pulumi-vault 7.0.0a1750489873__py3-none-any.whl → 7.1.0a1752118888__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. pulumi_vault/__init__.py +17 -0
  2. pulumi_vault/database/_inputs.py +48 -0
  3. pulumi_vault/database/outputs.py +30 -0
  4. pulumi_vault/database/secret_backend_connection.py +10 -0
  5. pulumi_vault/pkisecret/__init__.py +2 -0
  6. pulumi_vault/pkisecret/_inputs.py +94 -6
  7. pulumi_vault/pkisecret/backend_config_scep.py +692 -0
  8. pulumi_vault/pkisecret/get_backend_config_scep.py +252 -0
  9. pulumi_vault/pkisecret/outputs.py +112 -8
  10. pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +61 -14
  11. pulumi_vault/pulumi-plugin.json +1 -1
  12. pulumi_vault/quota_rate_limit.py +153 -3
  13. pulumi_vault/scep_auth_backend_role.py +855 -0
  14. pulumi_vault/transit/__init__.py +1 -0
  15. pulumi_vault/transit/get_cmac.py +257 -0
  16. pulumi_vault/transit/get_verify.py +16 -1
  17. {pulumi_vault-7.0.0a1750489873.dist-info → pulumi_vault-7.1.0a1752118888.dist-info}/METADATA +1 -1
  18. {pulumi_vault-7.0.0a1750489873.dist-info → pulumi_vault-7.1.0a1752118888.dist-info}/RECORD +20 -16
  19. {pulumi_vault-7.0.0a1750489873.dist-info → pulumi_vault-7.1.0a1752118888.dist-info}/WHEEL +0 -0
  20. {pulumi_vault-7.0.0a1750489873.dist-info → pulumi_vault-7.1.0a1752118888.dist-info}/top_level.txt +0 -0
pulumi_vault/pkisecret/backend_config_scep.py ADDED
@@ -0,0 +1,692 @@
1
+ # coding=utf-8
2
+ # *** WARNING: this file was generated by pulumi-language-python. ***
3
+ # *** Do not edit by hand unless you're certain you know what you are doing! ***
4
+
5
+ import builtins
6
+ import copy
7
+ import warnings
8
+ import sys
9
+ import pulumi
10
+ import pulumi.runtime
11
+ from typing import Any, Mapping, Optional, Sequence, Union, overload
12
+ if sys.version_info >= (3, 11):
13
+ from typing import NotRequired, TypedDict, TypeAlias
14
+ else:
15
+ from typing_extensions import NotRequired, TypedDict, TypeAlias
16
+ from .. import _utilities
17
+ from . import outputs
18
+ from ._inputs import *
19
+
20
+ __all__ = ['BackendConfigScepArgs', 'BackendConfigScep']
21
+
22
+ @pulumi.input_type
23
+ class BackendConfigScepArgs:
24
+ def __init__(__self__, *,
25
+ backend: pulumi.Input[builtins.str],
26
+ allowed_digest_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
27
+ allowed_encryption_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
28
+ authenticators: Optional[pulumi.Input['BackendConfigScepAuthenticatorsArgs']] = None,
29
+ default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
30
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
31
+ external_validations: Optional[pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]]] = None,
32
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
33
+ restrict_ca_chain_to_issuer: Optional[pulumi.Input[builtins.bool]] = None):
34
+ """
35
+ The set of arguments for constructing a BackendConfigScep resource.
36
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
37
+ read the SCEP configuration from, with no leading or trailing `/`s.
38
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_digest_algorithms: List of allowed digest algorithms for SCEP requests.
39
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_encryption_algorithms: List of allowed encryption algorithms for SCEP requests.
40
+ :param pulumi.Input['BackendConfigScepAuthenticatorsArgs'] authenticators: Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
41
+ :param pulumi.Input[builtins.str] default_path_policy: Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
42
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether SCEP is enabled.
43
+ :param pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]] external_validations: Lists the 3rd party validation of SCEP requests (see below for nested schema).
44
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
45
+ The value should not contain leading or trailing forward slashes.
46
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
47
+ *Available only for Vault Enterprise*.
