pulumi-vault 7.2.0a1753339763__py3-none-any.whl → 7.2.0a1753398491__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1 -1
- pulumi_vault/_inputs.py +672 -673
- pulumi_vault/ad/__init__.py +1 -1
- pulumi_vault/ad/get_access_credentials.py +27 -28
- pulumi_vault/ad/secret_backend.py +579 -580
- pulumi_vault/ad/secret_library.py +120 -121
- pulumi_vault/ad/secret_role.py +104 -105
- pulumi_vault/alicloud/__init__.py +1 -1
- pulumi_vault/alicloud/auth_backend_role.py +222 -223
- pulumi_vault/approle/__init__.py +1 -1
- pulumi_vault/approle/auth_backend_login.py +138 -139
- pulumi_vault/approle/auth_backend_role.py +292 -293
- pulumi_vault/approle/auth_backend_role_secret_id.py +202 -203
- pulumi_vault/approle/get_auth_backend_role_id.py +23 -24
- pulumi_vault/audit.py +103 -104
- pulumi_vault/audit_request_header.py +52 -53
- pulumi_vault/auth_backend.py +132 -133
- pulumi_vault/aws/__init__.py +1 -1
- pulumi_vault/aws/auth_backend_cert.py +86 -87
- pulumi_vault/aws/auth_backend_client.py +307 -308
- pulumi_vault/aws/auth_backend_config_identity.py +103 -104
- pulumi_vault/aws/auth_backend_identity_whitelist.py +69 -70
- pulumi_vault/aws/auth_backend_login.py +258 -259
- pulumi_vault/aws/auth_backend_role.py +486 -487
- pulumi_vault/aws/auth_backend_role_tag.py +155 -156
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +69 -70
- pulumi_vault/aws/auth_backend_sts_role.py +86 -87
- pulumi_vault/aws/get_access_credentials.py +59 -60
- pulumi_vault/aws/get_static_access_credentials.py +19 -20
- pulumi_vault/aws/secret_backend.py +409 -410
- pulumi_vault/aws/secret_backend_role.py +256 -257
- pulumi_vault/aws/secret_backend_static_role.py +137 -138
- pulumi_vault/azure/__init__.py +1 -1
- pulumi_vault/azure/_inputs.py +26 -27
- pulumi_vault/azure/auth_backend_config.py +222 -223
- pulumi_vault/azure/auth_backend_role.py +307 -308
- pulumi_vault/azure/backend.py +273 -274
- pulumi_vault/azure/backend_role.py +194 -195
- pulumi_vault/azure/get_access_credentials.py +75 -76
- pulumi_vault/azure/outputs.py +16 -17
- pulumi_vault/cert_auth_backend_role.py +443 -444
- pulumi_vault/config/__init__.py +1 -1
- pulumi_vault/config/__init__.pyi +1 -2
- pulumi_vault/config/_inputs.py +13 -14
- pulumi_vault/config/outputs.py +380 -381
- pulumi_vault/config/ui_custom_message.py +140 -141
- pulumi_vault/config/vars.py +31 -32
- pulumi_vault/consul/__init__.py +1 -1
- pulumi_vault/consul/secret_backend.py +239 -240
- pulumi_vault/consul/secret_backend_role.py +222 -223
- pulumi_vault/database/__init__.py +1 -1
- pulumi_vault/database/_inputs.py +3167 -3168
- pulumi_vault/database/outputs.py +2123 -2124
- pulumi_vault/database/secret_backend_connection.py +259 -260
- pulumi_vault/database/secret_backend_role.py +205 -206
- pulumi_vault/database/secret_backend_static_role.py +218 -219
- pulumi_vault/database/secrets_mount.py +379 -380
- pulumi_vault/egp_policy.py +86 -87
- pulumi_vault/gcp/__init__.py +1 -1
- pulumi_vault/gcp/_inputs.py +98 -99
- pulumi_vault/gcp/auth_backend.py +322 -323
- pulumi_vault/gcp/auth_backend_role.py +347 -348
- pulumi_vault/gcp/get_auth_backend_role.py +91 -92
- pulumi_vault/gcp/outputs.py +66 -67
- pulumi_vault/gcp/secret_backend.py +299 -300
- pulumi_vault/gcp/secret_impersonated_account.py +112 -113
- pulumi_vault/gcp/secret_roleset.py +115 -116
- pulumi_vault/gcp/secret_static_account.py +115 -116
- pulumi_vault/generic/__init__.py +1 -1
- pulumi_vault/generic/endpoint.py +138 -139
- pulumi_vault/generic/get_secret.py +39 -40
- pulumi_vault/generic/secret.py +95 -96
- pulumi_vault/get_auth_backend.py +29 -30
- pulumi_vault/get_auth_backends.py +19 -20
- pulumi_vault/get_namespace.py +21 -22
- pulumi_vault/get_namespaces.py +19 -20
- pulumi_vault/get_nomad_access_token.py +25 -26
- pulumi_vault/get_policy_document.py +10 -11
- pulumi_vault/get_raft_autopilot_state.py +31 -32
- pulumi_vault/github/__init__.py +1 -1
- pulumi_vault/github/_inputs.py +50 -51
- pulumi_vault/github/auth_backend.py +285 -286
- pulumi_vault/github/outputs.py +34 -35
- pulumi_vault/github/team.py +69 -70
- pulumi_vault/github/user.py +69 -70
- pulumi_vault/identity/__init__.py +1 -1
- pulumi_vault/identity/entity.py +103 -104
- pulumi_vault/identity/entity_alias.py +86 -87
- pulumi_vault/identity/entity_policies.py +78 -79
- pulumi_vault/identity/get_entity.py +62 -63
- pulumi_vault/identity/get_group.py +75 -76
- pulumi_vault/identity/get_oidc_client_creds.py +19 -20
- pulumi_vault/identity/get_oidc_openid_config.py +39 -40
- pulumi_vault/identity/get_oidc_public_keys.py +17 -18
- pulumi_vault/identity/group.py +171 -172
- pulumi_vault/identity/group_alias.py +69 -70
- pulumi_vault/identity/group_member_entity_ids.py +69 -70
- pulumi_vault/identity/group_member_group_ids.py +69 -70
- pulumi_vault/identity/group_policies.py +78 -79
- pulumi_vault/identity/mfa_duo.py +183 -184
- pulumi_vault/identity/mfa_login_enforcement.py +147 -148
- pulumi_vault/identity/mfa_okta.py +166 -167
- pulumi_vault/identity/mfa_pingid.py +160 -161
- pulumi_vault/identity/mfa_totp.py +217 -218
- pulumi_vault/identity/oidc.py +35 -36
- pulumi_vault/identity/oidc_assignment.py +69 -70
- pulumi_vault/identity/oidc_client.py +155 -156
- pulumi_vault/identity/oidc_key.py +103 -104
- pulumi_vault/identity/oidc_key_allowed_client_id.py +52 -53
- pulumi_vault/identity/oidc_provider.py +112 -113
- pulumi_vault/identity/oidc_role.py +103 -104
- pulumi_vault/identity/oidc_scope.py +69 -70
- pulumi_vault/identity/outputs.py +42 -43
- pulumi_vault/jwt/__init__.py +1 -1
- pulumi_vault/jwt/_inputs.py +50 -51
- pulumi_vault/jwt/auth_backend.py +353 -354
- pulumi_vault/jwt/auth_backend_role.py +494 -495
- pulumi_vault/jwt/outputs.py +34 -35
- pulumi_vault/kmip/__init__.py +1 -1
- pulumi_vault/kmip/secret_backend.py +222 -223
- pulumi_vault/kmip/secret_role.py +358 -359
- pulumi_vault/kmip/secret_scope.py +69 -70
- pulumi_vault/kubernetes/__init__.py +1 -1
- pulumi_vault/kubernetes/auth_backend_config.py +171 -172
- pulumi_vault/kubernetes/auth_backend_role.py +273 -274
- pulumi_vault/kubernetes/get_auth_backend_config.py +57 -58
- pulumi_vault/kubernetes/get_auth_backend_role.py +87 -88
- pulumi_vault/kubernetes/get_service_account_token.py +51 -52
- pulumi_vault/kubernetes/secret_backend.py +384 -385
- pulumi_vault/kubernetes/secret_backend_role.py +239 -240
- pulumi_vault/kv/__init__.py +1 -1
- pulumi_vault/kv/_inputs.py +25 -26
- pulumi_vault/kv/get_secret.py +25 -26
- pulumi_vault/kv/get_secret_subkeys_v2.py +39 -40
- pulumi_vault/kv/get_secret_v2.py +41 -42
- pulumi_vault/kv/get_secrets_list.py +17 -18
- pulumi_vault/kv/get_secrets_list_v2.py +25 -26
- pulumi_vault/kv/outputs.py +17 -18
- pulumi_vault/kv/secret.py +61 -62
- pulumi_vault/kv/secret_backend_v2.py +86 -87
- pulumi_vault/kv/secret_v2.py +184 -185
- pulumi_vault/ldap/__init__.py +1 -1
- pulumi_vault/ldap/auth_backend.py +716 -717
- pulumi_vault/ldap/auth_backend_group.py +69 -70
- pulumi_vault/ldap/auth_backend_user.py +86 -87
- pulumi_vault/ldap/get_dynamic_credentials.py +27 -28
- pulumi_vault/ldap/get_static_credentials.py +29 -30
- pulumi_vault/ldap/secret_backend.py +673 -674
- pulumi_vault/ldap/secret_backend_dynamic_role.py +154 -155
- pulumi_vault/ldap/secret_backend_library_set.py +120 -121
- pulumi_vault/ldap/secret_backend_static_role.py +120 -121
- pulumi_vault/managed/__init__.py +1 -1
- pulumi_vault/managed/_inputs.py +274 -275
- pulumi_vault/managed/keys.py +27 -28
- pulumi_vault/managed/outputs.py +184 -185
- pulumi_vault/mfa_duo.py +137 -138
- pulumi_vault/mfa_okta.py +137 -138
- pulumi_vault/mfa_pingid.py +149 -150
- pulumi_vault/mfa_totp.py +154 -155
- pulumi_vault/mongodbatlas/__init__.py +1 -1
- pulumi_vault/mongodbatlas/secret_backend.py +78 -79
- pulumi_vault/mongodbatlas/secret_role.py +188 -189
- pulumi_vault/mount.py +333 -334
- pulumi_vault/namespace.py +78 -79
- pulumi_vault/nomad_secret_backend.py +256 -257
- pulumi_vault/nomad_secret_role.py +103 -104
- pulumi_vault/okta/__init__.py +1 -1
- pulumi_vault/okta/_inputs.py +31 -32
- pulumi_vault/okta/auth_backend.py +305 -306
- pulumi_vault/okta/auth_backend_group.py +69 -70
- pulumi_vault/okta/auth_backend_user.py +86 -87
- pulumi_vault/okta/outputs.py +21 -22
- pulumi_vault/outputs.py +81 -82
- pulumi_vault/pkisecret/__init__.py +1 -1
- pulumi_vault/pkisecret/_inputs.py +55 -56
- pulumi_vault/pkisecret/backend_acme_eab.py +116 -117
- pulumi_vault/pkisecret/backend_config_acme.py +175 -176
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +394 -395
- pulumi_vault/pkisecret/backend_config_cluster.py +71 -72
- pulumi_vault/pkisecret/backend_config_cmpv2.py +132 -133
- pulumi_vault/pkisecret/backend_config_est.py +149 -150
- pulumi_vault/pkisecret/backend_config_scep.py +137 -138
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +37 -38
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +32 -33
- pulumi_vault/pkisecret/get_backend_config_est.py +30 -31
- pulumi_vault/pkisecret/get_backend_config_scep.py +29 -30
- pulumi_vault/pkisecret/get_backend_issuer.py +63 -64
- pulumi_vault/pkisecret/get_backend_issuers.py +23 -24
- pulumi_vault/pkisecret/get_backend_key.py +29 -30
- pulumi_vault/pkisecret/get_backend_keys.py +23 -24
- pulumi_vault/pkisecret/outputs.py +61 -62
- pulumi_vault/pkisecret/secret_backend_cert.py +415 -416
- pulumi_vault/pkisecret/secret_backend_config_ca.py +54 -55
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +75 -76
- pulumi_vault/pkisecret/secret_backend_config_urls.py +105 -106
- pulumi_vault/pkisecret/secret_backend_crl_config.py +241 -242
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +515 -516
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +78 -79
- pulumi_vault/pkisecret/secret_backend_issuer.py +286 -287
- pulumi_vault/pkisecret/secret_backend_key.py +146 -147
