-
:param pulumi.Input[bool] ocsp_fail_open: If true and an OCSP response cannot
|
70
|
+
:param pulumi.Input[builtins.bool] ocsp_fail_open: If true and an OCSP response cannot
|
70
71
|
be fetched or is of an unknown status, the login will proceed as if the
|
71
72
|
certificate has not been revoked.
|
72
73
|
Requires Vault version 1.13+.
|
73
|
-
:param pulumi.Input[bool] ocsp_query_all_servers: If set to true, rather than
|
74
|
+
:param pulumi.Input[builtins.bool] ocsp_query_all_servers: If set to true, rather than
|
74
75
|
accepting the first successful OCSP response, query all servers and consider
|
75
76
|
the certificate valid only if all servers agree.
|
76
77
|
Requires Vault version 1.13+.
|
77
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
78
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
78
79
|
server addresses. If unset, the OCSP server is determined from the
|
79
80
|
AuthorityInformationAccess extension on the certificate being inspected.
|
80
81
|
Requires Vault version 1.13+.
|
81
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
|
82
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] required_extensions: TLS extensions required on
|
82
83
|
client certificates
|
83
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
84
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
85
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
86
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
87
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
88
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
89
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
90
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
91
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
84
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
85
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
86
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
87
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
88
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
89
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
90
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
91
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
92
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
92
93
|
"""
|
93
94
|
pulumi.set(__self__, "certificate", certificate)
|
94
95
|
if allowed_common_names is not None:
|
@@ -144,127 +145,127 @@ class CertAuthBackendRoleArgs:
|
|
144
145
|
|
145
146
|
@property
|
146
147
|
@pulumi.getter
|
147
|
-
def certificate(self) -> pulumi.Input[str]:
|
148
|
+
def certificate(self) -> pulumi.Input[builtins.str]:
|
148
149
|
"""
|
149
150
|
CA certificate used to validate client certificates
|
150
151
|
"""
|
151
152
|
return pulumi.get(self, "certificate")
|
152
153
|
|
153
154
|
@certificate.setter
|
154
|
-
def certificate(self, value: pulumi.Input[str]):
|
155
|
+
def certificate(self, value: pulumi.Input[builtins.str]):
|
155
156
|
pulumi.set(self, "certificate", value)
|
156
157
|
|
157
158
|
@property
|
158
159
|
@pulumi.getter(name="allowedCommonNames")
|
159
|
-
def allowed_common_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
160
|
+
def allowed_common_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
160
161
|
"""
|
161
162
|
Allowed the common names for authenticated client certificates
|
162
163
|
"""
|
163
164
|
return pulumi.get(self, "allowed_common_names")
|
164
165
|
|
165
166
|
@allowed_common_names.setter
|
166
|
-
def allowed_common_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
167
|
+
def allowed_common_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
167
168
|
pulumi.set(self, "allowed_common_names", value)
|
168
169
|
|
169
170
|
@property
|
170
171
|
@pulumi.getter(name="allowedDnsSans")
|
171
|
-
def allowed_dns_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
172
|
+
def allowed_dns_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
172
173
|
"""
|
173
174
|
Allowed alternative dns names for authenticated client certificates
|
174
175
|
"""
|
175
176
|
return pulumi.get(self, "allowed_dns_sans")
|
176
177
|
|
177
178
|
@allowed_dns_sans.setter
|
178
|
-
def allowed_dns_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
179
|
+
def allowed_dns_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
179
180
|
pulumi.set(self, "allowed_dns_sans", value)
|
180
181
|
|
181
182
|
@property
|
182
183
|
@pulumi.getter(name="allowedEmailSans")
|
183
|
-
def allowed_email_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
184
|
+
def allowed_email_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
184
185
|
"""
|
185
186
|
Allowed emails for authenticated client certificates
|
186
187
|
"""
|
187
188
|
return pulumi.get(self, "allowed_email_sans")
|
188
189
|
|
189
190
|
@allowed_email_sans.setter
|
190
|
-
def allowed_email_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
191
|
+
def allowed_email_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
191
192
|
pulumi.set(self, "allowed_email_sans", value)
|
192
193
|
|
193
194
|
@property
|
194
195
|
@pulumi.getter(name="allowedNames")
|
195
|
-
def allowed_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
196
|
+
def allowed_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
196
197
|
"""
|
197
198
|
DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
198
199
|
"""
|
199
200
|
return pulumi.get(self, "allowed_names")
|
200
201
|
|
201
202
|
@allowed_names.setter
|
202
|
-
def allowed_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
203
|
+
def allowed_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
203
204
|
pulumi.set(self, "allowed_names", value)
|
204
205
|
|
205
206
|
@property
|
206
207
|
@pulumi.getter(name="allowedOrganizationalUnits")
|
207
|
-
def allowed_organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
208
|
+
def allowed_organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
208
209
|
"""
|
209
210
|
Allowed organization units for authenticated client certificates.
|
210
211
|
"""
|
211
212
|
return pulumi.get(self, "allowed_organizational_units")
|
212
213
|
|
213
214
|
@allowed_organizational_units.setter
|
214
|
-
def allowed_organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
215
|
+
def allowed_organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
215
216
|
pulumi.set(self, "allowed_organizational_units", value)
|
216
217
|
|
217
218
|
@property
|
218
219
|
@pulumi.getter(name="allowedUriSans")
|
219
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
220
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
220
221
|
"""
|
221
222
|
Allowed URIs for authenticated client certificates
|
222
223
|
"""
|
223
224
|
return pulumi.get(self, "allowed_uri_sans")
|
224
225
|
|
225
226
|
@allowed_uri_sans.setter
|
226
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
227
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
227
228
|
pulumi.set(self, "allowed_uri_sans", value)
|
228
229
|
|
229
230
|
@property
|
230
231
|
@pulumi.getter
|
231
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
232
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
232
233
|
"""
|
233
234
|
Path to the mounted Cert auth backend
|
234
235
|
"""
|
235
236
|
return pulumi.get(self, "backend")
|
236
237
|
|
237
238
|
@backend.setter
|
238
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
239
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
239
240
|
pulumi.set(self, "backend", value)
|
240
241
|
|
241
242
|
@property
|
242
243
|
@pulumi.getter(name="displayName")
|
243
|
-
def display_name(self) -> Optional[pulumi.Input[str]]:
|
244
|
+
def display_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
244
245
|
"""
|
245
246
|
The name to display on tokens issued under this role.
|
246
247
|
"""
|
247
248
|
return pulumi.get(self, "display_name")
|
248
249
|
|
249
250
|
@display_name.setter
|
250
|
-
def display_name(self, value: Optional[pulumi.Input[str]]):
|
251
|
+
def display_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
251
252
|
pulumi.set(self, "display_name", value)
|
252
253
|
|
253
254
|
@property
|
254
255
|
@pulumi.getter
|
255
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
256
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
256
257
|
"""
|
257
258
|
Name of the role
|
258
259
|
"""
|
259
260
|
return pulumi.get(self, "name")
|
260
261
|
|
261
262
|
@name.setter
|
262
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
263
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
263
264
|
pulumi.set(self, "name", value)
|
264
265
|
|
265
266
|
@property
|
266
267
|
@pulumi.getter
|
267
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
268
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
268
269
|
"""
|
269
270
|
The namespace to provision the resource in.
|
270
271
|
The value should not contain leading or trailing forward slashes.
|
@@ -274,12 +275,12 @@ class CertAuthBackendRoleArgs:
|
|
274
275
|
return pulumi.get(self, "namespace")
|
275
276
|
|
276
277
|
@namespace.setter
|
277
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
278
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
278
279
|
pulumi.set(self, "namespace", value)
|
279
280
|
|
280
281
|
@property
|
281
282
|
@pulumi.getter(name="ocspCaCertificates")
|
282
|
-
def ocsp_ca_certificates(self) -> Optional[pulumi.Input[str]]:
|
283
|
+
def ocsp_ca_certificates(self) -> Optional[pulumi.Input[builtins.str]]:
|
283
284
|
"""
|
284
285
|
Any additional CA certificates
|
285
286
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
@@ -288,12 +289,12 @@ class CertAuthBackendRoleArgs:
|
|
288
289
|
return pulumi.get(self, "ocsp_ca_certificates")
|
289
290
|
|
290
291
|
@ocsp_ca_certificates.setter
|
291
|
-
def ocsp_ca_certificates(self, value: Optional[pulumi.Input[str]]):
|
292
|
+
def ocsp_ca_certificates(self, value: Optional[pulumi.Input[builtins.str]]):
|
292
293
|
pulumi.set(self, "ocsp_ca_certificates", value)
|
293
294
|
|
294
295
|
@property
|
295
296
|
@pulumi.getter(name="ocspEnabled")
|
296
|
-
def ocsp_enabled(self) -> Optional[pulumi.Input[bool]]:
|
297
|
+
def ocsp_enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
|
297
298
|
"""
|
298
299
|
If enabled, validate certificates'
|
299
300
|
revocation status using OCSP. Requires Vault version 1.13+.