48
+ :param pulumi.Input[builtins.bool] restrict_ca_chain_to_issuer: If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
49
+
50
+
51
+ <a id="nestedatt--authenticators"></a>
52
+ """
53
+ pulumi.set(__self__, "backend", backend)
54
+ if allowed_digest_algorithms is not None:
55
+ pulumi.set(__self__, "allowed_digest_algorithms", allowed_digest_algorithms)
56
+ if allowed_encryption_algorithms is not None:
57
+ pulumi.set(__self__, "allowed_encryption_algorithms", allowed_encryption_algorithms)
58
+ if authenticators is not None:
59
+ pulumi.set(__self__, "authenticators", authenticators)
60
+ if default_path_policy is not None:
61
+ pulumi.set(__self__, "default_path_policy", default_path_policy)
62
+ if enabled is not None:
63
+ pulumi.set(__self__, "enabled", enabled)
64
+ if external_validations is not None:
65
+ pulumi.set(__self__, "external_validations", external_validations)
66
+ if namespace is not None:
67
+ pulumi.set(__self__, "namespace", namespace)
68
+ if restrict_ca_chain_to_issuer is not None:
69
+ pulumi.set(__self__, "restrict_ca_chain_to_issuer", restrict_ca_chain_to_issuer)
70
+
71
+ @property
72
+ @pulumi.getter
73
+ def backend(self) -> pulumi.Input[builtins.str]:
74
+ """
75
+ The path to the PKI secret backend to
76
+ read the SCEP configuration from, with no leading or trailing `/`s.
77
+ """
78
+ return pulumi.get(self, "backend")
79
+
80
+ @backend.setter
81
+ def backend(self, value: pulumi.Input[builtins.str]):
82
+ pulumi.set(self, "backend", value)
83
+
84
+ @property
85
+ @pulumi.getter(name="allowedDigestAlgorithms")
86
+ def allowed_digest_algorithms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
87
+ """
88
+ List of allowed digest algorithms for SCEP requests.
89
+ """
90
+ return pulumi.get(self, "allowed_digest_algorithms")
91
+
92
+ @allowed_digest_algorithms.setter
93
+ def allowed_digest_algorithms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
94
+ pulumi.set(self, "allowed_digest_algorithms", value)
95
+
96
+ @property
97
+ @pulumi.getter(name="allowedEncryptionAlgorithms")
98
+ def allowed_encryption_algorithms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
99
+ """
100
+ List of allowed encryption algorithms for SCEP requests.
101
+ """
102
+ return pulumi.get(self, "allowed_encryption_algorithms")
103
+
104
+ @allowed_encryption_algorithms.setter
105
+ def allowed_encryption_algorithms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
106
+ pulumi.set(self, "allowed_encryption_algorithms", value)
107
+
108
+ @property
109
+ @pulumi.getter
110
+ def authenticators(self) -> Optional[pulumi.Input['BackendConfigScepAuthenticatorsArgs']]:
111
+ """
112
+ Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
113
+ """
114
+ return pulumi.get(self, "authenticators")
115
+
116
+ @authenticators.setter
117
+ def authenticators(self, value: Optional[pulumi.Input['BackendConfigScepAuthenticatorsArgs']]):
118
+ pulumi.set(self, "authenticators", value)
119
+
120
+ @property
121
+ @pulumi.getter(name="defaultPathPolicy")
122
+ def default_path_policy(self) -> Optional[pulumi.Input[builtins.str]]:
123
+ """
124
+ Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
125
+ """
126
+ return pulumi.get(self, "default_path_policy")
127
+
128
+ @default_path_policy.setter
129
+ def default_path_policy(self, value: Optional[pulumi.Input[builtins.str]]):
130
+ pulumi.set(self, "default_path_policy", value)
131
+
132
+ @property
133
+ @pulumi.getter
134
+ def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
135
+ """
136
+ Specifies whether SCEP is enabled.
137
+ """
138
+ return pulumi.get(self, "enabled")
139
+
140
+ @enabled.setter
141
+ def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
142
+ pulumi.set(self, "enabled", value)
143
+
144
+ @property
145
+ @pulumi.getter(name="externalValidations")
146
+ def external_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]]]:
147
+ """
148
+ Lists the 3rd party validation of SCEP requests (see below for nested schema).