- pulumi_vault/pkisecret/secret_backend_role.py +873 -874
- pulumi_vault/pkisecret/secret_backend_root_cert.py +677 -678
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +660 -661
- pulumi_vault/pkisecret/secret_backend_sign.py +346 -347
- pulumi_vault/plugin.py +154 -155
- pulumi_vault/plugin_pinned_version.py +52 -53
- pulumi_vault/policy.py +52 -53
- pulumi_vault/provider.py +160 -161
- pulumi_vault/pulumi-plugin.json +1 -1
- pulumi_vault/quota_lease_count.py +103 -104
- pulumi_vault/quota_rate_limit.py +171 -172
- pulumi_vault/rabbitmq/__init__.py +1 -1
- pulumi_vault/rabbitmq/_inputs.py +50 -51
- pulumi_vault/rabbitmq/outputs.py +34 -35
- pulumi_vault/rabbitmq/secret_backend.py +207 -208
- pulumi_vault/rabbitmq/secret_backend_role.py +79 -80
- pulumi_vault/raft_autopilot.py +137 -138
- pulumi_vault/raft_snapshot_agent_config.py +477 -478
- pulumi_vault/rgp_policy.py +69 -70
- pulumi_vault/saml/__init__.py +1 -1
- pulumi_vault/saml/auth_backend.py +188 -189
- pulumi_vault/saml/auth_backend_role.py +290 -291
- pulumi_vault/scep_auth_backend_role.py +252 -253
- pulumi_vault/secrets/__init__.py +1 -1
- pulumi_vault/secrets/_inputs.py +19 -20
- pulumi_vault/secrets/outputs.py +13 -14
- pulumi_vault/secrets/sync_association.py +88 -89
- pulumi_vault/secrets/sync_aws_destination.py +180 -181
- pulumi_vault/secrets/sync_azure_destination.py +180 -181
- pulumi_vault/secrets/sync_config.py +52 -53
- pulumi_vault/secrets/sync_gcp_destination.py +129 -130
- pulumi_vault/secrets/sync_gh_destination.py +163 -164
- pulumi_vault/secrets/sync_github_apps.py +78 -79
- pulumi_vault/secrets/sync_vercel_destination.py +146 -147
- pulumi_vault/ssh/__init__.py +1 -1
- pulumi_vault/ssh/_inputs.py +13 -14
- pulumi_vault/ssh/get_secret_backend_sign.py +65 -66
- pulumi_vault/ssh/outputs.py +9 -10
- pulumi_vault/ssh/secret_backend_ca.py +120 -121
- pulumi_vault/ssh/secret_backend_role.py +446 -447
- pulumi_vault/terraformcloud/__init__.py +1 -1
- pulumi_vault/terraformcloud/secret_backend.py +138 -139
- pulumi_vault/terraformcloud/secret_creds.py +93 -94
- pulumi_vault/terraformcloud/secret_role.py +117 -118
- pulumi_vault/token.py +301 -302
- pulumi_vault/tokenauth/__init__.py +1 -1
- pulumi_vault/tokenauth/auth_backend_role.py +324 -325
- pulumi_vault/transform/__init__.py +1 -1
- pulumi_vault/transform/alphabet.py +69 -70
- pulumi_vault/transform/get_decode.py +57 -58
- pulumi_vault/transform/get_encode.py +57 -58
- pulumi_vault/transform/role.py +69 -70
- pulumi_vault/transform/template.py +137 -138
- pulumi_vault/transform/transformation.py +171 -172
- pulumi_vault/transit/__init__.py +1 -1
- pulumi_vault/transit/get_cmac.py +47 -48
- pulumi_vault/transit/get_decrypt.py +25 -26
- pulumi_vault/transit/get_encrypt.py +29 -30
- pulumi_vault/transit/get_sign.py +71 -72
- pulumi_vault/transit/get_verify.py +83 -84
- pulumi_vault/transit/secret_backend_key.py +336 -337
- pulumi_vault/transit/secret_cache_config.py +52 -53
- {pulumi_vault-7.2.0a1753339763.dist-info → pulumi_vault-7.2.0a1753398491.dist-info}/METADATA +1 -1
- pulumi_vault-7.2.0a1753398491.dist-info/RECORD +268 -0
- pulumi_vault-7.2.0a1753339763.dist-info/RECORD +0 -268
- {pulumi_vault-7.2.0a1753339763.dist-info → pulumi_vault-7.2.0a1753398491.dist-info}/WHEEL +0 -0
- {pulumi_vault-7.2.0a1753339763.dist-info → pulumi_vault-7.2.0a1753398491.dist-info}/top_level.txt +0 -0
|
@@ -2,8 +2,7 @@
|
|
|
2
2
|
# *** WARNING: this file was generated by pulumi-language-python. ***
|
|
3
3
|
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
4
4
|
|
|
5
|
-
import builtins
|
|
6
|
-
import copy
|
|
5
|
+
import builtins as _builtins
|
|
7
6
|
import warnings
|
|
8
7
|
import sys
|
|
9
8
|
import pulumi
|
|
@@ -22,123 +21,123 @@ __all__ = ['SecretBackendRoleArgs', 'SecretBackendRole']
|
|
|
22
21
|
@pulumi.input_type
|
|
23
22
|
class SecretBackendRoleArgs:
|
|
24
23
|
def __init__(__self__, *,
|
|
25
|
-
backend: pulumi.Input[
|
|
26
|
-
allow_any_name: Optional[pulumi.Input[
|
|
27
|
-
allow_bare_domains: Optional[pulumi.Input[
|
|
28
|
-
allow_glob_domains: Optional[pulumi.Input[
|
|
29
|
-
allow_ip_sans: Optional[pulumi.Input[
|
|
30
|
-
allow_localhost: Optional[pulumi.Input[
|
|
31
|
-
allow_subdomains: Optional[pulumi.Input[
|
|
32
|
-
allow_wildcard_certificates: Optional[pulumi.Input[
|
|
33
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
34
|
-
allowed_domains_template: Optional[pulumi.Input[
|
|
35
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
36
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
37
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
38
|
-
allowed_uri_sans_template: Optional[pulumi.Input[
|
|
39
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
40
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[
|
|
41
|
-
client_flag: Optional[pulumi.Input[
|
|
42
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
43
|
-
code_signing_flag: Optional[pulumi.Input[
|
|
44
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
45
|
-
email_protection_flag: Optional[pulumi.Input[
|
|
46
|
-
enforce_hostnames: Optional[pulumi.Input[
|
|
47
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
48
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
49
|
-
generate_lease: Optional[pulumi.Input[
|
|
50
|
-
issuer_ref: Optional[pulumi.Input[
|
|
51
|
-
key_bits: Optional[pulumi.Input[
|
|
52
|
-
key_type: Optional[pulumi.Input[
|
|
53
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
54
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
55
|
-
max_ttl: Optional[pulumi.Input[
|
|
56
|
-
name: Optional[pulumi.Input[
|
|
57
|
-
namespace: Optional[pulumi.Input[
|
|
58
|
-
no_store: Optional[pulumi.Input[
|
|
59
|
-
no_store_metadata: Optional[pulumi.Input[
|
|
60
|
-
not_after: Optional[pulumi.Input[
|
|
61
|
-
not_before_duration: Optional[pulumi.Input[
|
|
62
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
63
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
24
|
+
backend: pulumi.Input[_builtins.str],
|
|
25
|
+
allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
26
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
27
|
+
allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
28
|
+
allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
29
|
+
allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
30
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
31
|
+
allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
32
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
33
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
34
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
35
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
36
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
37
|
+
allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
38
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
39
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
40
|
+
client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
41
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
42
|
+
code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
43
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
44
|
+
email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
45
|
+
enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
46
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
47
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
48
|
+
generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
49
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
50
|
+
key_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
51
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
52
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
53
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
54
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
55
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
56
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
57
|
+
no_store: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
58
|
+
no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
59
|
+
not_after: Optional[pulumi.Input[_builtins.str]] = None,
|
|
60
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
61
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
62
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
64
63
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
|
|
65
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
66
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
67
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
68
|
-
require_cn: Optional[pulumi.Input[
|
|
69
|
-
serial_number_source: Optional[pulumi.Input[
|
|
70
|
-
server_flag: Optional[pulumi.Input[
|
|
71
|
-
signature_bits: Optional[pulumi.Input[
|
|
72
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
73
|
-
ttl: Optional[pulumi.Input[
|
|
74
|
-
use_csr_common_name: Optional[pulumi.Input[
|
|
75
|
-
use_csr_sans: Optional[pulumi.Input[
|
|
76
|
-
use_pss: Optional[pulumi.Input[
|
|
64
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
65
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
66
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
67
|
+
require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
68
|
+
serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
|
|
69
|
+
server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
70
|
+
signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
71
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
72
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
73
|
+
use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
74
|
+
use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
75
|
+
use_pss: Optional[pulumi.Input[_builtins.bool]] = None):
|
|
77
76
|
"""
|
|
78
77
|
The set of arguments for constructing a SecretBackendRole resource.