|
@@ -301,12 +302,12 @@ class CertAuthBackendRoleArgs:
|
|
301
302
|
return pulumi.get(self, "ocsp_enabled")
|
302
303
|
|
303
304
|
@ocsp_enabled.setter
|
304
|
-
def ocsp_enabled(self, value: Optional[pulumi.Input[bool]]):
|
305
|
+
def ocsp_enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
|
305
306
|
pulumi.set(self, "ocsp_enabled", value)
|
306
307
|
|
307
308
|
@property
|
308
309
|
@pulumi.getter(name="ocspFailOpen")
|
309
|
-
def ocsp_fail_open(self) -> Optional[pulumi.Input[bool]]:
|
310
|
+
def ocsp_fail_open(self) -> Optional[pulumi.Input[builtins.bool]]:
|
310
311
|
"""
|
311
312
|
If true and an OCSP response cannot
|
312
313
|
be fetched or is of an unknown status, the login will proceed as if the
|
@@ -316,12 +317,12 @@ class CertAuthBackendRoleArgs:
|
|
316
317
|
return pulumi.get(self, "ocsp_fail_open")
|
317
318
|
|
318
319
|
@ocsp_fail_open.setter
|
319
|
-
def ocsp_fail_open(self, value: Optional[pulumi.Input[bool]]):
|
320
|
+
def ocsp_fail_open(self, value: Optional[pulumi.Input[builtins.bool]]):
|
320
321
|
pulumi.set(self, "ocsp_fail_open", value)
|
321
322
|
|
322
323
|
@property
|
323
324
|
@pulumi.getter(name="ocspQueryAllServers")
|
324
|
-
def ocsp_query_all_servers(self) -> Optional[pulumi.Input[bool]]:
|
325
|
+
def ocsp_query_all_servers(self) -> Optional[pulumi.Input[builtins.bool]]:
|
325
326
|
"""
|
326
327
|
If set to true, rather than
|
327
328
|
accepting the first successful OCSP response, query all servers and consider
|
@@ -331,12 +332,12 @@ class CertAuthBackendRoleArgs:
|
|
331
332
|
return pulumi.get(self, "ocsp_query_all_servers")
|
332
333
|
|
333
334
|
@ocsp_query_all_servers.setter
|
334
|
-
def ocsp_query_all_servers(self, value: Optional[pulumi.Input[bool]]):
|
335
|
+
def ocsp_query_all_servers(self, value: Optional[pulumi.Input[builtins.bool]]):
|
335
336
|
pulumi.set(self, "ocsp_query_all_servers", value)
|
336
337
|
|
337
338
|
@property
|
338
339
|
@pulumi.getter(name="ocspServersOverrides")
|
339
|
-
def ocsp_servers_overrides(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
340
|
+
def ocsp_servers_overrides(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
340
341
|
"""
|
341
342
|
: A comma-separated list of OCSP
|
342
343
|
server addresses. If unset, the OCSP server is determined from the
|
@@ -346,12 +347,12 @@ class CertAuthBackendRoleArgs:
|
|
346
347
|
return pulumi.get(self, "ocsp_servers_overrides")
|
347
348
|
|
348
349
|
@ocsp_servers_overrides.setter
|
349
|
-
def ocsp_servers_overrides(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
350
|
+
def ocsp_servers_overrides(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
350
351
|
pulumi.set(self, "ocsp_servers_overrides", value)
|
351
352
|
|
352
353
|
@property
|
353
354
|
@pulumi.getter(name="requiredExtensions")
|
354
|
-
def required_extensions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
355
|
+
def required_extensions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
355
356
|
"""
|
356
357
|
TLS extensions required on
|
357
358
|
client certificates
|
@@ -359,191 +360,191 @@ class CertAuthBackendRoleArgs:
|
|
359
360
|
return pulumi.get(self, "required_extensions")
|
360
361
|
|
361
362
|
@required_extensions.setter
|
362
|
-
def required_extensions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
363
|
+
def required_extensions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
363
364
|
pulumi.set(self, "required_extensions", value)
|
364
365
|
|
365
366
|
@property
|
366
367
|
@pulumi.getter(name="tokenBoundCidrs")
|
367
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
368
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
368
369
|
"""
|
369
370
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
370
371
|
"""
|
371
372
|
return pulumi.get(self, "token_bound_cidrs")
|
372
373
|
|
373
374
|
@token_bound_cidrs.setter
|
374
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
375
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
375
376
|
pulumi.set(self, "token_bound_cidrs", value)
|
376
377
|
|
377
378
|
@property
|
378
379
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
379
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
380
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
380
381
|
"""
|
381
382
|
Generated Token's Explicit Maximum TTL in seconds
|
382
383
|
"""
|
383
384
|
return pulumi.get(self, "token_explicit_max_ttl")
|
384
385
|
|
385
386
|
@token_explicit_max_ttl.setter
|
386
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
387
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
387
388
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
388
389
|
|
389
390
|
@property
|
390
391
|
@pulumi.getter(name="tokenMaxTtl")
|
391
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
392
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
392
393
|
"""
|
393
394
|
The maximum lifetime of the generated token
|
394
395
|
"""
|
395
396
|
return pulumi.get(self, "token_max_ttl")
|
396
397
|
|
397
398
|
@token_max_ttl.setter
|
398
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
399
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
399
400
|
pulumi.set(self, "token_max_ttl", value)
|
400
401
|
|
401
402
|
@property
|
402
403
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
403
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
404
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
404
405
|
"""
|
405
406
|
If true, the 'default' policy will not automatically be added to generated tokens
|
406
407
|
"""
|
407
408
|
return pulumi.get(self, "token_no_default_policy")
|
408
409
|
|
409
410
|
@token_no_default_policy.setter
|
410
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
411
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
411
412
|
pulumi.set(self, "token_no_default_policy", value)
|
412
413
|
|
413
414
|
@property
|
414
415
|
@pulumi.getter(name="tokenNumUses")
|
415
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
416
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
416
417
|
"""
|
417
418
|
The maximum number of times a token may be used, a value of zero means unlimited
|
418
419
|
"""
|
419
420
|
return pulumi.get(self, "token_num_uses")
|
420
421
|
|
421
422
|
@token_num_uses.setter
|
422
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
423
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
423
424
|
pulumi.set(self, "token_num_uses", value)
|
424
425
|
|
425
426
|
@property
|
426
427
|
@pulumi.getter(name="tokenPeriod")
|
427
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
428
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
428
429
|
"""
|
429
430
|
Generated Token's Period
|
430
431
|
"""
|
431
432
|
return pulumi.get(self, "token_period")
|
432
433
|
|
433
434
|
@token_period.setter
|
434
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
435
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
435
436
|
pulumi.set(self, "token_period", value)
|
436
437
|
|
437
438
|
@property
|
438
439
|
@pulumi.getter(name="tokenPolicies")
|
439
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
440
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
440
441
|
"""
|
441
442
|
Generated Token's Policies
|
442
443
|
"""
|
443
444
|
return pulumi.get(self, "token_policies")
|
444
445
|
|
445
446
|
@token_policies.setter
|
446
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
447
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
447
448
|
pulumi.set(self, "token_policies", value)
|
448
449
|
|
449
450
|
@property
|
450
451
|
@pulumi.getter(name="tokenTtl")
|
451
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
452
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
452
453
|
"""
|
453
454
|
The initial ttl of the token to generate in seconds
|
454
455
|
"""
|
455
456
|
return pulumi.get(self, "token_ttl")
|
456
457
|
|
457
458
|
@token_ttl.setter
|
458
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
459
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
459
460
|
pulumi.set(self, "token_ttl", value)
|
460
461
|
|
461
462
|
@property
|
462
463
|
@pulumi.getter(name="tokenType")
|
463
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
464
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
464
465
|
"""
|
465
466
|
The type of token to generate, service or batch
|
466
467
|
"""
|
467
468
|
return pulumi.get(self, "token_type")
|
468
469
|
|
469
470
|
@token_type.setter
|
470
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
471
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
471
472
|
pulumi.set(self, "token_type", value)
|
472
473
|
|
473
474
|
|
474
475
|
@pulumi.input_type
|
475
476
|
class _CertAuthBackendRoleState:
|
476
477
|
def __init__(__self__, *,
|
477
|
-
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
478
|
-
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
479
|
-
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
480
|
-
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
481
|
-
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
482
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
483
|
-
backend: Optional[pulumi.Input[str]] = None,
|
484
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
485
|
-
display_name: Optional[pulumi.Input[str]] = None,
|
486
|
-
name: Optional[pulumi.Input[str]] = None,
|
487
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
488
|
-
ocsp_ca_certificates: Optional[pulumi.Input[str]] = None,
|
489
|
-
ocsp_enabled: Optional[pulumi.Input[bool]] = None,
|
490
|
-
ocsp_fail_open: Optional[pulumi.Input[bool]] = None,
|
491
|
-
ocsp_query_all_servers: Optional[pulumi.Input[bool]] = None,
|
492
|
-
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
493
|
-
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
494
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
495
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
496
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
497
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
498
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
499
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
500
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
501
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
502
|
-
token_type: Optional[pulumi.Input[str]] = None):
|
478
|
+
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
479
|
+
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
480
|
+
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
481
|
+
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
482
|
+
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
483
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
484
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
485
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
486
|
+
display_name: Optional[pulumi.Input[builtins.str]] = None,
|
487
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
488
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
489
|
+
ocsp_ca_certificates: Optional[pulumi.Input[builtins.str]] = None,
|
490
|
+
ocsp_enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
491
|
+
ocsp_fail_open: Optional[pulumi.Input[builtins.bool]] = None,
|
492
|
+
ocsp_query_all_servers: Optional[pulumi.Input[builtins.bool]] = None,
|
493
|
+
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
494
|
+
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
495
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
496
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
497
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
498
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
499
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
500
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
501
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
502
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
503
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None):
|
503
504
|
"""
|
504
505
|
Input properties used for looking up and filtering CertAuthBackendRole resources.