149
+ """
150
+ return pulumi.get(self, "external_validations")
151
+
152
+ @external_validations.setter
153
+ def external_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]]]):
154
+ pulumi.set(self, "external_validations", value)
155
+
156
+ @property
157
+ @pulumi.getter
158
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
159
+ """
160
+ The namespace of the target resource.
161
+ The value should not contain leading or trailing forward slashes.
162
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
163
+ *Available only for Vault Enterprise*.
164
+ """
165
+ return pulumi.get(self, "namespace")
166
+
167
+ @namespace.setter
168
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
169
+ pulumi.set(self, "namespace", value)
170
+
171
+ @property
172
+ @pulumi.getter(name="restrictCaChainToIssuer")
173
+ def restrict_ca_chain_to_issuer(self) -> Optional[pulumi.Input[builtins.bool]]:
174
+ """
175
+ If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
176
+
177
+
178
+ <a id="nestedatt--authenticators"></a>
179
+ """
180
+ return pulumi.get(self, "restrict_ca_chain_to_issuer")
181
+
182
+ @restrict_ca_chain_to_issuer.setter
183
+ def restrict_ca_chain_to_issuer(self, value: Optional[pulumi.Input[builtins.bool]]):
184
+ pulumi.set(self, "restrict_ca_chain_to_issuer", value)
185
+
186
+
187
+ @pulumi.input_type
188
+ class _BackendConfigScepState:
189
+ def __init__(__self__, *,
190
+ allowed_digest_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
191
+ allowed_encryption_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
192
+ authenticators: Optional[pulumi.Input['BackendConfigScepAuthenticatorsArgs']] = None,
193
+ backend: Optional[pulumi.Input[builtins.str]] = None,
194
+ default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
195
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
196
+ external_validations: Optional[pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]]] = None,
197
+ last_updated: Optional[pulumi.Input[builtins.str]] = None,
198
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
199
+ restrict_ca_chain_to_issuer: Optional[pulumi.Input[builtins.bool]] = None):
200
+ """
201
+ Input properties used for looking up and filtering BackendConfigScep resources.
202
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_digest_algorithms: List of allowed digest algorithms for SCEP requests.
203
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_encryption_algorithms: List of allowed encryption algorithms for SCEP requests.
204
+ :param pulumi.Input['BackendConfigScepAuthenticatorsArgs'] authenticators: Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
205
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
206
+ read the SCEP configuration from, with no leading or trailing `/`s.
207
+ :param pulumi.Input[builtins.str] default_path_policy: Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
208
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether SCEP is enabled.
209
+ :param pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]] external_validations: Lists the 3rd party validation of SCEP requests (see below for nested schema).
210
+ :param pulumi.Input[builtins.str] last_updated: A read-only timestamp representing the last time the configuration was updated.
211
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
212
+ The value should not contain leading or trailing forward slashes.
213
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
214
+ *Available only for Vault Enterprise*.
215
+ :param pulumi.Input[builtins.bool] restrict_ca_chain_to_issuer: If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
216
+
217
+
218
+ <a id="nestedatt--authenticators"></a>
219
+ """
220
+ if allowed_digest_algorithms is not None:
221
+ pulumi.set(__self__, "allowed_digest_algorithms", allowed_digest_algorithms)
222
+ if allowed_encryption_algorithms is not None:
223
+ pulumi.set(__self__, "allowed_encryption_algorithms", allowed_encryption_algorithms)
224
+ if authenticators is not None:
225
+ pulumi.set(__self__, "authenticators", authenticators)
226
+ if backend is not None:
227
+ pulumi.set(__self__, "backend", backend)
228
+ if default_path_policy is not None:
229
+ pulumi.set(__self__, "default_path_policy", default_path_policy)
230
+ if enabled is not None:
231
+ pulumi.set(__self__, "enabled", enabled)
232
+ if external_validations is not None:
233
+ pulumi.set(__self__, "external_validations", external_validations)
234
+ if last_updated is not None:
235
+ pulumi.set(__self__, "last_updated", last_updated)
236
+ if namespace is not None:
237
+ pulumi.set(__self__, "namespace", namespace)
238
+ if restrict_ca_chain_to_issuer is not None:
239
+ pulumi.set(__self__, "restrict_ca_chain_to_issuer", restrict_ca_chain_to_issuer)
240
+
241
+ @property
242
+ @pulumi.getter(name="allowedDigestAlgorithms")
243
+ def allowed_digest_algorithms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
244
+ """
245
+ List of allowed digest algorithms for SCEP requests.