|
|
79
|
-
:param pulumi.Input[
|
|
80
|
-
:param pulumi.Input[
|
|
81
|
-
:param pulumi.Input[
|
|
82
|
-
:param pulumi.Input[
|
|
83
|
-
:param pulumi.Input[
|
|
84
|
-
:param pulumi.Input[
|
|
85
|
-
:param pulumi.Input[
|
|
86
|
-
:param pulumi.Input[
|
|
87
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
88
|
-
:param pulumi.Input[
|
|
89
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
90
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
91
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
92
|
-
:param pulumi.Input[
|
|
93
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
94
|
-
:param pulumi.Input[
|
|
95
|
-
:param pulumi.Input[
|
|
96
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
97
|
-
:param pulumi.Input[
|
|
98
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
99
|
-
:param pulumi.Input[
|
|
100
|
-
:param pulumi.Input[
|
|
101
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
102
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
103
|
-
:param pulumi.Input[
|
|
104
|
-
:param pulumi.Input[
|
|
78
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
79
|
+
:param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
|
|
80
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
|
81
|
+
:param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
|
82
|
+
:param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
|
83
|
+
:param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
|
84
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
|
85
|
+
:param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
|
86
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
|
|
87
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
88
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
|
89
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
|
90
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
|
91
|
+
:param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
92
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
|
93
|
+
:param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
|
94
|
+
:param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
|
|
95
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
96
|
+
:param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
|
97
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
|
|
98
|
+
:param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
|
99
|
+
:param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
|
100
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
101
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
|
102
|
+
:param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
|
|
103
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
|
105
104
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
106
105
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
|
107
106
|
overriding the role's `issuer_ref` value.
|
|
108
|
-
:param pulumi.Input[
|
|
109
|
-
:param pulumi.Input[
|
|
107
|
+
:param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
|
|
108
|
+
:param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
110
109
|
Defaults to `rsa`
|
|
111
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
110
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
|
112
111
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
113
112
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
|
114
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
115
|
-
:param pulumi.Input[
|
|
116
|
-
:param pulumi.Input[
|
|
117
|
-
:param pulumi.Input[
|
|
113
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
|
|
114
|
+
:param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
|
115
|
+
:param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
|
116
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
118
117
|
The value should not contain leading or trailing forward slashes.
|
|
119
118
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
120
119
|
*Available only for Vault Enterprise*.
|
|
121
|
-
:param pulumi.Input[
|
|
122
|
-
:param pulumi.Input[
|
|
123
|
-
:param pulumi.Input[
|
|
124
|
-
:param pulumi.Input[
|
|
125
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
126
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
120
|
+
:param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
|
|
121
|
+
:param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
122
|
+
:param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
123
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
|
124
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
|
|
125
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
|
|
127
126
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
|
128
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
129
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
130
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
131
|
-
:param pulumi.Input[
|
|
132
|
-
:param pulumi.Input[
|
|
127
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
128
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
|
|
129
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
|
|
130
|
+
:param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
|
|
131
|
+
:param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
133
132
|
|
|
134
133
|
Example usage:
|
|
135
|
-
:param pulumi.Input[
|
|
136
|
-
:param pulumi.Input[
|
|
137
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
138
|
-
:param pulumi.Input[
|
|
139
|
-
:param pulumi.Input[
|
|
140
|
-
:param pulumi.Input[
|
|
141
|
-
:param pulumi.Input[
|
|
134
|
+
:param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
|
|
135
|
+
:param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
|
136
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
|
|
137
|
+
:param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
|
138
|
+
:param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
|
139
|
+
:param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
|
140
|
+
:param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
142
141
|
"""
|
|
143
142
|
pulumi.set(__self__, "backend", backend)
|
|
144
143
|
if allow_any_name is not None:
|
|
@@ -244,309 +243,309 @@ class SecretBackendRoleArgs:
|
|
|
244
243
|
if use_pss is not None:
|
|
245
244
|
pulumi.set(__self__, "use_pss", use_pss)
|
|
246
245
|
|
|
247
|
-
@property
|
|
246
|
+
@_builtins.property
|
|
248
247
|
@pulumi.getter
|
|
249
|
-
def backend(self) -> pulumi.Input[
|
|
248
|
+
def backend(self) -> pulumi.Input[_builtins.str]:
|
|
250
249
|
"""
|
|
251
250
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
252
251
|
"""
|
|
253
252
|
return pulumi.get(self, "backend")
|
|
254
253
|
|
|
255
254
|
@backend.setter
|
|
256
|
-
def backend(self, value: pulumi.Input[
|
|
255
|
+
def backend(self, value: pulumi.Input[_builtins.str]):
|
|
257
256
|
pulumi.set(self, "backend", value)
|
|
258
257
|
|
|
259
|
-
@property
|
|
258
|
+
@_builtins.property
|
|
260
259
|
@pulumi.getter(name="allowAnyName")
|
|
261
|
-
def allow_any_name(self) -> Optional[pulumi.Input[
|
|
260
|
+
def allow_any_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
262
261
|
"""
|
|
263
262
|
Flag to allow any name
|
|
264
263
|
"""
|
|
265
264
|
return pulumi.get(self, "allow_any_name")
|
|
266
265
|
|
|
267
266
|
@allow_any_name.setter
|
|
268
|
-
def allow_any_name(self, value: Optional[pulumi.Input[
|
|
267
|
+
def allow_any_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
269
268
|
pulumi.set(self, "allow_any_name", value)
|
|
270
269
|
|
|
271
|
-
@property
|
|
270
|
+
@_builtins.property
|
|
272
271
|
@pulumi.getter(name="allowBareDomains")
|
|
273
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[
|
|
272
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
274
273
|
"""
|
|
275
274
|
Flag to allow certificates matching the actual domain
|
|
276
275
|
"""
|
|
277
276
|
return pulumi.get(self, "allow_bare_domains")
|
|
278
277
|
|
|
279
278
|
@allow_bare_domains.setter
|
|
280
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[
|
|
279
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
281
280
|
pulumi.set(self, "allow_bare_domains", value)
|
|
282
281
|
|
|
283
|
-
@property
|
|
282
|
+
@_builtins.property
|
|
284
283
|
@pulumi.getter(name="allowGlobDomains")
|
|
285
|
-
def allow_glob_domains(self) -> Optional[pulumi.Input[
|
|
284
|
+
def allow_glob_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
286
285
|
"""
|
|
287
286
|
Flag to allow names containing glob patterns.
|
|
288
287
|
"""
|
|
289
288
|
return pulumi.get(self, "allow_glob_domains")
|
|
290
289
|
|
|
291
290
|
@allow_glob_domains.setter
|
|
292
|
-
def allow_glob_domains(self, value: Optional[pulumi.Input[
|
|
291
|
+
def allow_glob_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
293
292
|
pulumi.set(self, "allow_glob_domains", value)
|
|
294
293
|
|
|
295
|
-
@property
|
|
294
|
+
@_builtins.property
|
|
296
295
|
@pulumi.getter(name="allowIpSans")
|
|
297
|
-
def allow_ip_sans(self) -> Optional[pulumi.Input[
|
|
296
|
+
def allow_ip_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
298
297
|
"""
|
|
299
298
|
Flag to allow IP SANs
|
|
300
299
|
"""
|
|
301
300
|
return pulumi.get(self, "allow_ip_sans")
|
|
302
301
|
|
|
303
302
|
@allow_ip_sans.setter
|
|
304
|
-
def allow_ip_sans(self, value: Optional[pulumi.Input[
|
|
303
|
+
def allow_ip_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
305
304
|
pulumi.set(self, "allow_ip_sans", value)
|
|
306
305
|
|
|
307
|
-
@property
|
|
306
|
+
@_builtins.property
|
|
308
307
|
@pulumi.getter(name="allowLocalhost")
|
|
309
|
-
def allow_localhost(self) -> Optional[pulumi.Input[
|
|
308
|
+
def allow_localhost(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
310
309
|
"""
|
|
311
310
|
Flag to allow certificates for localhost
|
|
312
311
|
"""
|
|
313
312
|
return pulumi.get(self, "allow_localhost")
|
|
314
313
|
|
|
315
314
|
@allow_localhost.setter
|
|
316
|
-
def allow_localhost(self, value: Optional[pulumi.Input[
|
|
315
|
+
def allow_localhost(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
317
316
|
pulumi.set(self, "allow_localhost", value)
|
|
318
317
|
|
|
319
|
-
@property
|
|
318
|
+
@_builtins.property
|
|
320
319
|
@pulumi.getter(name="allowSubdomains")
|
|
321
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[
|
|
320
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
322
321
|
"""
|
|
323
322
|
Flag to allow certificates matching subdomains
|
|
324
323
|
"""
|
|
325
324
|
return pulumi.get(self, "allow_subdomains")
|
|
326
325
|
|
|
327
326
|
@allow_subdomains.setter
|
|
328
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[
|
|
327
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
329
328
|
pulumi.set(self, "allow_subdomains", value)
|
|
330
329
|
|
|
331
|
-
@property
|
|
330
|
+
@_builtins.property
|
|
332
331
|
@pulumi.getter(name="allowWildcardCertificates")
|
|
333
|
-
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[
|
|
332
|
+
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
334
333
|
"""
|
|
335
334
|
Flag to allow wildcard certificates.