|
505
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
506
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
507
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
508
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
509
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
510
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
511
|
-
:param pulumi.Input[str] backend: Path to the mounted Cert auth backend
|
512
|
-
:param pulumi.Input[str] certificate: CA certificate used to validate client certificates
|
513
|
-
:param pulumi.Input[str] display_name: The name to display on tokens issued under this role.
|
514
|
-
:param pulumi.Input[str] name: Name of the role
|
515
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
506
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
507
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
508
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
509
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
510
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
511
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
512
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Cert auth backend
|
513
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate used to validate client certificates
|
514
|
+
:param pulumi.Input[builtins.str] display_name: The name to display on tokens issued under this role.
|
515
|
+
:param pulumi.Input[builtins.str] name: Name of the role
|
516
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
516
517
|
The value should not contain leading or trailing forward slashes.
|
517
518
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
518
519
|
*Available only for Vault Enterprise*.
|
519
|
-
:param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
|
520
|
+
:param pulumi.Input[builtins.str] ocsp_ca_certificates: Any additional CA certificates
|
520
521
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
521
522
|
Requires Vault version 1.13+.
|
522
|
-
:param pulumi.Input[bool] ocsp_enabled: If enabled, validate certificates'
|
523
|
+
:param pulumi.Input[builtins.bool] ocsp_enabled: If enabled, validate certificates'
|
523
524
|
revocation status using OCSP. Requires Vault version 1.13+.
|
524
|
-
:param pulumi.Input[bool] ocsp_fail_open: If true and an OCSP response cannot
|
525
|
+
:param pulumi.Input[builtins.bool] ocsp_fail_open: If true and an OCSP response cannot
|
525
526
|
be fetched or is of an unknown status, the login will proceed as if the
|
526
527
|
certificate has not been revoked.
|
527
528
|
Requires Vault version 1.13+.
|
528
|
-
:param pulumi.Input[bool] ocsp_query_all_servers: If set to true, rather than
|
529
|
+
:param pulumi.Input[builtins.bool] ocsp_query_all_servers: If set to true, rather than
|
529
530
|
accepting the first successful OCSP response, query all servers and consider
|
530
531
|
the certificate valid only if all servers agree.
|
531
532
|
Requires Vault version 1.13+.
|
532
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
533
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
533
534
|
server addresses. If unset, the OCSP server is determined from the
|
534
535
|
AuthorityInformationAccess extension on the certificate being inspected.
|
535
536
|
Requires Vault version 1.13+.
|
536
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
|
537
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] required_extensions: TLS extensions required on
|
537
538
|
client certificates
|
538
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
539
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
540
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
541
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
542
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
543
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
544
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
545
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
546
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
539
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
540
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
541
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
542
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
543
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
544
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
545
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
546
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
547
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
547
548
|
"""
|
548
549
|
if allowed_common_names is not None:
|
549
550
|
pulumi.set(__self__, "allowed_common_names", allowed_common_names)
|
@@ -600,127 +601,127 @@ class _CertAuthBackendRoleState:
|
|
600
601
|
|
601
602
|
@property
|
602
603
|
@pulumi.getter(name="allowedCommonNames")
|
603
|
-
def allowed_common_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
604
|
+
def allowed_common_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
604
605
|
"""
|
605
606
|
Allowed the common names for authenticated client certificates
|
606
607
|
"""
|
607
608
|
return pulumi.get(self, "allowed_common_names")
|
608
609
|
|
609
610
|
@allowed_common_names.setter
|
610
|
-
def allowed_common_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
611
|
+
def allowed_common_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
611
612
|
pulumi.set(self, "allowed_common_names", value)
|
612
613
|
|
613
614
|
@property
|
614
615
|
@pulumi.getter(name="allowedDnsSans")
|
615
|
-
def allowed_dns_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
616
|
+
def allowed_dns_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
616
617
|
"""
|
617
618
|
Allowed alternative dns names for authenticated client certificates
|
618
619
|
"""
|
619
620
|
return pulumi.get(self, "allowed_dns_sans")
|
620
621
|
|
621
622
|
@allowed_dns_sans.setter
|
622
|
-
def allowed_dns_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
623
|
+
def allowed_dns_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
623
624
|
pulumi.set(self, "allowed_dns_sans", value)
|
624
625
|
|
625
626
|
@property
|
626
627
|
@pulumi.getter(name="allowedEmailSans")
|
627
|
-
def allowed_email_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
628
|
+
def allowed_email_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
628
629
|
"""
|
629
630
|
Allowed emails for authenticated client certificates
|
630
631
|
"""
|
631
632
|
return pulumi.get(self, "allowed_email_sans")
|
632
633
|
|
633
634
|
@allowed_email_sans.setter
|
634
|
-
def allowed_email_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
635
|
+
def allowed_email_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
635
636
|
pulumi.set(self, "allowed_email_sans", value)
|
636
637
|
|
637
638
|
@property
|
638
639
|
@pulumi.getter(name="allowedNames")
|
639
|
-
def allowed_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
640
|
+
def allowed_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
640
641
|
"""
|
641
642
|
DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
642
643
|
"""
|
643
644
|
return pulumi.get(self, "allowed_names")
|
644
645
|
|
645
646
|
@allowed_names.setter
|
646
|
-
def allowed_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
647
|
+
def allowed_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
647
648
|
pulumi.set(self, "allowed_names", value)
|
648
649
|
|
649
650
|
@property
|
650
651
|
@pulumi.getter(name="allowedOrganizationalUnits")
|
651
|
-
def allowed_organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
652
|
+
def allowed_organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
652
653
|
"""
|
653
654
|
Allowed organization units for authenticated client certificates.