246
+ """
247
+ return pulumi.get(self, "allowed_digest_algorithms")
248
+
249
+ @allowed_digest_algorithms.setter
250
+ def allowed_digest_algorithms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
251
+ pulumi.set(self, "allowed_digest_algorithms", value)
252
+
253
+ @property
254
+ @pulumi.getter(name="allowedEncryptionAlgorithms")
255
+ def allowed_encryption_algorithms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]:
256
+ """
257
+ List of allowed encryption algorithms for SCEP requests.
258
+ """
259
+ return pulumi.get(self, "allowed_encryption_algorithms")
260
+
261
+ @allowed_encryption_algorithms.setter
262
+ def allowed_encryption_algorithms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]):
263
+ pulumi.set(self, "allowed_encryption_algorithms", value)
264
+
265
+ @property
266
+ @pulumi.getter
267
+ def authenticators(self) -> Optional[pulumi.Input['BackendConfigScepAuthenticatorsArgs']]:
268
+ """
269
+ Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
270
+ """
271
+ return pulumi.get(self, "authenticators")
272
+
273
+ @authenticators.setter
274
+ def authenticators(self, value: Optional[pulumi.Input['BackendConfigScepAuthenticatorsArgs']]):
275
+ pulumi.set(self, "authenticators", value)
276
+
277
+ @property
278
+ @pulumi.getter
279
+ def backend(self) -> Optional[pulumi.Input[builtins.str]]:
280
+ """
281
+ The path to the PKI secret backend to
282
+ read the SCEP configuration from, with no leading or trailing `/`s.
283
+ """
284
+ return pulumi.get(self, "backend")
285
+
286
+ @backend.setter
287
+ def backend(self, value: Optional[pulumi.Input[builtins.str]]):
288
+ pulumi.set(self, "backend", value)
289
+
290
+ @property
291
+ @pulumi.getter(name="defaultPathPolicy")
292
+ def default_path_policy(self) -> Optional[pulumi.Input[builtins.str]]:
293
+ """
294
+ Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
295
+ """
296
+ return pulumi.get(self, "default_path_policy")
297
+
298
+ @default_path_policy.setter
299
+ def default_path_policy(self, value: Optional[pulumi.Input[builtins.str]]):
300
+ pulumi.set(self, "default_path_policy", value)
301
+
302
+ @property
303
+ @pulumi.getter
304
+ def enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
305
+ """
306
+ Specifies whether SCEP is enabled.
307
+ """
308
+ return pulumi.get(self, "enabled")
309
+
310
+ @enabled.setter
311
+ def enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
312
+ pulumi.set(self, "enabled", value)
313
+
314
+ @property
315
+ @pulumi.getter(name="externalValidations")
316
+ def external_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]]]:
317
+ """
318
+ Lists the 3rd party validation of SCEP requests (see below for nested schema).
319
+ """
320
+ return pulumi.get(self, "external_validations")
321
+
322
+ @external_validations.setter
323
+ def external_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['BackendConfigScepExternalValidationArgs']]]]):
324
+ pulumi.set(self, "external_validations", value)
325
+
326
+ @property
327
+ @pulumi.getter(name="lastUpdated")
328
+ def last_updated(self) -> Optional[pulumi.Input[builtins.str]]:
329
+ """
330
+ A read-only timestamp representing the last time the configuration was updated.
331
+ """
332
+ return pulumi.get(self, "last_updated")
333
+
334
+ @last_updated.setter
335
+ def last_updated(self, value: Optional[pulumi.Input[builtins.str]]):
336
+ pulumi.set(self, "last_updated", value)
337
+
338
+ @property
339
+ @pulumi.getter
340
+ def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
341
+ """
342
+ The namespace of the target resource.
343
+ The value should not contain leading or trailing forward slashes.
344
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
345
+ *Available only for Vault Enterprise*.