|
|
336
335
|
"""
|
|
337
336
|
return pulumi.get(self, "allow_wildcard_certificates")
|
|
338
337
|
|
|
339
338
|
@allow_wildcard_certificates.setter
|
|
340
|
-
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[
|
|
339
|
+
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
341
340
|
pulumi.set(self, "allow_wildcard_certificates", value)
|
|
342
341
|
|
|
343
|
-
@property
|
|
342
|
+
@_builtins.property
|
|
344
343
|
@pulumi.getter(name="allowedDomains")
|
|
345
|
-
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
344
|
+
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
346
345
|
"""
|
|
347
346
|
List of allowed domains for certificates
|
|
348
347
|
"""
|
|
349
348
|
return pulumi.get(self, "allowed_domains")
|
|
350
349
|
|
|
351
350
|
@allowed_domains.setter
|
|
352
|
-
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
351
|
+
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
353
352
|
pulumi.set(self, "allowed_domains", value)
|
|
354
353
|
|
|
355
|
-
@property
|
|
354
|
+
@_builtins.property
|
|
356
355
|
@pulumi.getter(name="allowedDomainsTemplate")
|
|
357
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[
|
|
356
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
358
357
|
"""
|
|
359
358
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
360
359
|
"""
|
|
361
360
|
return pulumi.get(self, "allowed_domains_template")
|
|
362
361
|
|
|
363
362
|
@allowed_domains_template.setter
|
|
364
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[
|
|
363
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
365
364
|
pulumi.set(self, "allowed_domains_template", value)
|
|
366
365
|
|
|
367
|
-
@property
|
|
366
|
+
@_builtins.property
|
|
368
367
|
@pulumi.getter(name="allowedOtherSans")
|
|
369
|
-
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
368
|
+
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
370
369
|
"""
|
|
371
370
|
Defines allowed custom SANs
|
|
372
371
|
"""
|
|
373
372
|
return pulumi.get(self, "allowed_other_sans")
|
|
374
373
|
|
|
375
374
|
@allowed_other_sans.setter
|
|
376
|
-
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
375
|
+
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
377
376
|
pulumi.set(self, "allowed_other_sans", value)
|
|
378
377
|
|
|
379
|
-
@property
|
|
378
|
+
@_builtins.property
|
|
380
379
|
@pulumi.getter(name="allowedSerialNumbers")
|
|
381
|
-
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
380
|
+
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
382
381
|
"""
|
|
383
382
|
An array of allowed serial numbers to put in Subject
|
|
384
383
|
"""
|
|
385
384
|
return pulumi.get(self, "allowed_serial_numbers")
|
|
386
385
|
|
|
387
386
|
@allowed_serial_numbers.setter
|
|
388
|
-
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
387
|
+
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
389
388
|
pulumi.set(self, "allowed_serial_numbers", value)
|
|
390
389
|
|
|
391
|
-
@property
|
|
390
|
+
@_builtins.property
|
|
392
391
|
@pulumi.getter(name="allowedUriSans")
|
|
393
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
392
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
394
393
|
"""
|
|
395
394
|
Defines allowed URI SANs
|
|
396
395
|
"""
|
|
397
396
|
return pulumi.get(self, "allowed_uri_sans")
|
|
398
397
|
|
|
399
398
|
@allowed_uri_sans.setter
|
|
400
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
399
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
401
400
|
pulumi.set(self, "allowed_uri_sans", value)
|
|
402
401
|
|
|
403
|
-
@property
|
|
402
|
+
@_builtins.property
|
|
404
403
|
@pulumi.getter(name="allowedUriSansTemplate")
|
|
405
|
-
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[
|
|
404
|
+
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
406
405
|
"""
|
|
407
406
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
408
407
|
"""
|
|
409
408
|
return pulumi.get(self, "allowed_uri_sans_template")
|
|
410
409
|
|
|
411
410
|
@allowed_uri_sans_template.setter
|
|
412
|
-
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[
|
|
411
|
+
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
413
412
|
pulumi.set(self, "allowed_uri_sans_template", value)
|
|
414
413
|
|
|
415
|
-
@property
|
|
414
|
+
@_builtins.property
|
|
416
415
|
@pulumi.getter(name="allowedUserIds")
|
|
417
|
-
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
416
|
+
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
418
417
|
"""
|
|
419
418
|
Defines allowed User IDs
|
|
420
419
|
"""
|
|
421
420
|
return pulumi.get(self, "allowed_user_ids")
|
|
422
421
|
|
|
423
422
|
@allowed_user_ids.setter
|
|
424
|
-
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
423
|
+
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
425
424
|
pulumi.set(self, "allowed_user_ids", value)
|
|
426
425
|
|
|
427
|
-
@property
|
|
426
|
+
@_builtins.property
|
|
428
427
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
|
429
|
-
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[
|
|
428
|
+
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
430
429
|
"""
|
|
431
430
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
|
432
431
|
"""
|
|
433
432
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
|
434
433
|
|
|
435
434
|
@basic_constraints_valid_for_non_ca.setter
|
|
436
|
-
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[
|
|
435
|
+
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
437
436
|
pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
|
|
438
437
|
|
|
439
|
-
@property
|
|
438
|
+
@_builtins.property
|
|
440
439
|
@pulumi.getter(name="clientFlag")
|
|
441
|
-
def client_flag(self) -> Optional[pulumi.Input[
|
|
440
|
+
def client_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
442
441
|
"""
|
|
443
442
|
Flag to specify certificates for client use
|
|
444
443
|
"""
|
|
445
444
|
return pulumi.get(self, "client_flag")
|
|
446
445
|
|
|
447
446
|
@client_flag.setter
|
|
448
|
-
def client_flag(self, value: Optional[pulumi.Input[
|
|
447
|
+
def client_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
449
448
|
pulumi.set(self, "client_flag", value)
|
|
450
449
|
|
|
451
|
-
@property
|
|
450
|
+
@_builtins.property
|
|
452
451
|
@pulumi.getter(name="cnValidations")
|
|
453
|
-
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
452
|
+
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
454
453
|
"""
|
|
455
454
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
456
455
|
"""
|
|
457
456
|
return pulumi.get(self, "cn_validations")
|
|
458
457
|
|
|
459
458
|
@cn_validations.setter
|
|
460
|
-
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
459
|
+
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
461
460
|
pulumi.set(self, "cn_validations", value)
|
|
462
461
|
|
|
463
|
-
@property
|
|
462
|
+
@_builtins.property
|
|
464
463
|
@pulumi.getter(name="codeSigningFlag")
|
|
465
|
-
def code_signing_flag(self) -> Optional[pulumi.Input[
|
|
464
|
+
def code_signing_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
466
465
|
"""
|
|
467
466
|
Flag to specify certificates for code signing use
|
|
468
467
|
"""
|
|
469
468
|
return pulumi.get(self, "code_signing_flag")
|
|
470
469
|
|
|
471
470
|
@code_signing_flag.setter
|
|
472
|
-
def code_signing_flag(self, value: Optional[pulumi.Input[
|
|
471
|
+
def code_signing_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
473
472
|
pulumi.set(self, "code_signing_flag", value)
|
|
474
473
|
|
|
475
|
-
@property
|
|
474
|
+
@_builtins.property
|
|
476
475
|
@pulumi.getter
|
|
477
|
-
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
476
|
+
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
478
477
|
"""
|
|
479
478
|
The country of generated certificates
|
|
480
479
|
"""
|
|
481
480
|
return pulumi.get(self, "countries")
|
|
482
481
|
|
|
483
482
|
@countries.setter
|
|
484
|
-
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
483
|
+
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
485
484
|
pulumi.set(self, "countries", value)
|
|
486
485
|
|
|
487
|
-
@property
|
|
486
|
+
@_builtins.property
|
|
488
487
|
@pulumi.getter(name="emailProtectionFlag")
|
|
489
|
-
def email_protection_flag(self) -> Optional[pulumi.Input[
|
|
488
|
+
def email_protection_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
490
489
|
"""
|
|
491
490
|
Flag to specify certificates for email protection use
|
|
492
491
|
"""
|
|
493
492
|
return pulumi.get(self, "email_protection_flag")
|
|
494
493
|
|
|
495
494
|
@email_protection_flag.setter
|
|
496
|
-
def email_protection_flag(self, value: Optional[pulumi.Input[
|
|
495
|
+
def email_protection_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
497
496
|
pulumi.set(self, "email_protection_flag", value)
|
|
498
497
|
|
|
499
|
-
@property
|
|
498
|
+
@_builtins.property
|
|
500
499
|
@pulumi.getter(name="enforceHostnames")
|
|
501
|
-
def enforce_hostnames(self) -> Optional[pulumi.Input[
|
|
500
|
+
def enforce_hostnames(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
502
501
|
"""
|
|
503
502
|
Flag to allow only valid host names
|
|
504
503
|
"""
|
|
505
504
|
return pulumi.get(self, "enforce_hostnames")
|
|
506
505
|
|
|
507
506
|
@enforce_hostnames.setter
|
|
508
|
-
def enforce_hostnames(self, value: Optional[pulumi.Input[
|
|
507
|
+
def enforce_hostnames(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
509
508
|
pulumi.set(self, "enforce_hostnames", value)
|
|
510
509
|
|
|
511
|
-
@property
|
|
510
|
+
@_builtins.property
|
|
512
511
|
@pulumi.getter(name="extKeyUsageOids")
|
|
513
|
-
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
512
|
+
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
514
513
|
"""
|
|
515
514
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
516
515
|
"""
|
|
517
516
|
return pulumi.get(self, "ext_key_usage_oids")
|
|
518
517
|
|
|
519
518
|
@ext_key_usage_oids.setter
|
|
520
|
-
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
519
|
+
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
521
520
|
pulumi.set(self, "ext_key_usage_oids", value)
|
|
522
521
|
|
|
523
|
-
@property
|
|
522
|
+
@_builtins.property
|
|
524
523
|
@pulumi.getter(name="extKeyUsages")
|
|
525
|
-
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
524
|
+
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
526
525
|
"""
|
|
527
526
|
Specify the allowed extended key usage constraint on issued certificates
|
|
528
527
|
"""
|
|
529
528
|
return pulumi.get(self, "ext_key_usages")
|
|
530
529
|
|
|
531
530
|
@ext_key_usages.setter
|
|
532
|
-
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
531
|
+
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
533
532
|
pulumi.set(self, "ext_key_usages", value)
|
|
534
533
|
|
|
535
|
-
@property
|
|
534
|
+
@_builtins.property
|
|
536
535
|
@pulumi.getter(name="generateLease")
|
|
537
|
-
def generate_lease(self) -> Optional[pulumi.Input[
|
|
536
|
+
def generate_lease(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
538
537
|
"""
|
|
539
538
|
Flag to generate leases with certificates
|
|
540
539
|
"""
|
|
541
540
|
return pulumi.get(self, "generate_lease")
|
|
542
541
|
|
|
543
542
|
@generate_lease.setter
|
|
544
|
-
def generate_lease(self, value: Optional[pulumi.Input[
|
|
543
|
+
def generate_lease(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
545
544
|
pulumi.set(self, "generate_lease", value)
|
|
546
545
|
|
|
547
|
-
@property
|
|
546
|
+
@_builtins.property
|
|
548
547
|
@pulumi.getter(name="issuerRef")
|
|
549
|
-
def issuer_ref(self) -> Optional[pulumi.Input[
|
|
548
|
+
def issuer_ref(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
550
549
|
"""
|
|
551
550
|
Specifies the default issuer of this request. May
|
|
552
551
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
@@ -556,24 +555,24 @@ class SecretBackendRoleArgs:
|
|
|
556
555
|
return pulumi.get(self, "issuer_ref")
|
|
557
556
|
|
|
558
557
|
@issuer_ref.setter
|
|
559
|
-
def issuer_ref(self, value: Optional[pulumi.Input[
|
|
558
|
+
def issuer_ref(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
560
559
|
pulumi.set(self, "issuer_ref", value)
|
|
561
560
|
|
|
562
|
-
@property
|
|
561
|
+
@_builtins.property
|
|
563
562
|
@pulumi.getter(name="keyBits")
|
|
564
|
-
def key_bits(self) -> Optional[pulumi.Input[
|
|
563
|
+
def key_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
565
564
|
"""
|
|
566
565
|
The number of bits of generated keys
|
|
567
566
|
"""
|
|
568
567
|
return pulumi.get(self, "key_bits")
|
|
569
568
|
|
|
570
569
|
@key_bits.setter
|
|
571
|
-
def key_bits(self, value: Optional[pulumi.Input[
|
|
570
|
+
def key_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
572
571
|
pulumi.set(self, "key_bits", value)
|
|
573
572
|
|
|
574
|
-
@property
|
|
573
|
+
@_builtins.property
|
|
575
574
|
@pulumi.getter(name="keyType")
|
|
576
|
-
def key_type(self) -> Optional[pulumi.Input[
|
|
575
|
+
def key_type(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
577
576
|
"""
|
|
578
577
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
579
578
|
Defaults to `rsa`
|
|
@@ -581,12 +580,12 @@ class SecretBackendRoleArgs:
|
|
|
581
580
|
return pulumi.get(self, "key_type")
|
|
582
581
|
|
|
583
582
|
@key_type.setter
|
|
584
|
-
def key_type(self, value: Optional[pulumi.Input[
|
|
583
|
+
def key_type(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
585
584
|
pulumi.set(self, "key_type", value)
|
|
586
585
|
|
|
587
|
-
@property
|
|
586
|
+
@_builtins.property
|
|
588
587
|
@pulumi.getter(name="keyUsages")
|
|
589
|
-
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
588
|
+
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
590
589
|
"""
|
|
591
590
|
Specify the allowed key usage constraint on issued
|
|
592
591
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
@@ -595,48 +594,48 @@ class SecretBackendRoleArgs:
|
|
|
595
594
|
return pulumi.get(self, "key_usages")
|
|
596
595
|
|
|
597
596
|
@key_usages.setter
|
|
598
|
-
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
597
|
+
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
599
598
|
pulumi.set(self, "key_usages", value)
|
|
600
599
|
|
|
601
|
-
@property
|
|
600
|
+
@_builtins.property
|
|
602
601
|
@pulumi.getter
|
|
603
|
-
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
602
|
+
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
604
603
|
"""
|
|
605
604
|
The locality of generated certificates
|
|
606
605
|
"""
|
|
607
606
|
return pulumi.get(self, "localities")
|
|
608
607
|
|
|
609
608
|
@localities.setter
|
|
610
|
-
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
609
|
+
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
611
610
|
pulumi.set(self, "localities", value)
|
|
612
611
|
|
|
613
|
-
@property
|
|
612
|
+
@_builtins.property
|
|
614
613
|
@pulumi.getter(name="maxTtl")
|
|
615
|
-
def max_ttl(self) -> Optional[pulumi.Input[
|
|
614
|
+
def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
616
615
|
"""
|
|
617
616
|
The maximum lease TTL, in seconds, for the role.