|
654
655
|
"""
|
655
656
|
return pulumi.get(self, "allowed_organizational_units")
|
656
657
|
|
657
658
|
@allowed_organizational_units.setter
|
658
|
-
def allowed_organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
659
|
+
def allowed_organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
659
660
|
pulumi.set(self, "allowed_organizational_units", value)
|
660
661
|
|
661
662
|
@property
|
662
663
|
@pulumi.getter(name="allowedUriSans")
|
663
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
664
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
664
665
|
"""
|
665
666
|
Allowed URIs for authenticated client certificates
|
666
667
|
"""
|
667
668
|
return pulumi.get(self, "allowed_uri_sans")
|
668
669
|
|
669
670
|
@allowed_uri_sans.setter
|
670
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
671
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
671
672
|
pulumi.set(self, "allowed_uri_sans", value)
|
672
673
|
|
673
674
|
@property
|
674
675
|
@pulumi.getter
|
675
|
-
def backend(self) -> Optional[pulumi.Input[str]]:
|
676
|
+
def backend(self) -> Optional[pulumi.Input[builtins.str]]:
|
676
677
|
"""
|
677
678
|
Path to the mounted Cert auth backend
|
678
679
|
"""
|
679
680
|
return pulumi.get(self, "backend")
|
680
681
|
|
681
682
|
@backend.setter
|
682
|
-
def backend(self, value: Optional[pulumi.Input[str]]):
|
683
|
+
def backend(self, value: Optional[pulumi.Input[builtins.str]]):
|
683
684
|
pulumi.set(self, "backend", value)
|
684
685
|
|
685
686
|
@property
|
686
687
|
@pulumi.getter
|
687
|
-
def certificate(self) -> Optional[pulumi.Input[str]]:
|
688
|
+
def certificate(self) -> Optional[pulumi.Input[builtins.str]]:
|
688
689
|
"""
|
689
690
|
CA certificate used to validate client certificates
|
690
691
|
"""
|
691
692
|
return pulumi.get(self, "certificate")
|
692
693
|
|
693
694
|
@certificate.setter
|
694
|
-
def certificate(self, value: Optional[pulumi.Input[str]]):
|
695
|
+
def certificate(self, value: Optional[pulumi.Input[builtins.str]]):
|
695
696
|
pulumi.set(self, "certificate", value)
|
696
697
|
|
697
698
|
@property
|
698
699
|
@pulumi.getter(name="displayName")
|
699
|
-
def display_name(self) -> Optional[pulumi.Input[str]]:
|
700
|
+
def display_name(self) -> Optional[pulumi.Input[builtins.str]]:
|
700
701
|
"""
|
701
702
|
The name to display on tokens issued under this role.
|
702
703
|
"""
|
703
704
|
return pulumi.get(self, "display_name")
|
704
705
|
|
705
706
|
@display_name.setter
|
706
|
-
def display_name(self, value: Optional[pulumi.Input[str]]):
|
707
|
+
def display_name(self, value: Optional[pulumi.Input[builtins.str]]):
|
707
708
|
pulumi.set(self, "display_name", value)
|
708
709
|
|
709
710
|
@property
|
710
711
|
@pulumi.getter
|
711
|
-
def name(self) -> Optional[pulumi.Input[str]]:
|
712
|
+
def name(self) -> Optional[pulumi.Input[builtins.str]]:
|
712
713
|
"""
|
713
714
|
Name of the role
|
714
715
|
"""
|
715
716
|
return pulumi.get(self, "name")
|
716
717
|
|
717
718
|
@name.setter
|
718
|
-
def name(self, value: Optional[pulumi.Input[str]]):
|
719
|
+
def name(self, value: Optional[pulumi.Input[builtins.str]]):
|
719
720
|
pulumi.set(self, "name", value)
|
720
721
|
|
721
722
|
@property
|
722
723
|
@pulumi.getter
|
723
|
-
def namespace(self) -> Optional[pulumi.Input[str]]:
|
724
|
+
def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
|
724
725
|
"""
|
725
726
|
The namespace to provision the resource in.
|
726
727
|
The value should not contain leading or trailing forward slashes.
|
@@ -730,12 +731,12 @@ class _CertAuthBackendRoleState:
|
|
730
731
|
return pulumi.get(self, "namespace")
|
731
732
|
|
732
733
|
@namespace.setter
|
733
|
-
def namespace(self, value: Optional[pulumi.Input[str]]):
|
734
|
+
def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
|
734
735
|
pulumi.set(self, "namespace", value)
|
735
736
|
|
736
737
|
@property
|
737
738
|
@pulumi.getter(name="ocspCaCertificates")
|
738
|
-
def ocsp_ca_certificates(self) -> Optional[pulumi.Input[str]]:
|
739
|
+
def ocsp_ca_certificates(self) -> Optional[pulumi.Input[builtins.str]]:
|
739
740
|
"""
|
740
741
|
Any additional CA certificates
|
741
742
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
@@ -744,12 +745,12 @@ class _CertAuthBackendRoleState:
|
|
744
745
|
return pulumi.get(self, "ocsp_ca_certificates")
|
745
746
|
|
746
747
|
@ocsp_ca_certificates.setter
|
747
|
-
def ocsp_ca_certificates(self, value: Optional[pulumi.Input[str]]):
|
748
|
+
def ocsp_ca_certificates(self, value: Optional[pulumi.Input[builtins.str]]):
|
748
749
|
pulumi.set(self, "ocsp_ca_certificates", value)
|
749
750
|
|
750
751
|
@property
|
751
752
|
@pulumi.getter(name="ocspEnabled")
|
752
|
-
def ocsp_enabled(self) -> Optional[pulumi.Input[bool]]:
|
753
|
+
def ocsp_enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
|
753
754
|
"""
|
754
755
|
If enabled, validate certificates'
|
755
756
|
revocation status using OCSP. Requires Vault version 1.13+.
|
@@ -757,12 +758,12 @@ class _CertAuthBackendRoleState:
|
|
757
758
|
return pulumi.get(self, "ocsp_enabled")
|
758
759
|
|
759
760
|
@ocsp_enabled.setter
|
760
|
-
def ocsp_enabled(self, value: Optional[pulumi.Input[bool]]):
|
761
|
+
def ocsp_enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
|
761
762
|
pulumi.set(self, "ocsp_enabled", value)
|
762
763
|
|
763
764
|
@property
|
764
765
|
@pulumi.getter(name="ocspFailOpen")
|
765
|
-
def ocsp_fail_open(self) -> Optional[pulumi.Input[bool]]:
|
766
|
+
def ocsp_fail_open(self) -> Optional[pulumi.Input[builtins.bool]]:
|
766
767
|
"""
|
767
768
|
If true and an OCSP response cannot
|
768
769
|
be fetched or is of an unknown status, the login will proceed as if the
|
@@ -772,12 +773,12 @@ class _CertAuthBackendRoleState:
|
|
772
773
|
return pulumi.get(self, "ocsp_fail_open")
|
773
774
|
|
774
775
|
@ocsp_fail_open.setter
|
775
|
-
def ocsp_fail_open(self, value: Optional[pulumi.Input[bool]]):
|
776
|
+
def ocsp_fail_open(self, value: Optional[pulumi.Input[builtins.bool]]):
|
776
777
|
pulumi.set(self, "ocsp_fail_open", value)
|
777
778
|
|
778
779
|
@property
|
779
780
|
@pulumi.getter(name="ocspQueryAllServers")
|
780
|
-
def ocsp_query_all_servers(self) -> Optional[pulumi.Input[bool]]:
|
781
|
+
def ocsp_query_all_servers(self) -> Optional[pulumi.Input[builtins.bool]]:
|
781
782
|
"""
|
782
783
|
If set to true, rather than
|
783
784
|
accepting the first successful OCSP response, query all servers and consider
|
@@ -787,12 +788,12 @@ class _CertAuthBackendRoleState:
|
|
787
788
|
return pulumi.get(self, "ocsp_query_all_servers")
|
788
789
|
|
789
790
|
@ocsp_query_all_servers.setter
|
790
|
-
def ocsp_query_all_servers(self, value: Optional[pulumi.Input[bool]]):
|
791
|
+
def ocsp_query_all_servers(self, value: Optional[pulumi.Input[builtins.bool]]):
|
791
792
|
pulumi.set(self, "ocsp_query_all_servers", value)
|
792
793
|
|
793
794
|
@property
|
794
795
|
@pulumi.getter(name="ocspServersOverrides")
|
795
|
-
def ocsp_servers_overrides(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
796
|
+
def ocsp_servers_overrides(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
796
797
|
"""
|
797
798
|
: A comma-separated list of OCSP
|
798
799
|
server addresses. If unset, the OCSP server is determined from the
|
@@ -802,12 +803,12 @@ class _CertAuthBackendRoleState:
|
|
802
803
|
return pulumi.get(self, "ocsp_servers_overrides")
|
803
804
|
|
804
805
|
@ocsp_servers_overrides.setter
|
805
|
-
def ocsp_servers_overrides(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
806
|
+
def ocsp_servers_overrides(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
806
807
|
pulumi.set(self, "ocsp_servers_overrides", value)
|
807
808
|
|
808
809
|
@property
|
809
810
|
@pulumi.getter(name="requiredExtensions")
|
810
|
-
def required_extensions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
811
|
+
def required_extensions(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
811
812
|
"""
|
812
813
|
TLS extensions required on
|
813
814
|
client certificates
|
@@ -815,115 +816,115 @@ class _CertAuthBackendRoleState:
|
|
815
816
|
return pulumi.get(self, "required_extensions")
|
816
817
|
|
817
818
|
@required_extensions.setter
|
818
|
-
def required_extensions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
819
|
+
def required_extensions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
819
820
|
pulumi.set(self, "required_extensions", value)
|
820
821
|
|
821
822
|
@property
|
822
823
|
@pulumi.getter(name="tokenBoundCidrs")
|
823
|
-
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
824
|
+
def token_bound_cidrs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
824
825
|
"""
|
825
826
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
826
827
|
"""
|
827
828
|
return pulumi.get(self, "token_bound_cidrs")
|
828
829
|
|
829
830
|
@token_bound_cidrs.setter
|
830
|
-
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
831
|
+
def token_bound_cidrs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
831
832
|
pulumi.set(self, "token_bound_cidrs", value)
|
832
833
|
|
833
834
|
@property
|
834
835
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
835
|
-
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
836
|
+