346
+ """
347
+ return pulumi.get(self, "namespace")
348
+
349
+ @namespace.setter
350
+ def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
351
+ pulumi.set(self, "namespace", value)
352
+
353
+ @property
354
+ @pulumi.getter(name="restrictCaChainToIssuer")
355
+ def restrict_ca_chain_to_issuer(self) -> Optional[pulumi.Input[builtins.bool]]:
356
+ """
357
+ If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
358
+
359
+
360
+ <a id="nestedatt--authenticators"></a>
361
+ """
362
+ return pulumi.get(self, "restrict_ca_chain_to_issuer")
363
+
364
+ @restrict_ca_chain_to_issuer.setter
365
+ def restrict_ca_chain_to_issuer(self, value: Optional[pulumi.Input[builtins.bool]]):
366
+ pulumi.set(self, "restrict_ca_chain_to_issuer", value)
367
+
368
+
369
+ @pulumi.type_token("vault:pkiSecret/backendConfigScep:BackendConfigScep")
370
+ class BackendConfigScep(pulumi.CustomResource):
371
+ @overload
372
+ def __init__(__self__,
373
+ resource_name: str,
374
+ opts: Optional[pulumi.ResourceOptions] = None,
375
+ allowed_digest_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
376
+ allowed_encryption_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
377
+ authenticators: Optional[pulumi.Input[Union['BackendConfigScepAuthenticatorsArgs', 'BackendConfigScepAuthenticatorsArgsDict']]] = None,
378
+ backend: Optional[pulumi.Input[builtins.str]] = None,
379
+ default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
380
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
381
+ external_validations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendConfigScepExternalValidationArgs', 'BackendConfigScepExternalValidationArgsDict']]]]] = None,
382
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
383
+ restrict_ca_chain_to_issuer: Optional[pulumi.Input[builtins.bool]] = None,
384
+ __props__=None):
385
+ """
386
+ Allows setting the SCEP configuration on a PKI Secret Backend.
387
+
388
+ ## Example Usage
389
+
390
+ ```python
391
+ import pulumi
392
+ import pulumi_vault as vault
393
+
394
+ scep = vault.AuthBackend("scep",
395
+ path="scep-auth",
396
+ type="scep")
397
+ scep_challenge = vault.ScepAuthBackendRole("scep_challenge",
398
+ backend=scep.id,
399
+ name="scep-auth",
400
+ display_name="Static challenge for SCEP clients",
401
+ auth_type="static-challenge",
402
+ challenge="ac7e4ada-c8ef-4393-9098-d69d08736833")
403
+ pki = vault.Mount("pki",
404
+ path="pki_scep",
405
+ type="pki",
406
+ description="PKI secret engine mount")
407
+ test = vault.pki_secret.BackendConfigScep("test",
408
+ backend=pki.path,
409
+ enabled=True,
410
+ default_path_policy="sign-verbatim",
411
+ restrict_ca_chain_to_issuer=True,
412
+ authenticators={
413
+ "scep": {
414
+ "accessor": scep.accessor,
415
+ "scep_role": scep_challenge.name,
416
+ },
417
+ })
418
+ ```
419
+
420
+ ## Import
421
+
422
+ The PKI config cluster can be imported using the resource's `id`.
423
+ In the case of the example above the `id` would be `pki-root/config/scep`,
424
+ where the `pki-root` component is the resource's `backend`, e.g.
425
+
426
+ ```sh
427
+ $ pulumi import vault:pkiSecret/backendConfigScep:BackendConfigScep example pki-root/config/scep
428
+ ```
429
+
430
+ :param str resource_name: The name of the resource.
431
+ :param pulumi.ResourceOptions opts: Options for the resource.
432
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_digest_algorithms: List of allowed digest algorithms for SCEP requests.
433
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_encryption_algorithms: List of allowed encryption algorithms for SCEP requests.
434
+ :param pulumi.Input[Union['BackendConfigScepAuthenticatorsArgs', 'BackendConfigScepAuthenticatorsArgsDict']] authenticators: Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
435
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
436
+ read the SCEP configuration from, with no leading or trailing `/`s.
437
+ :param pulumi.Input[builtins.str] default_path_policy: Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
438
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether SCEP is enabled.
439
+ :param pulumi.Input[Sequence[pulumi.Input[Union['BackendConfigScepExternalValidationArgs', 'BackendConfigScepExternalValidationArgsDict']]]] external_validations: Lists the 3rd party validation of SCEP requests (see below for nested schema).
440
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
441
+ The value should not contain leading or trailing forward slashes.