|
|
618
617
|
"""
|
|
619
618
|
return pulumi.get(self, "max_ttl")
|
|
620
619
|
|
|
621
620
|
@max_ttl.setter
|
|
622
|
-
def max_ttl(self, value: Optional[pulumi.Input[
|
|
621
|
+
def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
623
622
|
pulumi.set(self, "max_ttl", value)
|
|
624
623
|
|
|
625
|
-
@property
|
|
624
|
+
@_builtins.property
|
|
626
625
|
@pulumi.getter
|
|
627
|
-
def name(self) -> Optional[pulumi.Input[
|
|
626
|
+
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
628
627
|
"""
|
|
629
628
|
The name to identify this role within the backend. Must be unique within the backend.
|
|
630
629
|
"""
|
|
631
630
|
return pulumi.get(self, "name")
|
|
632
631
|
|
|
633
632
|
@name.setter
|
|
634
|
-
def name(self, value: Optional[pulumi.Input[
|
|
633
|
+
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
635
634
|
pulumi.set(self, "name", value)
|
|
636
635
|
|
|
637
|
-
@property
|
|
636
|
+
@_builtins.property
|
|
638
637
|
@pulumi.getter
|
|
639
|
-
def namespace(self) -> Optional[pulumi.Input[
|
|
638
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
640
639
|
"""
|
|
641
640
|
The namespace to provision the resource in.
|
|
642
641
|
The value should not contain leading or trailing forward slashes.
|
|
@@ -646,82 +645,82 @@ class SecretBackendRoleArgs:
|
|
|
646
645
|
return pulumi.get(self, "namespace")
|
|
647
646
|
|
|
648
647
|
@namespace.setter
|
|
649
|
-
def namespace(self, value: Optional[pulumi.Input[
|
|
648
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
650
649
|
pulumi.set(self, "namespace", value)
|
|
651
650
|
|
|
652
|
-
@property
|
|
651
|
+
@_builtins.property
|
|
653
652
|
@pulumi.getter(name="noStore")
|
|
654
|
-
def no_store(self) -> Optional[pulumi.Input[
|
|
653
|
+
def no_store(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
655
654
|
"""
|
|
656
655
|
Flag to not store certificates in the storage backend
|
|
657
656
|
"""
|
|
658
657
|
return pulumi.get(self, "no_store")
|
|
659
658
|
|
|
660
659
|
@no_store.setter
|
|
661
|
-
def no_store(self, value: Optional[pulumi.Input[
|
|
660
|
+
def no_store(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
662
661
|
pulumi.set(self, "no_store", value)
|
|
663
662
|
|
|
664
|
-
@property
|
|
663
|
+
@_builtins.property
|
|
665
664
|
@pulumi.getter(name="noStoreMetadata")
|
|
666
|
-
def no_store_metadata(self) -> Optional[pulumi.Input[
|
|
665
|
+
def no_store_metadata(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
667
666
|
"""
|
|
668
667
|
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
669
668
|
"""
|
|
670
669
|
return pulumi.get(self, "no_store_metadata")
|
|
671
670
|
|
|
672
671
|
@no_store_metadata.setter
|
|
673
|
-
def no_store_metadata(self, value: Optional[pulumi.Input[
|
|
672
|
+
def no_store_metadata(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
674
673
|
pulumi.set(self, "no_store_metadata", value)
|
|
675
674
|
|
|
676
|
-
@property
|
|
675
|
+
@_builtins.property
|
|
677
676
|
@pulumi.getter(name="notAfter")
|
|
678
|
-
def not_after(self) -> Optional[pulumi.Input[
|
|
677
|
+
def not_after(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
679
678
|
"""
|
|
680
679
|
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
681
680
|
"""
|
|
682
681
|
return pulumi.get(self, "not_after")
|
|
683
682
|
|
|
684
683
|
@not_after.setter
|
|
685
|
-
def not_after(self, value: Optional[pulumi.Input[
|
|
684
|
+
def not_after(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
686
685
|
pulumi.set(self, "not_after", value)
|
|
687
686
|
|
|
688
|
-
@property
|
|
687
|
+
@_builtins.property
|
|
689
688
|
@pulumi.getter(name="notBeforeDuration")
|
|
690
|
-
def not_before_duration(self) -> Optional[pulumi.Input[
|
|
689
|
+
def not_before_duration(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
691
690
|
"""
|
|
692
691
|
Specifies the duration by which to backdate the NotBefore property.
|
|
693
692
|
"""
|
|
694
693
|
return pulumi.get(self, "not_before_duration")
|
|
695
694
|
|
|
696
695
|
@not_before_duration.setter
|
|
697
|
-
def not_before_duration(self, value: Optional[pulumi.Input[
|
|
696
|
+
def not_before_duration(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
698
697
|
pulumi.set(self, "not_before_duration", value)
|
|
699
698
|
|
|
700
|
-
@property
|
|
699
|
+
@_builtins.property
|
|
701
700
|
@pulumi.getter(name="organizationUnit")
|
|
702
|
-
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
701
|
+
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
703
702
|
"""
|
|
704
703
|
The organization unit of generated certificates
|
|
705
704
|
"""
|
|
706
705
|
return pulumi.get(self, "organization_unit")
|
|
707
706
|
|
|
708
707
|
@organization_unit.setter
|
|
709
|
-
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
708
|
+
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
710
709
|
pulumi.set(self, "organization_unit", value)
|
|
711
710
|
|
|
712
|
-
@property
|
|
711
|
+
@_builtins.property
|
|
713
712
|
@pulumi.getter
|
|
714
|
-
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
713
|
+
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
715
714
|
"""
|
|
716
715
|
The organization of generated certificates
|
|
717
716
|
"""
|
|
718
717
|
return pulumi.get(self, "organizations")
|
|
719
718
|
|
|
720
719
|
@organizations.setter
|
|
721
|
-
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
720
|
+
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
722
721
|
pulumi.set(self, "organizations", value)
|
|
723
722
|
|
|
724
|
-
@property
|
|
723
|
+
@_builtins.property
|
|
725
724
|
@pulumi.getter(name="policyIdentifier")
|
|
726
725
|
def policy_identifier(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]:
|
|
727
726
|
"""
|
|
@@ -733,57 +732,57 @@ class SecretBackendRoleArgs:
|
|
|
733
732
|
def policy_identifier(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]):
|
|
734
733
|
pulumi.set(self, "policy_identifier", value)
|
|
735
734
|
|
|
736
|
-
@property
|
|
735
|
+
@_builtins.property
|
|
737
736
|
@pulumi.getter(name="policyIdentifiers")
|
|
738
|
-
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
737
|
+
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
739
738
|
"""
|
|
740
739
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
741
740
|
"""
|
|
742
741
|
return pulumi.get(self, "policy_identifiers")
|
|
743
742
|
|
|
744
743
|
@policy_identifiers.setter
|
|
745
|
-
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
744
|
+
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
746
745
|
pulumi.set(self, "policy_identifiers", value)
|
|
747
746
|
|
|
748
|
-
@property
|
|
747
|
+
@_builtins.property
|
|
749
748
|
@pulumi.getter(name="postalCodes")
|
|
750
|
-
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
749
|
+
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
751
750
|
"""
|
|
752
751
|
The postal code of generated certificates
|
|
753
752
|
"""
|
|
754
753
|
return pulumi.get(self, "postal_codes")
|
|
755
754
|
|
|
756
755
|
@postal_codes.setter
|
|
757
|
-
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
756
|
+
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
758
757
|
pulumi.set(self, "postal_codes", value)
|
|
759
758
|
|
|
760
|
-
@property
|
|
759
|
+
@_builtins.property
|
|
761
760
|
@pulumi.getter
|
|
762
|
-
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
761
|
+
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
763
762
|
"""
|
|
764
763
|
The province of generated certificates
|
|
765
764
|
"""
|
|
766
765
|
return pulumi.get(self, "provinces")
|
|
767
766
|
|
|
768
767
|
@provinces.setter
|
|
769
|
-
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
768
|
+
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
770
769
|
pulumi.set(self, "provinces", value)
|
|
771
770
|
|
|
772
|
-
@property
|
|
771
|
+
@_builtins.property
|
|
773
772
|
@pulumi.getter(name="requireCn")
|
|
774
|
-
def require_cn(self) -> Optional[pulumi.Input[
|
|
773
|
+
def require_cn(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
775
774
|
"""
|
|
776
775
|
Flag to force CN usage
|
|
777
776
|
"""
|
|
778
777
|
return pulumi.get(self, "require_cn")
|
|
779
778
|
|
|
780
779
|
@require_cn.setter
|
|
781
|
-
def require_cn(self, value: Optional[pulumi.Input[
|
|
780
|
+
def require_cn(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
782
781
|
pulumi.set(self, "require_cn", value)
|
|
783
782
|
|
|
784
|
-
@property
|
|
783
|
+
@_builtins.property
|
|
785
784
|
@pulumi.getter(name="serialNumberSource")
|
|
786
|
-
def serial_number_source(self) -> Optional[pulumi.Input[
|
|
785
|
+
def serial_number_source(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
787
786
|
"""
|
|
788
787
|
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
789
788
|
|
|
@@ -792,214 +791,214 @@ class SecretBackendRoleArgs:
|
|
|
792
791
|
return pulumi.get(self, "serial_number_source")
|
|
793
792
|
|
|
794
793
|
@serial_number_source.setter
|
|
795
|
-
def serial_number_source(self, value: Optional[pulumi.Input[
|
|
794
|
+
def serial_number_source(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
796
795
|
pulumi.set(self, "serial_number_source", value)
|
|
797
796
|
|
|
798
|
-
@property
|
|
797
|
+
@_builtins.property
|
|
799
798
|
@pulumi.getter(name="serverFlag")
|
|
800
|
-
def server_flag(self) -> Optional[pulumi.Input[
|
|
799
|
+
def server_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
801
800
|
"""
|
|
802
801
|
Flag to specify certificates for server use
|
|
803
802
|
"""
|
|
804
803
|
return pulumi.get(self, "server_flag")
|
|
805
804
|
|
|
806
805
|
@server_flag.setter
|
|
807
|
-
def server_flag(self, value: Optional[pulumi.Input[
|
|
806
|
+
def server_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
808
807
|
pulumi.set(self, "server_flag", value)
|
|
809
808
|
|
|
810
|
-
@property
|
|
809
|
+
@_builtins.property
|
|
811
810
|
@pulumi.getter(name="signatureBits")
|
|
812
|
-
def signature_bits(self) -> Optional[pulumi.Input[
|
|
811
|
+
def signature_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
813
812
|
"""
|
|
814
813
|
The number of bits to use in the signature algorithm
|
|
815
814
|
"""
|
|
816
815
|
return pulumi.get(self, "signature_bits")
|
|
817
816
|
|
|
818
817
|
@signature_bits.setter
|
|
819
|
-
def signature_bits(self, value: Optional[pulumi.Input[
|
|
818
|
+
def signature_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
820
819
|
pulumi.set(self, "signature_bits", value)
|
|
821
820
|
|
|
822
|
-
@property
|
|
821
|
+
@_builtins.property
|
|
823
822
|
@pulumi.getter(name="streetAddresses")
|
|
824
|
-
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
823
|
+
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
825
824
|
"""
|
|
826
825
|
The street address of generated certificates
|
|
827
826
|
"""
|
|
828
827
|
return pulumi.get(self, "street_addresses")
|
|
829
828
|
|
|
830
829
|
@street_addresses.setter
|
|
831
|
-
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
830
|
+
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
832
831
|
pulumi.set(self, "street_addresses", value)
|
|
833
832
|
|
|
834
|
-
@property
|
|
833
|
+
@_builtins.property
|
|
835
834
|
@pulumi.getter
|
|
836
|
-
def ttl(self) -> Optional[pulumi.Input[
|
|
835
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
837
836
|
"""
|
|
838
837
|
The TTL, in seconds, for any certificate issued against this role.