def token_explicit_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
836
837
|
"""
|
837
838
|
Generated Token's Explicit Maximum TTL in seconds
|
838
839
|
"""
|
839
840
|
return pulumi.get(self, "token_explicit_max_ttl")
|
840
841
|
|
841
842
|
@token_explicit_max_ttl.setter
|
842
|
-
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
843
|
+
def token_explicit_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
843
844
|
pulumi.set(self, "token_explicit_max_ttl", value)
|
844
845
|
|
845
846
|
@property
|
846
847
|
@pulumi.getter(name="tokenMaxTtl")
|
847
|
-
def token_max_ttl(self) -> Optional[pulumi.Input[int]]:
|
848
|
+
def token_max_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
848
849
|
"""
|
849
850
|
The maximum lifetime of the generated token
|
850
851
|
"""
|
851
852
|
return pulumi.get(self, "token_max_ttl")
|
852
853
|
|
853
854
|
@token_max_ttl.setter
|
854
|
-
def token_max_ttl(self, value: Optional[pulumi.Input[int]]):
|
855
|
+
def token_max_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
855
856
|
pulumi.set(self, "token_max_ttl", value)
|
856
857
|
|
857
858
|
@property
|
858
859
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
859
|
-
def token_no_default_policy(self) -> Optional[pulumi.Input[bool]]:
|
860
|
+
def token_no_default_policy(self) -> Optional[pulumi.Input[builtins.bool]]:
|
860
861
|
"""
|
861
862
|
If true, the 'default' policy will not automatically be added to generated tokens
|
862
863
|
"""
|
863
864
|
return pulumi.get(self, "token_no_default_policy")
|
864
865
|
|
865
866
|
@token_no_default_policy.setter
|
866
|
-
def token_no_default_policy(self, value: Optional[pulumi.Input[bool]]):
|
867
|
+
def token_no_default_policy(self, value: Optional[pulumi.Input[builtins.bool]]):
|
867
868
|
pulumi.set(self, "token_no_default_policy", value)
|
868
869
|
|
869
870
|
@property
|
870
871
|
@pulumi.getter(name="tokenNumUses")
|
871
|
-
def token_num_uses(self) -> Optional[pulumi.Input[int]]:
|
872
|
+
def token_num_uses(self) -> Optional[pulumi.Input[builtins.int]]:
|
872
873
|
"""
|
873
874
|
The maximum number of times a token may be used, a value of zero means unlimited
|
874
875
|
"""
|
875
876
|
return pulumi.get(self, "token_num_uses")
|
876
877
|
|
877
878
|
@token_num_uses.setter
|
878
|
-
def token_num_uses(self, value: Optional[pulumi.Input[int]]):
|
879
|
+
def token_num_uses(self, value: Optional[pulumi.Input[builtins.int]]):
|
879
880
|
pulumi.set(self, "token_num_uses", value)
|
880
881
|
|
881
882
|
@property
|
882
883
|
@pulumi.getter(name="tokenPeriod")
|
883
|
-
def token_period(self) -> Optional[pulumi.Input[int]]:
|
884
|
+
def token_period(self) -> Optional[pulumi.Input[builtins.int]]:
|
884
885
|
"""
|
885
886
|
Generated Token's Period
|
886
887
|
"""
|
887
888
|
return pulumi.get(self, "token_period")
|
888
889
|
|
889
890
|
@token_period.setter
|
890
|
-
def token_period(self, value: Optional[pulumi.Input[int]]):
|
891
|
+
def token_period(self, value: Optional[pulumi.Input[builtins.int]]):
|
891
892
|
pulumi.set(self, "token_period", value)
|
892
893
|
|
893
894
|
@property
|
894
895
|
@pulumi.getter(name="tokenPolicies")
|
895
|
-
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
|
896
|
+
def token_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
|
896
897
|
"""
|
897
898
|
Generated Token's Policies
|
898
899
|
"""
|
899
900
|
return pulumi.get(self, "token_policies")
|
900
901
|
|
901
902
|
@token_policies.setter
|
902
|
-
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
|
903
|
+
def token_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
|
903
904
|
pulumi.set(self, "token_policies", value)
|
904
905
|
|
905
906
|
@property
|
906
907
|
@pulumi.getter(name="tokenTtl")
|
907
|
-
def token_ttl(self) -> Optional[pulumi.Input[int]]:
|
908
|
+
def token_ttl(self) -> Optional[pulumi.Input[builtins.int]]:
|
908
909
|
"""
|
909
910
|
The initial ttl of the token to generate in seconds
|
910
911
|
"""
|
911
912
|
return pulumi.get(self, "token_ttl")
|
912
913
|
|
913
914
|
@token_ttl.setter
|
914
|
-
def token_ttl(self, value: Optional[pulumi.Input[int]]):
|
915
|
+
def token_ttl(self, value: Optional[pulumi.Input[builtins.int]]):
|
915
916
|
pulumi.set(self, "token_ttl", value)
|
916
917
|
|
917
918
|
@property
|
918
919
|
@pulumi.getter(name="tokenType")
|
919
|
-
def token_type(self) -> Optional[pulumi.Input[str]]:
|
920
|
+
def token_type(self) -> Optional[pulumi.Input[builtins.str]]:
|
920
921
|
"""
|
921
922
|
The type of token to generate, service or batch
|
922
923
|
"""
|
923
924
|
return pulumi.get(self, "token_type")
|
924
925
|
|
925
926
|
@token_type.setter
|
926
|
-
def token_type(self, value: Optional[pulumi.Input[str]]):
|
927
|
+
def token_type(self, value: Optional[pulumi.Input[builtins.str]]):
|
927
928
|
pulumi.set(self, "token_type", value)
|
928
929
|
|
929
930
|
|
@@ -932,32 +933,32 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
932
933
|
def __init__(__self__,
|
933
934
|
resource_name: str,
|
934
935
|
opts: Optional[pulumi.ResourceOptions] = None,
|
935
|
-
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
936
|
-
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
937
|
-
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
938
|
-
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
939
|
-
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
940
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
941
|
-
backend: Optional[pulumi.Input[str]] = None,
|
942
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
943
|
-
display_name: Optional[pulumi.Input[str]] = None,
|
944
|
-
name: Optional[pulumi.Input[str]] = None,
|
945
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
946
|
-
ocsp_ca_certificates: Optional[pulumi.Input[str]] = None,
|
947
|
-
ocsp_enabled: Optional[pulumi.Input[bool]] = None,
|
948
|
-
ocsp_fail_open: Optional[pulumi.Input[bool]] = None,
|
949
|
-
ocsp_query_all_servers: Optional[pulumi.Input[bool]] = None,
|
950
|
-
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
951
|
-
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
952
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
953
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
954
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
955
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
956
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
957
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
958
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
959
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
960
|
-
token_type: Optional[pulumi.Input[str]] = None,
|
936
|
+
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
937
|
+
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
938
|
+
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
939
|
+
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
940
|
+
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
941
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
942
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
943
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
944
|
+
display_name: Optional[pulumi.Input[builtins.str]] = None,
|
945
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
946
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
947
|
+
ocsp_ca_certificates: Optional[pulumi.Input[builtins.str]] = None,
|
948
|
+
ocsp_enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
949
|
+
ocsp_fail_open: Optional[pulumi.Input[builtins.bool]] = None,
|
950
|
+
ocsp_query_all_servers: Optional[pulumi.Input[builtins.bool]] = None,
|
951
|
+
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
952
|
+
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
953
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
954
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
955
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
956
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
957
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
958
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
959
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
960
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
961
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
961
962
|
__props__=None):
|
962
963
|
"""
|
963
964
|
Provides a resource to create a role in an [Cert auth backend within Vault](https://www.vaultproject.io/docs/auth/cert.html).
|
@@ -987,48 +988,48 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
987
988
|
|
988
989
|
:param str resource_name: The name of the resource.
|
989
990
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
990
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
991
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
992
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
993
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
994
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
995
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
996
|
-
:param pulumi.Input[str] backend: Path to the mounted Cert auth backend
|
997
|
-
:param pulumi.Input[str] certificate: CA certificate used to validate client certificates
|
998
|
-
:param pulumi.Input[str] display_name: The name to display on tokens issued under this role.