442
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
443
+ *Available only for Vault Enterprise*.
444
+ :param pulumi.Input[builtins.bool] restrict_ca_chain_to_issuer: If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
445
+
446
+
447
+ <a id="nestedatt--authenticators"></a>
448
+ """
449
+ ...
450
+ @overload
451
+ def __init__(__self__,
452
+ resource_name: str,
453
+ args: BackendConfigScepArgs,
454
+ opts: Optional[pulumi.ResourceOptions] = None):
455
+ """
456
+ Allows setting the SCEP configuration on a PKI Secret Backend.
457
+
458
+ ## Example Usage
459
+
460
+ ```python
461
+ import pulumi
462
+ import pulumi_vault as vault
463
+
464
+ scep = vault.AuthBackend("scep",
465
+ path="scep-auth",
466
+ type="scep")
467
+ scep_challenge = vault.ScepAuthBackendRole("scep_challenge",
468
+ backend=scep.id,
469
+ name="scep-auth",
470
+ display_name="Static challenge for SCEP clients",
471
+ auth_type="static-challenge",
472
+ challenge="ac7e4ada-c8ef-4393-9098-d69d08736833")
473
+ pki = vault.Mount("pki",
474
+ path="pki_scep",
475
+ type="pki",
476
+ description="PKI secret engine mount")
477
+ test = vault.pki_secret.BackendConfigScep("test",
478
+ backend=pki.path,
479
+ enabled=True,
480
+ default_path_policy="sign-verbatim",
481
+ restrict_ca_chain_to_issuer=True,
482
+ authenticators={
483
+ "scep": {
484
+ "accessor": scep.accessor,
485
+ "scep_role": scep_challenge.name,
486
+ },
487
+ })
488
+ ```
489
+
490
+ ## Import
491
+
492
+ The PKI config cluster can be imported using the resource's `id`.
493
+ In the case of the example above the `id` would be `pki-root/config/scep`,
494
+ where the `pki-root` component is the resource's `backend`, e.g.
495
+
496
+ ```sh
497
+ $ pulumi import vault:pkiSecret/backendConfigScep:BackendConfigScep example pki-root/config/scep
498
+ ```
499
+
500
+ :param str resource_name: The name of the resource.
501
+ :param BackendConfigScepArgs args: The arguments to use to populate this resource's properties.
502
+ :param pulumi.ResourceOptions opts: Options for the resource.
503
+ """
504
+ ...
505
+ def __init__(__self__, resource_name: str, *args, **kwargs):
506
+ resource_args, opts = _utilities.get_resource_args_opts(BackendConfigScepArgs, pulumi.ResourceOptions, *args, **kwargs)
507
+ if resource_args is not None:
508
+ __self__._internal_init(resource_name, opts, **resource_args.__dict__)
509
+ else:
510
+ __self__._internal_init(resource_name, *args, **kwargs)
511
+
512
+ def _internal_init(__self__,
513
+ resource_name: str,
514
+ opts: Optional[pulumi.ResourceOptions] = None,
515
+ allowed_digest_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
516
+ allowed_encryption_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
517
+ authenticators: Optional[pulumi.Input[Union['BackendConfigScepAuthenticatorsArgs', 'BackendConfigScepAuthenticatorsArgsDict']]] = None,
518
+ backend: Optional[pulumi.Input[builtins.str]] = None,
519
+ default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
520
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
521
+ external_validations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendConfigScepExternalValidationArgs', 'BackendConfigScepExternalValidationArgsDict']]]]] = None,
522
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
523
+ restrict_ca_chain_to_issuer: Optional[pulumi.Input[builtins.bool]] = None,
524
+ __props__=None):
525
+ opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
526
+ if not isinstance(opts, pulumi.ResourceOptions):
527
+ raise TypeError('Expected resource options to be a ResourceOptions instance')
528
+ if opts.id is None:
529
+ if __props__ is not None:
530
+ raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
531
+ __props__ = BackendConfigScepArgs.__new__(BackendConfigScepArgs)
532
+
533