|
|
839
838
|
"""
|
|
840
839
|
return pulumi.get(self, "ttl")
|
|
841
840
|
|
|
842
841
|
@ttl.setter
|
|
843
|
-
def ttl(self, value: Optional[pulumi.Input[
|
|
842
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
844
843
|
pulumi.set(self, "ttl", value)
|
|
845
844
|
|
|
846
|
-
@property
|
|
845
|
+
@_builtins.property
|
|
847
846
|
@pulumi.getter(name="useCsrCommonName")
|
|
848
|
-
def use_csr_common_name(self) -> Optional[pulumi.Input[
|
|
847
|
+
def use_csr_common_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
849
848
|
"""
|
|
850
849
|
Flag to use the CN in the CSR
|
|
851
850
|
"""
|
|
852
851
|
return pulumi.get(self, "use_csr_common_name")
|
|
853
852
|
|
|
854
853
|
@use_csr_common_name.setter
|
|
855
|
-
def use_csr_common_name(self, value: Optional[pulumi.Input[
|
|
854
|
+
def use_csr_common_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
856
855
|
pulumi.set(self, "use_csr_common_name", value)
|
|
857
856
|
|
|
858
|
-
@property
|
|
857
|
+
@_builtins.property
|
|
859
858
|
@pulumi.getter(name="useCsrSans")
|
|
860
|
-
def use_csr_sans(self) -> Optional[pulumi.Input[
|
|
859
|
+
def use_csr_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
861
860
|
"""
|
|
862
861
|
Flag to use the SANs in the CSR
|
|
863
862
|
"""
|
|
864
863
|
return pulumi.get(self, "use_csr_sans")
|
|
865
864
|
|
|
866
865
|
@use_csr_sans.setter
|
|
867
|
-
def use_csr_sans(self, value: Optional[pulumi.Input[
|
|
866
|
+
def use_csr_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
868
867
|
pulumi.set(self, "use_csr_sans", value)
|
|
869
868
|
|
|
870
|
-
@property
|
|
869
|
+
@_builtins.property
|
|
871
870
|
@pulumi.getter(name="usePss")
|
|
872
|
-
def use_pss(self) -> Optional[pulumi.Input[
|
|
871
|
+
def use_pss(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
873
872
|
"""
|
|
874
873
|
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
875
874
|
"""
|
|
876
875
|
return pulumi.get(self, "use_pss")
|
|
877
876
|
|
|
878
877
|
@use_pss.setter
|
|
879
|
-
def use_pss(self, value: Optional[pulumi.Input[
|
|
878
|
+
def use_pss(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
880
879
|
pulumi.set(self, "use_pss", value)
|
|
881
880
|
|
|
882
881
|
|
|
883
882
|
@pulumi.input_type
|
|
884
883
|
class _SecretBackendRoleState:
|
|
885
884
|
def __init__(__self__, *,
|
|
886
|
-
allow_any_name: Optional[pulumi.Input[
|
|
887
|
-
allow_bare_domains: Optional[pulumi.Input[
|
|
888
|
-
allow_glob_domains: Optional[pulumi.Input[
|
|
889
|
-
allow_ip_sans: Optional[pulumi.Input[
|
|
890
|
-
allow_localhost: Optional[pulumi.Input[
|
|
891
|
-
allow_subdomains: Optional[pulumi.Input[
|
|
892
|
-
allow_wildcard_certificates: Optional[pulumi.Input[
|
|
893
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
894
|
-
allowed_domains_template: Optional[pulumi.Input[
|
|
895
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
896
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
897
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
898
|
-
allowed_uri_sans_template: Optional[pulumi.Input[
|
|
899
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
900
|
-
backend: Optional[pulumi.Input[
|
|
901
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[
|
|
902
|
-
client_flag: Optional[pulumi.Input[
|
|
903
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
904
|
-
code_signing_flag: Optional[pulumi.Input[
|
|
905
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
906
|
-
email_protection_flag: Optional[pulumi.Input[
|
|
907
|
-
enforce_hostnames: Optional[pulumi.Input[
|
|
908
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
909
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
910
|
-
generate_lease: Optional[pulumi.Input[
|
|
911
|
-
issuer_ref: Optional[pulumi.Input[
|
|
912
|
-
key_bits: Optional[pulumi.Input[
|
|
913
|
-
key_type: Optional[pulumi.Input[
|
|
914
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
915
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
916
|
-
max_ttl: Optional[pulumi.Input[
|
|
917
|
-
name: Optional[pulumi.Input[
|
|
918
|
-
namespace: Optional[pulumi.Input[
|
|
919
|
-
no_store: Optional[pulumi.Input[
|
|
920
|
-
no_store_metadata: Optional[pulumi.Input[
|
|
921
|
-
not_after: Optional[pulumi.Input[
|
|
922
|
-
not_before_duration: Optional[pulumi.Input[
|
|
923
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
924
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
885
|
+
allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
886
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
887
|
+
allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
888
|
+
allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
889
|
+
allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
890
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
891
|
+
allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
892
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
893
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
894
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
895
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
896
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
897
|
+
allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
898
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
899
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
900
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
901
|
+
client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
902
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
903
|
+
code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
904
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
905
|
+
email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
906
|
+
enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
907
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
908
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
909
|
+
generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
910
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
911
|
+
key_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
912
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
913
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
914
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
915
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
916
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
917
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
918
|
+
no_store: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
919
|
+
no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
920
|
+
not_after: Optional[pulumi.Input[_builtins.str]] = None,
|
|
921
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
922
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
923
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
925
924
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]] = None,
|
|
926
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
927
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
928
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
929
|
-
require_cn: Optional[pulumi.Input[
|
|
930
|
-
serial_number_source: Optional[pulumi.Input[
|
|
931
|
-
server_flag: Optional[pulumi.Input[
|
|
932
|
-
signature_bits: Optional[pulumi.Input[
|
|
933
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
934
|
-
ttl: Optional[pulumi.Input[
|
|
935
|
-
use_csr_common_name: Optional[pulumi.Input[
|
|
936
|
-
use_csr_sans: Optional[pulumi.Input[
|
|
937
|
-
use_pss: Optional[pulumi.Input[
|
|
925
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
926
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
927
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
928
|
+
require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
929
|
+
serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
|
|
930
|
+
server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
931
|
+
signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
932
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
933
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
934
|
+
use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
935
|
+
use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
936
|
+
use_pss: Optional[pulumi.Input[_builtins.bool]] = None):
|
|
938
937
|
"""
|
|
939
938
|
Input properties used for looking up and filtering SecretBackendRole resources.
|
|
940
|
-
:param pulumi.Input[
|
|
941
|
-
:param pulumi.Input[
|
|
942
|
-
:param pulumi.Input[
|
|
943
|
-
:param pulumi.Input[
|
|
944
|
-
:param pulumi.Input[
|
|
945
|
-
:param pulumi.Input[
|
|
946
|
-
:param pulumi.Input[
|
|
947
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
948
|
-
:param pulumi.Input[
|
|
949
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
950
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
951
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
952
|
-
:param pulumi.Input[
|
|
953
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
954
|
-
:param pulumi.Input[
|
|
955
|
-
:param pulumi.Input[
|
|
956
|
-
:param pulumi.Input[
|
|
957
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
958
|
-
:param pulumi.Input[
|
|
959
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
960
|
-
:param pulumi.Input[
|
|
961
|
-
:param pulumi.Input[
|
|
962
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
963
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
964
|
-
:param pulumi.Input[
|
|
965
|
-
:param pulumi.Input[
|
|
939
|
+
:param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
|
|
940
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
|
941
|
+
:param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
|
942
|
+
:param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
|
943
|
+
:param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
|
944
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
|
945
|
+
:param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
|
946
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
|
|
947
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
948
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
|
949
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
|
950
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
|
951
|
+
:param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
952
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
|
953
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
954
|
+
:param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
|
955
|
+
:param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
|
|
956
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
957
|
+
:param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
|
958
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
|
|
959
|
+
:param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
|
960
|
+
:param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
|
961
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
962
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
|
963
|
+
:param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
|
|
964
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
|
966
965
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
967
966
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
|
968
967
|
overriding the role's `issuer_ref` value.
|
|
969
|
-
:param pulumi.Input[
|
|
970
|
-
:param pulumi.Input[
|
|
968
|
+
:param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
|
|
969
|
+
:param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
971
970
|
Defaults to `rsa`
|
|
972
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
971
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
|
973
972
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
974
973
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
|
975
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
976
|
-
:param pulumi.Input[
|
|
977
|
-
:param pulumi.Input[
|
|
978
|
-
:param pulumi.Input[
|
|
974
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
|
|
975
|
+
:param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
|
976
|
+
:param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
|
977
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
979
978
|
The value should not contain leading or trailing forward slashes.