|
999
|
-
:param pulumi.Input[str] name: Name of the role
|
1000
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
991
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
992
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
993
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
994
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
995
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
996
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
997
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Cert auth backend
|
998
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate used to validate client certificates
|
999
|
+
:param pulumi.Input[builtins.str] display_name: The name to display on tokens issued under this role.
|
1000
|
+
:param pulumi.Input[builtins.str] name: Name of the role
|
1001
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1001
1002
|
The value should not contain leading or trailing forward slashes.
|
1002
1003
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1003
1004
|
*Available only for Vault Enterprise*.
|
1004
|
-
:param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
|
1005
|
+
:param pulumi.Input[builtins.str] ocsp_ca_certificates: Any additional CA certificates
|
1005
1006
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
1006
1007
|
Requires Vault version 1.13+.
|
1007
|
-
:param pulumi.Input[bool] ocsp_enabled: If enabled, validate certificates'
|
1008
|
+
:param pulumi.Input[builtins.bool] ocsp_enabled: If enabled, validate certificates'
|
1008
1009
|
revocation status using OCSP. Requires Vault version 1.13+.
|
1009
|
-
:param pulumi.Input[bool] ocsp_fail_open: If true and an OCSP response cannot
|
1010
|
+
:param pulumi.Input[builtins.bool] ocsp_fail_open: If true and an OCSP response cannot
|
1010
1011
|
be fetched or is of an unknown status, the login will proceed as if the
|
1011
1012
|
certificate has not been revoked.
|
1012
1013
|
Requires Vault version 1.13+.
|
1013
|
-
:param pulumi.Input[bool] ocsp_query_all_servers: If set to true, rather than
|
1014
|
+
:param pulumi.Input[builtins.bool] ocsp_query_all_servers: If set to true, rather than
|
1014
1015
|
accepting the first successful OCSP response, query all servers and consider
|
1015
1016
|
the certificate valid only if all servers agree.
|
1016
1017
|
Requires Vault version 1.13+.
|
1017
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
1018
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
1018
1019
|
server addresses. If unset, the OCSP server is determined from the
|
1019
1020
|
AuthorityInformationAccess extension on the certificate being inspected.
|
1020
1021
|
Requires Vault version 1.13+.
|
1021
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
|
1022
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] required_extensions: TLS extensions required on
|
1022
1023
|
client certificates
|
1023
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1024
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1025
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1026
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1027
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1028
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
1029
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1030
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1031
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1024
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1025
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1026
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
1027
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1028
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1029
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
1030
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
1031
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
1032
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
1032
1033
|
"""
|
1033
1034
|
...
|
1034
1035
|
@overload
|
@@ -1077,32 +1078,32 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1077
1078
|
def _internal_init(__self__,
|
1078
1079
|
resource_name: str,
|
1079
1080
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1080
|
-
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1081
|
-
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1082
|
-
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1083
|
-
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1084
|
-
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1085
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1086
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1087
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1088
|
-
display_name: Optional[pulumi.Input[str]] = None,
|
1089
|
-
name: Optional[pulumi.Input[str]] = None,
|
1090
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1091
|
-
ocsp_ca_certificates: Optional[pulumi.Input[str]] = None,
|
1092
|
-
ocsp_enabled: Optional[pulumi.Input[bool]] = None,
|
1093
|
-
ocsp_fail_open: Optional[pulumi.Input[bool]] = None,
|
1094
|
-
ocsp_query_all_servers: Optional[pulumi.Input[bool]] = None,
|
1095
|
-
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1096
|
-
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1097
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1098
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1099
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1100
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1101
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1102
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
1103
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1104
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
1105
|
-
token_type: Optional[pulumi.Input[str]] = None,
|
1081
|
+
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1082
|
+
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1083
|
+
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1084
|
+
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1085
|
+
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1086
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1087
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1088
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1089
|
+
display_name: Optional[pulumi.Input[builtins.str]] = None,
|
1090
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1091
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1092
|
+
ocsp_ca_certificates: Optional[pulumi.Input[builtins.str]] = None,
|
1093
|
+
ocsp_enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
1094
|
+
ocsp_fail_open: Optional[pulumi.Input[builtins.bool]] = None,
|
1095
|
+
ocsp_query_all_servers: Optional[pulumi.Input[builtins.bool]] = None,
|
1096
|
+
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1097
|
+
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1098
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1099
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1100
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1101
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1102
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1103
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1104
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1105
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1106
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None,
|
1106
1107
|
__props__=None):
|
1107
1108
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
1108
1109
|
if not isinstance(opts, pulumi.ResourceOptions):
|
@@ -1150,32 +1151,32 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1150
1151
|
def get(resource_name: str,
|
1151
1152
|
id: pulumi.Input[str],
|
1152
1153
|
opts: Optional[pulumi.ResourceOptions] = None,
|
1153
|
-
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1154
|
-
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1155
|
-
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1156
|
-
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1157
|
-
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1158
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1159
|
-
backend: Optional[pulumi.Input[str]] = None,
|
1160
|
-
certificate: Optional[pulumi.Input[str]] = None,
|
1161
|
-
display_name: Optional[pulumi.Input[str]] = None,
|
1162
|
-
name: Optional[pulumi.Input[str]] = None,
|
1163
|
-
namespace: Optional[pulumi.Input[str]] = None,
|
1164
|
-
ocsp_ca_certificates: Optional[pulumi.Input[str]] = None,
|
1165
|
-
ocsp_enabled: Optional[pulumi.Input[bool]] = None,
|
1166
|
-
ocsp_fail_open: Optional[pulumi.Input[bool]] = None,
|
1167
|
-
ocsp_query_all_servers: Optional[pulumi.Input[bool]] = None,
|
1168
|
-
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1169
|
-
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1170
|
-
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1171
|
-
token_explicit_max_ttl: Optional[pulumi.Input[int]] = None,
|
1172
|
-
token_max_ttl: Optional[pulumi.Input[int]] = None,
|
1173
|
-
token_no_default_policy: Optional[pulumi.Input[bool]] = None,
|
1174
|
-
token_num_uses: Optional[pulumi.Input[int]] = None,
|
1175
|
-
token_period: Optional[pulumi.Input[int]] = None,
|
1176
|
-
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
|
1177
|
-
token_ttl: Optional[pulumi.Input[int]] = None,
|
1178
|
-
token_type: Optional[pulumi.Input[str]] = None) -> 'CertAuthBackendRole':
|
1154
|
+
allowed_common_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1155
|
+
allowed_dns_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1156
|
+
allowed_email_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1157
|
+
allowed_names: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1158
|
+
allowed_organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1159
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1160
|
+
backend: Optional[pulumi.Input[builtins.str]] = None,
|
1161
|
+
certificate: Optional[pulumi.Input[builtins.str]] = None,
|
1162
|
+
display_name: Optional[pulumi.Input[builtins.str]] = None,
|
1163
|
+
name: Optional[pulumi.Input[builtins.str]] = None,
|
1164
|
+
namespace: Optional[pulumi.Input[builtins.str]] = None,
|
1165
|
+
ocsp_ca_certificates: Optional[pulumi.Input[builtins.str]] = None,
|
1166
|
+
ocsp_enabled: Optional[pulumi.Input[builtins.bool]] = None,
|
1167
|
+
ocsp_fail_open: Optional[pulumi.Input[builtins.bool]] = None,
|
1168
|
+
ocsp_query_all_servers: Optional[pulumi.Input[builtins.bool]] = None,
|
1169
|
+
ocsp_servers_overrides: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1170
|
+
required_extensions: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1171
|
+
token_bound_cidrs: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1172
|
+
token_explicit_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1173
|
+
token_max_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1174
|
+
token_no_default_policy: Optional[pulumi.Input[builtins.bool]] = None,
|
1175
|
+
token_num_uses: Optional[pulumi.Input[builtins.int]] = None,
|
1176
|
+
token_period: Optional[pulumi.Input[builtins.int]] = None,
|
1177
|
+
token_policies: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
|
1178
|
+
token_ttl: Optional[pulumi.Input[builtins.int]] = None,
|
1179
|
+
token_type: Optional[pulumi.Input[builtins.str]] = None) -> 'CertAuthBackendRole':
|
1179
1180
|
"""
|
1180
1181
|
Get an existing CertAuthBackendRole resource's state with the given name, id, and optional extra
|
1181
1182
|
properties used to qualify the lookup.
|
@@ -1183,48 +1184,48 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1183
1184
|
:param str resource_name: The unique name of the resulting resource.