+ __props__.__dict__["allowed_digest_algorithms"] = allowed_digest_algorithms
534
+ __props__.__dict__["allowed_encryption_algorithms"] = allowed_encryption_algorithms
535
+ __props__.__dict__["authenticators"] = authenticators
536
+ if backend is None and not opts.urn:
537
+ raise TypeError("Missing required property 'backend'")
538
+ __props__.__dict__["backend"] = backend
539
+ __props__.__dict__["default_path_policy"] = default_path_policy
540
+ __props__.__dict__["enabled"] = enabled
541
+ __props__.__dict__["external_validations"] = external_validations
542
+ __props__.__dict__["namespace"] = namespace
543
+ __props__.__dict__["restrict_ca_chain_to_issuer"] = restrict_ca_chain_to_issuer
544
+ __props__.__dict__["last_updated"] = None
545
+ super(BackendConfigScep, __self__).__init__(
546
+ 'vault:pkiSecret/backendConfigScep:BackendConfigScep',
547
+ resource_name,
548
+ __props__,
549
+ opts)
550
+
551
+ @staticmethod
552
+ def get(resource_name: str,
553
+ id: pulumi.Input[str],
554
+ opts: Optional[pulumi.ResourceOptions] = None,
555
+ allowed_digest_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
556
+ allowed_encryption_algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]] = None,
557
+ authenticators: Optional[pulumi.Input[Union['BackendConfigScepAuthenticatorsArgs', 'BackendConfigScepAuthenticatorsArgsDict']]] = None,
558
+ backend: Optional[pulumi.Input[builtins.str]] = None,
559
+ default_path_policy: Optional[pulumi.Input[builtins.str]] = None,
560
+ enabled: Optional[pulumi.Input[builtins.bool]] = None,
561
+ external_validations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BackendConfigScepExternalValidationArgs', 'BackendConfigScepExternalValidationArgsDict']]]]] = None,
562
+ last_updated: Optional[pulumi.Input[builtins.str]] = None,
563
+ namespace: Optional[pulumi.Input[builtins.str]] = None,
564
+ restrict_ca_chain_to_issuer: Optional[pulumi.Input[builtins.bool]] = None) -> 'BackendConfigScep':
565
+ """
566
+ Get an existing BackendConfigScep resource's state with the given name, id, and optional extra
567
+ properties used to qualify the lookup.
568
+
569
+ :param str resource_name: The unique name of the resulting resource.
570
+ :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
571
+ :param pulumi.ResourceOptions opts: Options for the resource.
572
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_digest_algorithms: List of allowed digest algorithms for SCEP requests.
573
+ :param pulumi.Input[Sequence[pulumi.Input[builtins.str]]] allowed_encryption_algorithms: List of allowed encryption algorithms for SCEP requests.
574
+ :param pulumi.Input[Union['BackendConfigScepAuthenticatorsArgs', 'BackendConfigScepAuthenticatorsArgsDict']] authenticators: Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
575
+ :param pulumi.Input[builtins.str] backend: The path to the PKI secret backend to
576
+ read the SCEP configuration from, with no leading or trailing `/`s.
577
+ :param pulumi.Input[builtins.str] default_path_policy: Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
578
+ :param pulumi.Input[builtins.bool] enabled: Specifies whether SCEP is enabled.
579
+ :param pulumi.Input[Sequence[pulumi.Input[Union['BackendConfigScepExternalValidationArgs', 'BackendConfigScepExternalValidationArgsDict']]]] external_validations: Lists the 3rd party validation of SCEP requests (see below for nested schema).
580
+ :param pulumi.Input[builtins.str] last_updated: A read-only timestamp representing the last time the configuration was updated.
581
+ :param pulumi.Input[builtins.str] namespace: The namespace of the target resource.
582
+ The value should not contain leading or trailing forward slashes.
583
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
584
+ *Available only for Vault Enterprise*.