|
|
980
979
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
981
980
|
*Available only for Vault Enterprise*.
|
|
982
|
-
:param pulumi.Input[
|
|
983
|
-
:param pulumi.Input[
|
|
984
|
-
:param pulumi.Input[
|
|
985
|
-
:param pulumi.Input[
|
|
986
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
987
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
981
|
+
:param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
|
|
982
|
+
:param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
983
|
+
:param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
984
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
|
985
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
|
|
986
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
|
|
988
987
|
:param pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
|
989
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
990
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
991
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
992
|
-
:param pulumi.Input[
|
|
993
|
-
:param pulumi.Input[
|
|
988
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
989
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
|
|
990
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
|
|
991
|
+
:param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
|
|
992
|
+
:param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
994
993
|
|
|
995
994
|
Example usage:
|
|
996
|
-
:param pulumi.Input[
|
|
997
|
-
:param pulumi.Input[
|
|
998
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
999
|
-
:param pulumi.Input[
|
|
1000
|
-
:param pulumi.Input[
|
|
1001
|
-
:param pulumi.Input[
|
|
1002
|
-
:param pulumi.Input[
|
|
995
|
+
:param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
|
|
996
|
+
:param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
|
997
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
|
|
998
|
+
:param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
|
999
|
+
:param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
|
1000
|
+
:param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
|
1001
|
+
:param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
1003
1002
|
"""
|
|
1004
1003
|
if allow_any_name is not None:
|
|
1005
1004
|
pulumi.set(__self__, "allow_any_name", allow_any_name)
|
|
@@ -1106,309 +1105,309 @@ class _SecretBackendRoleState:
|
|
|
1106
1105
|
if use_pss is not None:
|
|
1107
1106
|
pulumi.set(__self__, "use_pss", use_pss)
|
|
1108
1107
|
|
|
1109
|
-
@property
|
|
1108
|
+
@_builtins.property
|
|
1110
1109
|
@pulumi.getter(name="allowAnyName")
|
|
1111
|
-
def allow_any_name(self) -> Optional[pulumi.Input[
|
|
1110
|
+
def allow_any_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1112
1111
|
"""
|
|
1113
1112
|
Flag to allow any name
|
|
1114
1113
|
"""
|
|
1115
1114
|
return pulumi.get(self, "allow_any_name")
|
|
1116
1115
|
|
|
1117
1116
|
@allow_any_name.setter
|
|
1118
|
-
def allow_any_name(self, value: Optional[pulumi.Input[
|
|
1117
|
+
def allow_any_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1119
1118
|
pulumi.set(self, "allow_any_name", value)
|
|
1120
1119
|
|
|
1121
|
-
@property
|
|
1120
|
+
@_builtins.property
|
|
1122
1121
|
@pulumi.getter(name="allowBareDomains")
|
|
1123
|
-
def allow_bare_domains(self) -> Optional[pulumi.Input[
|
|
1122
|
+
def allow_bare_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1124
1123
|
"""
|
|
1125
1124
|
Flag to allow certificates matching the actual domain
|
|
1126
1125
|
"""
|
|
1127
1126
|
return pulumi.get(self, "allow_bare_domains")
|
|
1128
1127
|
|
|
1129
1128
|
@allow_bare_domains.setter
|
|
1130
|
-
def allow_bare_domains(self, value: Optional[pulumi.Input[
|
|
1129
|
+
def allow_bare_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1131
1130
|
pulumi.set(self, "allow_bare_domains", value)
|
|
1132
1131
|
|
|
1133
|
-
@property
|
|
1132
|
+
@_builtins.property
|
|
1134
1133
|
@pulumi.getter(name="allowGlobDomains")
|
|
1135
|
-
def allow_glob_domains(self) -> Optional[pulumi.Input[
|
|
1134
|
+
def allow_glob_domains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1136
1135
|
"""
|
|
1137
1136
|
Flag to allow names containing glob patterns.
|
|
1138
1137
|
"""
|
|
1139
1138
|
return pulumi.get(self, "allow_glob_domains")
|
|
1140
1139
|
|
|
1141
1140
|
@allow_glob_domains.setter
|
|
1142
|
-
def allow_glob_domains(self, value: Optional[pulumi.Input[
|
|
1141
|
+
def allow_glob_domains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1143
1142
|
pulumi.set(self, "allow_glob_domains", value)
|
|
1144
1143
|
|
|
1145
|
-
@property
|
|
1144
|
+
@_builtins.property
|
|
1146
1145
|
@pulumi.getter(name="allowIpSans")
|
|
1147
|
-
def allow_ip_sans(self) -> Optional[pulumi.Input[
|
|
1146
|
+
def allow_ip_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1148
1147
|
"""
|
|
1149
1148
|
Flag to allow IP SANs
|
|
1150
1149
|
"""
|
|
1151
1150
|
return pulumi.get(self, "allow_ip_sans")
|
|
1152
1151
|
|
|
1153
1152
|
@allow_ip_sans.setter
|
|
1154
|
-
def allow_ip_sans(self, value: Optional[pulumi.Input[
|
|
1153
|
+
def allow_ip_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1155
1154
|
pulumi.set(self, "allow_ip_sans", value)
|
|
1156
1155
|
|
|
1157
|
-
@property
|
|
1156
|
+
@_builtins.property
|
|
1158
1157
|
@pulumi.getter(name="allowLocalhost")
|
|
1159
|
-
def allow_localhost(self) -> Optional[pulumi.Input[
|
|
1158
|
+
def allow_localhost(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1160
1159
|
"""
|
|
1161
1160
|
Flag to allow certificates for localhost
|
|
1162
1161
|
"""
|
|
1163
1162
|
return pulumi.get(self, "allow_localhost")
|
|
1164
1163
|
|
|
1165
1164
|
@allow_localhost.setter
|
|
1166
|
-
def allow_localhost(self, value: Optional[pulumi.Input[
|
|
1165
|
+
def allow_localhost(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1167
1166
|
pulumi.set(self, "allow_localhost", value)
|
|
1168
1167
|
|
|
1169
|
-
@property
|
|
1168
|
+
@_builtins.property
|
|
1170
1169
|
@pulumi.getter(name="allowSubdomains")
|
|
1171
|
-
def allow_subdomains(self) -> Optional[pulumi.Input[
|
|
1170
|
+
def allow_subdomains(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1172
1171
|
"""
|
|
1173
1172
|
Flag to allow certificates matching subdomains
|
|
1174
1173
|
"""
|
|
1175
1174
|
return pulumi.get(self, "allow_subdomains")
|
|
1176
1175
|
|
|
1177
1176
|
@allow_subdomains.setter
|
|
1178
|
-
def allow_subdomains(self, value: Optional[pulumi.Input[
|
|
1177
|
+
def allow_subdomains(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1179
1178
|
pulumi.set(self, "allow_subdomains", value)
|
|
1180
1179
|
|
|
1181
|
-
@property
|
|
1180
|
+
@_builtins.property
|
|
1182
1181
|
@pulumi.getter(name="allowWildcardCertificates")
|
|
1183
|
-
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[
|
|
1182
|
+
def allow_wildcard_certificates(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1184
1183
|
"""
|
|
1185
1184
|
Flag to allow wildcard certificates.
|
|
1186
1185
|
"""
|
|
1187
1186
|
return pulumi.get(self, "allow_wildcard_certificates")
|
|
1188
1187
|
|
|
1189
1188
|
@allow_wildcard_certificates.setter
|
|
1190
|
-
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[
|
|
1189
|
+
def allow_wildcard_certificates(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1191
1190
|
pulumi.set(self, "allow_wildcard_certificates", value)
|
|
1192
1191
|
|
|
1193
|
-
@property
|
|
1192
|
+
@_builtins.property
|
|
1194
1193
|
@pulumi.getter(name="allowedDomains")
|
|
1195
|
-
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1194
|
+
def allowed_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1196
1195
|
"""
|
|
1197
1196
|
List of allowed domains for certificates
|
|
1198
1197
|
"""
|
|
1199
1198
|
return pulumi.get(self, "allowed_domains")
|
|
1200
1199
|
|
|
1201
1200
|
@allowed_domains.setter
|
|
1202
|
-
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1201
|
+
def allowed_domains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1203
1202
|
pulumi.set(self, "allowed_domains", value)
|
|
1204
1203
|
|
|
1205
|
-
@property
|
|
1204
|
+
@_builtins.property
|
|
1206
1205
|
@pulumi.getter(name="allowedDomainsTemplate")
|
|
1207
|
-
def allowed_domains_template(self) -> Optional[pulumi.Input[
|
|
1206
|
+
def allowed_domains_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1208
1207
|
"""
|
|
1209
1208
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
1210
1209
|
"""
|
|
1211
1210
|
return pulumi.get(self, "allowed_domains_template")
|
|
1212
1211
|
|
|
1213
1212
|
@allowed_domains_template.setter
|
|
1214
|
-
def allowed_domains_template(self, value: Optional[pulumi.Input[
|
|
1213
|
+
def allowed_domains_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1215
1214
|
pulumi.set(self, "allowed_domains_template", value)
|
|
1216
1215
|
|
|
1217
|
-
@property
|
|
1216
|
+
@_builtins.property
|
|
1218
1217
|
@pulumi.getter(name="allowedOtherSans")
|
|
1219
|
-
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1218
|
+
def allowed_other_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1220
1219
|
"""
|
|
1221
1220
|
Defines allowed custom SANs
|
|
1222
1221
|
"""
|
|
1223
1222
|
return pulumi.get(self, "allowed_other_sans")
|
|
1224
1223
|
|
|
1225
1224
|
@allowed_other_sans.setter
|
|
1226
|
-
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1225
|
+
def allowed_other_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1227
1226
|
pulumi.set(self, "allowed_other_sans", value)
|
|
1228
1227
|
|
|
1229
|
-
@property
|
|
1228
|
+
@_builtins.property
|
|
1230
1229
|
@pulumi.getter(name="allowedSerialNumbers")
|
|
1231
|
-
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1230
|
+
def allowed_serial_numbers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1232
1231
|
"""
|
|
1233
1232
|
An array of allowed serial numbers to put in Subject
|
|
1234
1233
|
"""
|
|
1235
1234
|
return pulumi.get(self, "allowed_serial_numbers")
|
|
1236
1235
|
|
|
1237
1236
|
@allowed_serial_numbers.setter
|
|
1238
|
-
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1237
|
+
def allowed_serial_numbers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1239
1238
|
pulumi.set(self, "allowed_serial_numbers", value)
|
|
1240
1239
|
|
|
1241
|
-
@property
|
|
1240
|
+
@_builtins.property
|
|
1242
1241
|
@pulumi.getter(name="allowedUriSans")
|
|
1243
|
-
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1242
|