|
1184
1185
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
1185
1186
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
1186
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
1187
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
1188
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
1189
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
1190
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
1191
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
1192
|
-
:param pulumi.Input[str] backend: Path to the mounted Cert auth backend
|
1193
|
-
:param pulumi.Input[str] certificate: CA certificate used to validate client certificates
|
1194
|
-
:param pulumi.Input[str] display_name: The name to display on tokens issued under this role.
|
1195
|
-
:param pulumi.Input[str] name: Name of the role
|
1196
|
-
:param pulumi.Input[str] namespace: The namespace to provision the resource in.
|
1187
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_common_names: Allowed the common names for authenticated client certificates
|
1188
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_dns_sans: Allowed alternative dns names for authenticated client certificates
|
1189
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_email_sans: Allowed emails for authenticated client certificates
|
1190
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_names: DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
1191
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_organizational_units: Allowed organization units for authenticated client certificates.
|
1192
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_uri_sans: Allowed URIs for authenticated client certificates
|
1193
|
+
:param pulumi.Input[builtins.str] backend: Path to the mounted Cert auth backend
|
1194
|
+
:param pulumi.Input[builtins.str] certificate: CA certificate used to validate client certificates
|
1195
|
+
:param pulumi.Input[builtins.str] display_name: The name to display on tokens issued under this role.
|
1196
|
+
:param pulumi.Input[builtins.str] name: Name of the role
|
1197
|
+
:param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
|
1197
1198
|
The value should not contain leading or trailing forward slashes.
|
1198
1199
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
1199
1200
|
*Available only for Vault Enterprise*.
|
1200
|
-
:param pulumi.Input[str] ocsp_ca_certificates: Any additional CA certificates
|
1201
|
+
:param pulumi.Input[builtins.str] ocsp_ca_certificates: Any additional CA certificates
|
1201
1202
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
1202
1203
|
Requires Vault version 1.13+.
|
1203
|
-
:param pulumi.Input[bool] ocsp_enabled: If enabled, validate certificates'
|
1204
|
+
:param pulumi.Input[builtins.bool] ocsp_enabled: If enabled, validate certificates'
|
1204
1205
|
revocation status using OCSP. Requires Vault version 1.13+.
|
1205
|
-
:param pulumi.Input[bool] ocsp_fail_open: If true and an OCSP response cannot
|
1206
|
+
:param pulumi.Input[builtins.bool] ocsp_fail_open: If true and an OCSP response cannot
|
1206
1207
|
be fetched or is of an unknown status, the login will proceed as if the
|
1207
1208
|
certificate has not been revoked.
|
1208
1209
|
Requires Vault version 1.13+.
|
1209
|
-
:param pulumi.Input[bool] ocsp_query_all_servers: If set to true, rather than
|
1210
|
+
:param pulumi.Input[builtins.bool] ocsp_query_all_servers: If set to true, rather than
|
1210
1211
|
accepting the first successful OCSP response, query all servers and consider
|
1211
1212
|
the certificate valid only if all servers agree.
|
1212
1213
|
Requires Vault version 1.13+.
|
1213
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
1214
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] ocsp_servers_overrides: : A comma-separated list of OCSP
|
1214
1215
|
server addresses. If unset, the OCSP server is determined from the
|
1215
1216
|
AuthorityInformationAccess extension on the certificate being inspected.
|
1216
1217
|
Requires Vault version 1.13+.
|
1217
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] required_extensions: TLS extensions required on
|
1218
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] required_extensions: TLS extensions required on
|
1218
1219
|
client certificates
|
1219
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1220
|
-
:param pulumi.Input[int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1221
|
-
:param pulumi.Input[int] token_max_ttl: The maximum lifetime of the generated token
|
1222
|
-
:param pulumi.Input[bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1223
|
-
:param pulumi.Input[int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1224
|
-
:param pulumi.Input[int] token_period: Generated Token's Period
|
1225
|
-
:param pulumi.Input[Sequence[pulumi.Input[str]]] token_policies: Generated Token's Policies
|
1226
|
-
:param pulumi.Input[int] token_ttl: The initial ttl of the token to generate in seconds
|
1227
|
-
:param pulumi.Input[str] token_type: The type of token to generate, service or batch
|
1220
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_bound_cidrs: Specifies the blocks of IP addresses which are allowed to use the generated token
|
1221
|
+
:param pulumi.Input[builtins.int] token_explicit_max_ttl: Generated Token's Explicit Maximum TTL in seconds
|
1222
|
+
:param pulumi.Input[builtins.int] token_max_ttl: The maximum lifetime of the generated token
|
1223
|
+
:param pulumi.Input[builtins.bool] token_no_default_policy: If true, the 'default' policy will not automatically be added to generated tokens
|
1224
|
+
:param pulumi.Input[builtins.int] token_num_uses: The maximum number of times a token may be used, a value of zero means unlimited
|
1225
|
+
:param pulumi.Input[builtins.int] token_period: Generated Token's Period
|
1226
|
+
:param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] token_policies: Generated Token's Policies
|
1227
|
+
:param pulumi.Input[builtins.int] token_ttl: The initial ttl of the token to generate in seconds
|
1228
|
+
:param pulumi.Input[builtins.str] token_type: The type of token to generate, service or batch
|
1228
1229
|
"""
|
1229
1230
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
1230
1231
|
|
@@ -1260,7 +1261,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1260
1261
|
|
1261
1262
|
@property
|
1262
1263
|
@pulumi.getter(name="allowedCommonNames")
|
1263
|
-
def allowed_common_names(self) -> pulumi.Output[Sequence[str]]:
|
1264
|
+
def allowed_common_names(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1264
1265
|
"""
|
1265
1266
|
Allowed the common names for authenticated client certificates
|
1266
1267
|
"""
|
@@ -1268,7 +1269,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1268
1269
|
|
1269
1270
|
@property
|
1270
1271
|
@pulumi.getter(name="allowedDnsSans")
|
1271
|
-
def allowed_dns_sans(self) -> pulumi.Output[Sequence[str]]:
|
1272
|
+
def allowed_dns_sans(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1272
1273
|
"""
|
1273
1274
|
Allowed alternative dns names for authenticated client certificates
|
1274
1275
|
"""
|
@@ -1276,7 +1277,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1276
1277
|
|
1277
1278
|
@property
|
1278
1279
|
@pulumi.getter(name="allowedEmailSans")
|
1279
|
-
def allowed_email_sans(self) -> pulumi.Output[Sequence[str]]:
|
1280
|
+
def allowed_email_sans(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1280
1281
|
"""
|
1281
1282
|
Allowed emails for authenticated client certificates
|
1282
1283
|
"""
|
@@ -1284,7 +1285,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1284
1285
|
|
1285
1286
|
@property
|
1286
1287
|
@pulumi.getter(name="allowedNames")
|
1287
|
-
def allowed_names(self) -> pulumi.Output[Sequence[str]]:
|
1288
|
+
def allowed_names(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1288
1289
|
"""
|
1289
1290
|
DEPRECATED: Please use the individual `allowed_X_sans` parameters instead. Allowed subject names for authenticated client certificates
|
1290
1291
|
"""
|
@@ -1292,7 +1293,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1292
1293
|
|
1293
1294
|
@property
|
1294
1295
|
@pulumi.getter(name="allowedOrganizationalUnits")
|
1295
|
-
def allowed_organizational_units(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1296
|
+
def allowed_organizational_units(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1296
1297
|
"""
|
1297
1298
|
Allowed organization units for authenticated client certificates.
|
1298
1299
|
"""
|
@@ -1300,7 +1301,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1300
1301
|
|
1301
1302
|
@property
|
1302
1303
|
@pulumi.getter(name="allowedUriSans")
|
1303
|
-
def allowed_uri_sans(self) -> pulumi.Output[Sequence[str]]:
|
1304
|
+
def allowed_uri_sans(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1304
1305
|
"""
|
1305
1306
|
Allowed URIs for authenticated client certificates
|
1306
1307
|
"""
|
@@ -1308,7 +1309,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1308
1309
|
|
1309
1310
|
@property
|
1310
1311
|
@pulumi.getter
|
1311
|
-
def backend(self) -> pulumi.Output[Optional[str]]:
|
1312
|
+
def backend(self) -> pulumi.Output[Optional[builtins.str]]:
|
1312
1313
|
"""
|
1313
1314
|
Path to the mounted Cert auth backend
|
1314
1315
|
"""
|
@@ -1316,7 +1317,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1316
1317
|
|
1317
1318
|
@property
|
1318
1319
|
@pulumi.getter
|
1319
|
-
def certificate(self) -> pulumi.Output[str]:
|
1320
|
+
def certificate(self) -> pulumi.Output[builtins.str]:
|
1320
1321
|
"""
|
1321
1322
|
CA certificate used to validate client certificates
|
1322
1323
|
"""
|
@@ -1324,7 +1325,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1324
1325
|
|
1325
1326
|
@property
|
1326
1327
|
@pulumi.getter(name="displayName")
|
1327
|
-
def display_name(self) -> pulumi.Output[str]:
|
1328
|
+
def display_name(self) -> pulumi.Output[builtins.str]:
|
1328
1329
|
"""
|
1329
1330
|
The name to display on tokens issued under this role.