585
+ :param pulumi.Input[builtins.bool] restrict_ca_chain_to_issuer: If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
586
+
587
+
588
+ <a id="nestedatt--authenticators"></a>
589
+ """
590
+ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
591
+
592
+ __props__ = _BackendConfigScepState.__new__(_BackendConfigScepState)
593
+
594
+ __props__.__dict__["allowed_digest_algorithms"] = allowed_digest_algorithms
595
+ __props__.__dict__["allowed_encryption_algorithms"] = allowed_encryption_algorithms
596
+ __props__.__dict__["authenticators"] = authenticators
597
+ __props__.__dict__["backend"] = backend
598
+ __props__.__dict__["default_path_policy"] = default_path_policy
599
+ __props__.__dict__["enabled"] = enabled
600
+ __props__.__dict__["external_validations"] = external_validations
601
+ __props__.__dict__["last_updated"] = last_updated
602
+ __props__.__dict__["namespace"] = namespace
603
+ __props__.__dict__["restrict_ca_chain_to_issuer"] = restrict_ca_chain_to_issuer
604
+ return BackendConfigScep(resource_name, opts=opts, __props__=__props__)
605
+
606
+ @property
607
+ @pulumi.getter(name="allowedDigestAlgorithms")
608
+ def allowed_digest_algorithms(self) -> pulumi.Output[Sequence[builtins.str]]:
609
+ """
610
+ List of allowed digest algorithms for SCEP requests.
611
+ """
612
+ return pulumi.get(self, "allowed_digest_algorithms")
613
+
614
+ @property
615
+ @pulumi.getter(name="allowedEncryptionAlgorithms")
616
+ def allowed_encryption_algorithms(self) -> pulumi.Output[Sequence[builtins.str]]:
617
+ """
618
+ List of allowed encryption algorithms for SCEP requests.
619
+ """
620
+ return pulumi.get(self, "allowed_encryption_algorithms")
621
+
622
+ @property
623
+ @pulumi.getter
624
+ def authenticators(self) -> pulumi.Output['outputs.BackendConfigScepAuthenticators']:
625
+ """
626
+ Lists the mount accessors SCEP should delegate authentication requests towards (see below for nested schema).
627
+ """
628
+ return pulumi.get(self, "authenticators")
629
+
630
+ @property
631
+ @pulumi.getter
632
+ def backend(self) -> pulumi.Output[builtins.str]:
633
+ """
634
+ The path to the PKI secret backend to
635
+ read the SCEP configuration from, with no leading or trailing `/`s.
636
+ """
637
+ return pulumi.get(self, "backend")
638
+
639
+ @property
640
+ @pulumi.getter(name="defaultPathPolicy")
641
+ def default_path_policy(self) -> pulumi.Output[Optional[builtins.str]]:
642
+ """
643
+ Specifies the policy to be used for non-role-qualified SCEP requests; valid values are 'sign-verbatim', or "role:<role_name>" to specify a role to use as this policy.
644
+ """
645
+ return pulumi.get(self, "default_path_policy")
646
+
647
+ @property
648
+ @pulumi.getter
649
+ def enabled(self) -> pulumi.Output[Optional[builtins.bool]]:
650
+ """
651
+ Specifies whether SCEP is enabled.
652
+ """
653
+ return pulumi.get(self, "enabled")
654
+
655
+ @property
656
+ @pulumi.getter(name="externalValidations")
657
+ def external_validations(self) -> pulumi.Output[Sequence['outputs.BackendConfigScepExternalValidation']]:
658
+ """
659
+ Lists the 3rd party validation of SCEP requests (see below for nested schema).
660
+ """
661
+ return pulumi.get(self, "external_validations")
662
+
663
+ @property
664
+ @pulumi.getter(name="lastUpdated")
665
+ def last_updated(self) -> pulumi.Output[builtins.str]:
666
+ """
667
+ A read-only timestamp representing the last time the configuration was updated.
668
+ """
669
+ return pulumi.get(self, "last_updated")
670
+
671
+ @property
672
+ @pulumi.getter
673
+ def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
674
+ """
675
+ The namespace of the target resource.
676
+ The value should not contain leading or trailing forward slashes.
677
+ The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
678
+ *Available only for Vault Enterprise*.
679
+ """
680
+ return pulumi.get(self, "namespace")
681
+
682
+ @property
683
+ @pulumi.getter(name="restrictCaChainToIssuer")
684
+ def restrict_ca_chain_to_issuer(self) -> pulumi.Output[Optional[builtins.bool]]:
685
+ """
686
+ If true, only return the issuer CA, otherwise the entire CA certificate chain will be returned if available from the PKI mount.
687
+
688
+
689
+ <a id="nestedatt--authenticators"></a>
690
+ """
691
+ return pulumi.get(self, "restrict_ca_chain_to_issuer")
692
+