|
1330
1331
|
"""
|
@@ -1332,7 +1333,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1332
1333
|
|
1333
1334
|
@property
|
1334
1335
|
@pulumi.getter
|
1335
|
-
def name(self) -> pulumi.Output[str]:
|
1336
|
+
def name(self) -> pulumi.Output[builtins.str]:
|
1336
1337
|
"""
|
1337
1338
|
Name of the role
|
1338
1339
|
"""
|
@@ -1340,7 +1341,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1340
1341
|
|
1341
1342
|
@property
|
1342
1343
|
@pulumi.getter
|
1343
|
-
def namespace(self) -> pulumi.Output[Optional[str]]:
|
1344
|
+
def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
|
1344
1345
|
"""
|
1345
1346
|
The namespace to provision the resource in.
|
1346
1347
|
The value should not contain leading or trailing forward slashes.
|
@@ -1351,7 +1352,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1351
1352
|
|
1352
1353
|
@property
|
1353
1354
|
@pulumi.getter(name="ocspCaCertificates")
|
1354
|
-
def ocsp_ca_certificates(self) -> pulumi.Output[Optional[str]]:
|
1355
|
+
def ocsp_ca_certificates(self) -> pulumi.Output[Optional[builtins.str]]:
|
1355
1356
|
"""
|
1356
1357
|
Any additional CA certificates
|
1357
1358
|
needed to verify OCSP responses. Provided as base64 encoded PEM data.
|
@@ -1361,7 +1362,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1361
1362
|
|
1362
1363
|
@property
|
1363
1364
|
@pulumi.getter(name="ocspEnabled")
|
1364
|
-
def ocsp_enabled(self) -> pulumi.Output[bool]:
|
1365
|
+
def ocsp_enabled(self) -> pulumi.Output[builtins.bool]:
|
1365
1366
|
"""
|
1366
1367
|
If enabled, validate certificates'
|
1367
1368
|
revocation status using OCSP. Requires Vault version 1.13+.
|
@@ -1370,7 +1371,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1370
1371
|
|
1371
1372
|
@property
|
1372
1373
|
@pulumi.getter(name="ocspFailOpen")
|
1373
|
-
def ocsp_fail_open(self) -> pulumi.Output[bool]:
|
1374
|
+
def ocsp_fail_open(self) -> pulumi.Output[builtins.bool]:
|
1374
1375
|
"""
|
1375
1376
|
If true and an OCSP response cannot
|
1376
1377
|
be fetched or is of an unknown status, the login will proceed as if the
|
@@ -1381,7 +1382,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1381
1382
|
|
1382
1383
|
@property
|
1383
1384
|
@pulumi.getter(name="ocspQueryAllServers")
|
1384
|
-
def ocsp_query_all_servers(self) -> pulumi.Output[bool]:
|
1385
|
+
def ocsp_query_all_servers(self) -> pulumi.Output[builtins.bool]:
|
1385
1386
|
"""
|
1386
1387
|
If set to true, rather than
|
1387
1388
|
accepting the first successful OCSP response, query all servers and consider
|
@@ -1392,7 +1393,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1392
1393
|
|
1393
1394
|
@property
|
1394
1395
|
@pulumi.getter(name="ocspServersOverrides")
|
1395
|
-
def ocsp_servers_overrides(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1396
|
+
def ocsp_servers_overrides(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1396
1397
|
"""
|
1397
1398
|
: A comma-separated list of OCSP
|
1398
1399
|
server addresses. If unset, the OCSP server is determined from the
|
@@ -1403,7 +1404,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1403
1404
|
|
1404
1405
|
@property
|
1405
1406
|
@pulumi.getter(name="requiredExtensions")
|
1406
|
-
def required_extensions(self) -> pulumi.Output[Sequence[str]]:
|
1407
|
+
def required_extensions(self) -> pulumi.Output[Sequence[builtins.str]]:
|
1407
1408
|
"""
|
1408
1409
|
TLS extensions required on
|
1409
1410
|
client certificates
|
@@ -1412,7 +1413,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1412
1413
|
|
1413
1414
|
@property
|
1414
1415
|
@pulumi.getter(name="tokenBoundCidrs")
|
1415
|
-
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1416
|
+
def token_bound_cidrs(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1416
1417
|
"""
|
1417
1418
|
Specifies the blocks of IP addresses which are allowed to use the generated token
|
1418
1419
|
"""
|
@@ -1420,7 +1421,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1420
1421
|
|
1421
1422
|
@property
|
1422
1423
|
@pulumi.getter(name="tokenExplicitMaxTtl")
|
1423
|
-
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1424
|
+
def token_explicit_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1424
1425
|
"""
|
1425
1426
|
Generated Token's Explicit Maximum TTL in seconds
|
1426
1427
|
"""
|
@@ -1428,7 +1429,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1428
1429
|
|
1429
1430
|
@property
|
1430
1431
|
@pulumi.getter(name="tokenMaxTtl")
|
1431
|
-
def token_max_ttl(self) -> pulumi.Output[Optional[int]]:
|
1432
|
+
def token_max_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1432
1433
|
"""
|
1433
1434
|
The maximum lifetime of the generated token
|
1434
1435
|
"""
|
@@ -1436,7 +1437,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1436
1437
|
|
1437
1438
|
@property
|
1438
1439
|
@pulumi.getter(name="tokenNoDefaultPolicy")
|
1439
|
-
def token_no_default_policy(self) -> pulumi.Output[Optional[bool]]:
|
1440
|
+
def token_no_default_policy(self) -> pulumi.Output[Optional[builtins.bool]]:
|
1440
1441
|
"""
|
1441
1442
|
If true, the 'default' policy will not automatically be added to generated tokens
|
1442
1443
|
"""
|
@@ -1444,7 +1445,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1444
1445
|
|
1445
1446
|
@property
|
1446
1447
|
@pulumi.getter(name="tokenNumUses")
|
1447
|
-
def token_num_uses(self) -> pulumi.Output[Optional[int]]:
|
1448
|
+
def token_num_uses(self) -> pulumi.Output[Optional[builtins.int]]:
|
1448
1449
|
"""
|
1449
1450
|
The maximum number of times a token may be used, a value of zero means unlimited
|
1450
1451
|
"""
|
@@ -1452,7 +1453,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1452
1453
|
|
1453
1454
|
@property
|
1454
1455
|
@pulumi.getter(name="tokenPeriod")
|
1455
|
-
def token_period(self) -> pulumi.Output[Optional[int]]:
|
1456
|
+
def token_period(self) -> pulumi.Output[Optional[builtins.int]]:
|
1456
1457
|
"""
|
1457
1458
|
Generated Token's Period
|
1458
1459
|
"""
|
@@ -1460,7 +1461,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1460
1461
|
|
1461
1462
|
@property
|
1462
1463
|
@pulumi.getter(name="tokenPolicies")
|
1463
|
-
def token_policies(self) -> pulumi.Output[Optional[Sequence[str]]]:
|
1464
|
+
def token_policies(self) -> pulumi.Output[Optional[Sequence[builtins.str]]]:
|
1464
1465
|
"""
|
1465
1466
|
Generated Token's Policies
|
1466
1467
|
"""
|
@@ -1468,7 +1469,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1468
1469
|
|
1469
1470
|
@property
|
1470
1471
|
@pulumi.getter(name="tokenTtl")
|
1471
|
-
def token_ttl(self) -> pulumi.Output[Optional[int]]:
|
1472
|
+
def token_ttl(self) -> pulumi.Output[Optional[builtins.int]]:
|
1472
1473
|
"""
|
1473
1474
|
The initial ttl of the token to generate in seconds
|
1474
1475
|
"""
|
@@ -1476,7 +1477,7 @@ class CertAuthBackendRole(pulumi.CustomResource):
|
|
1476
1477
|
|
1477
1478
|
@property
|
1478
1479
|
@pulumi.getter(name="tokenType")
|
1479
|
-
def token_type(self) -> pulumi.Output[Optional[str]]:
|
1480
|
+
def token_type(self) -> pulumi.Output[Optional[builtins.str]]:
|
1480
1481
|
"""
|
1481
1482
|
The type of token to generate, service or batch
|
1482
1483
|
"""
|