+
def allowed_uri_sans(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1244
1243
|
"""
|
|
1245
1244
|
Defines allowed URI SANs
|
|
1246
1245
|
"""
|
|
1247
1246
|
return pulumi.get(self, "allowed_uri_sans")
|
|
1248
1247
|
|
|
1249
1248
|
@allowed_uri_sans.setter
|
|
1250
|
-
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1249
|
+
def allowed_uri_sans(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1251
1250
|
pulumi.set(self, "allowed_uri_sans", value)
|
|
1252
1251
|
|
|
1253
|
-
@property
|
|
1252
|
+
@_builtins.property
|
|
1254
1253
|
@pulumi.getter(name="allowedUriSansTemplate")
|
|
1255
|
-
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[
|
|
1254
|
+
def allowed_uri_sans_template(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1256
1255
|
"""
|
|
1257
1256
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
1258
1257
|
"""
|
|
1259
1258
|
return pulumi.get(self, "allowed_uri_sans_template")
|
|
1260
1259
|
|
|
1261
1260
|
@allowed_uri_sans_template.setter
|
|
1262
|
-
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[
|
|
1261
|
+
def allowed_uri_sans_template(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1263
1262
|
pulumi.set(self, "allowed_uri_sans_template", value)
|
|
1264
1263
|
|
|
1265
|
-
@property
|
|
1264
|
+
@_builtins.property
|
|
1266
1265
|
@pulumi.getter(name="allowedUserIds")
|
|
1267
|
-
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1266
|
+
def allowed_user_ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1268
1267
|
"""
|
|
1269
1268
|
Defines allowed User IDs
|
|
1270
1269
|
"""
|
|
1271
1270
|
return pulumi.get(self, "allowed_user_ids")
|
|
1272
1271
|
|
|
1273
1272
|
@allowed_user_ids.setter
|
|
1274
|
-
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1273
|
+
def allowed_user_ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1275
1274
|
pulumi.set(self, "allowed_user_ids", value)
|
|
1276
1275
|
|
|
1277
|
-
@property
|
|
1276
|
+
@_builtins.property
|
|
1278
1277
|
@pulumi.getter
|
|
1279
|
-
def backend(self) -> Optional[pulumi.Input[
|
|
1278
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1280
1279
|
"""
|
|
1281
1280
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
1282
1281
|
"""
|
|
1283
1282
|
return pulumi.get(self, "backend")
|
|
1284
1283
|
|
|
1285
1284
|
@backend.setter
|
|
1286
|
-
def backend(self, value: Optional[pulumi.Input[
|
|
1285
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1287
1286
|
pulumi.set(self, "backend", value)
|
|
1288
1287
|
|
|
1289
|
-
@property
|
|
1288
|
+
@_builtins.property
|
|
1290
1289
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
|
1291
|
-
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[
|
|
1290
|
+
def basic_constraints_valid_for_non_ca(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1292
1291
|
"""
|
|
1293
1292
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
|
1294
1293
|
"""
|
|
1295
1294
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
|
1296
1295
|
|
|
1297
1296
|
@basic_constraints_valid_for_non_ca.setter
|
|
1298
|
-
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[
|
|
1297
|
+
def basic_constraints_valid_for_non_ca(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1299
1298
|
pulumi.set(self, "basic_constraints_valid_for_non_ca", value)
|
|
1300
1299
|
|
|
1301
|
-
@property
|
|
1300
|
+
@_builtins.property
|
|
1302
1301
|
@pulumi.getter(name="clientFlag")
|
|
1303
|
-
def client_flag(self) -> Optional[pulumi.Input[
|
|
1302
|
+
def client_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1304
1303
|
"""
|
|
1305
1304
|
Flag to specify certificates for client use
|
|
1306
1305
|
"""
|
|
1307
1306
|
return pulumi.get(self, "client_flag")
|
|
1308
1307
|
|
|
1309
1308
|
@client_flag.setter
|
|
1310
|
-
def client_flag(self, value: Optional[pulumi.Input[
|
|
1309
|
+
def client_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1311
1310
|
pulumi.set(self, "client_flag", value)
|
|
1312
1311
|
|
|
1313
|
-
@property
|
|
1312
|
+
@_builtins.property
|
|
1314
1313
|
@pulumi.getter(name="cnValidations")
|
|
1315
|
-
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1314
|
+
def cn_validations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1316
1315
|
"""
|
|
1317
1316
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
1318
1317
|
"""
|
|
1319
1318
|
return pulumi.get(self, "cn_validations")
|
|
1320
1319
|
|
|
1321
1320
|
@cn_validations.setter
|
|
1322
|
-
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1321
|
+
def cn_validations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1323
1322
|
pulumi.set(self, "cn_validations", value)
|
|
1324
1323
|
|
|
1325
|
-
@property
|
|
1324
|
+
@_builtins.property
|
|
1326
1325
|
@pulumi.getter(name="codeSigningFlag")
|
|
1327
|
-
def code_signing_flag(self) -> Optional[pulumi.Input[
|
|
1326
|
+
def code_signing_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1328
1327
|
"""
|
|
1329
1328
|
Flag to specify certificates for code signing use
|
|
1330
1329
|
"""
|
|
1331
1330
|
return pulumi.get(self, "code_signing_flag")
|
|
1332
1331
|
|
|
1333
1332
|
@code_signing_flag.setter
|
|
1334
|
-
def code_signing_flag(self, value: Optional[pulumi.Input[
|
|
1333
|
+
def code_signing_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1335
1334
|
pulumi.set(self, "code_signing_flag", value)
|
|
1336
1335
|
|
|
1337
|
-
@property
|
|
1336
|
+
@_builtins.property
|
|
1338
1337
|
@pulumi.getter
|
|
1339
|
-
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1338
|
+
def countries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1340
1339
|
"""
|
|
1341
1340
|
The country of generated certificates
|
|
1342
1341
|
"""
|
|
1343
1342
|
return pulumi.get(self, "countries")
|
|
1344
1343
|
|
|
1345
1344
|
@countries.setter
|
|
1346
|
-
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1345
|
+
def countries(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1347
1346
|
pulumi.set(self, "countries", value)
|
|
1348
1347
|
|
|
1349
|
-
@property
|
|
1348
|
+
@_builtins.property
|
|
1350
1349
|
@pulumi.getter(name="emailProtectionFlag")
|
|
1351
|
-
def email_protection_flag(self) -> Optional[pulumi.Input[
|
|
1350
|
+
def email_protection_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1352
1351
|
"""
|
|
1353
1352
|
Flag to specify certificates for email protection use
|
|
1354
1353
|
"""
|
|
1355
1354
|
return pulumi.get(self, "email_protection_flag")
|
|
1356
1355
|
|
|
1357
1356
|
@email_protection_flag.setter
|
|
1358
|
-
def email_protection_flag(self, value: Optional[pulumi.Input[
|
|
1357
|
+
def email_protection_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1359
1358
|
pulumi.set(self, "email_protection_flag", value)
|
|
1360
1359
|
|
|
1361
|
-
@property
|
|
1360
|
+
@_builtins.property
|
|
1362
1361
|
@pulumi.getter(name="enforceHostnames")
|
|
1363
|
-
def enforce_hostnames(self) -> Optional[pulumi.Input[
|
|
1362
|
+
def enforce_hostnames(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1364
1363
|
"""
|
|
1365
1364
|
Flag to allow only valid host names
|
|
1366
1365
|
"""
|
|
1367
1366
|
return pulumi.get(self, "enforce_hostnames")
|
|
1368
1367
|
|
|
1369
1368
|
@enforce_hostnames.setter
|
|
1370
|
-
def enforce_hostnames(self, value: Optional[pulumi.Input[
|
|
1369
|
+
def enforce_hostnames(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1371
1370
|
pulumi.set(self, "enforce_hostnames", value)
|
|
1372
1371
|
|
|
1373
|
-
@property
|
|
1372
|
+
@_builtins.property
|
|
1374
1373
|
@pulumi.getter(name="extKeyUsageOids")
|
|
1375
|
-
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1374
|
+
def ext_key_usage_oids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1376
1375
|
"""
|
|
1377
1376
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
1378
1377
|
"""
|
|
1379
1378
|
return pulumi.get(self, "ext_key_usage_oids")
|
|
1380
1379
|
|
|
1381
1380
|
@ext_key_usage_oids.setter
|
|
1382
|
-
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1381
|
+
def ext_key_usage_oids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1383
1382
|
pulumi.set(self, "ext_key_usage_oids", value)
|
|
1384
1383
|
|
|
1385
|
-
@property
|
|
1384
|
+
@_builtins.property
|
|
1386
1385
|
@pulumi.getter(name="extKeyUsages")
|
|
1387
|
-
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1386
|
+
def ext_key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1388
1387
|
"""
|
|
1389
1388
|
Specify the allowed extended key usage constraint on issued certificates
|
|
1390
1389
|
"""
|
|
1391
1390
|
return pulumi.get(self, "ext_key_usages")
|
|
1392
1391
|
|
|
1393
1392
|
@ext_key_usages.setter
|
|
1394
|
-
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1393
|
+
def ext_key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1395
1394
|
pulumi.set(self, "ext_key_usages", value)
|
|
1396
1395
|
|
|
1397
|
-
@property
|
|
1396
|
+
@_builtins.property
|
|
1398
1397
|
@pulumi.getter(name="generateLease")
|
|
1399
|
-
def generate_lease(self) -> Optional[pulumi.Input[
|
|
1398
|
+
def generate_lease(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1400
1399
|
"""
|
|
1401
1400
|
Flag to generate leases with certificates
|
|
1402
1401
|
"""
|
|
1403
1402
|
return pulumi.get(self, "generate_lease")
|
|
1404
1403
|
|
|
1405
1404
|
@generate_lease.setter
|
|
1406
|
-
def generate_lease(self, value: Optional[pulumi.Input[
|
|
1405
|
+
def generate_lease(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1407
1406
|
pulumi.set(self, "generate_lease", value)
|
|
1408
1407
|
|
|
1409
|
-
@property
|
|
1408
|
+
@_builtins.property
|
|
1410
1409
|
@pulumi.getter(name="issuerRef")
|
|
1411
|
-
def issuer_ref(self) -> Optional[pulumi.Input[
|
|
1410
|
+
def issuer_ref(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1412
1411
|
"""
|
|
1413
1412
|
Specifies the default issuer of this request. May
|
|
1414
1413
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
@@ -1418,24 +1417,24 @@ class _SecretBackendRoleState:
|
|
|
1418
1417
|
return pulumi.get(self, "issuer_ref")
|
|
1419
1418
|
|
|
1420
1419
|
@issuer_ref.setter
|
|
1421
|
-
def issuer_ref(self, value: Optional[pulumi.Input[
|
|
1420
|
+
def issuer_ref(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1422
1421
|
pulumi.set(self, "issuer_ref", value)
|
|
1423
1422
|
|
|
1424
|
-
@property
|
|
1423
|
+
@_builtins.property
|
|
1425
1424
|
@pulumi.getter(name="keyBits")
|
|
1426
|
-
def key_bits(self) -> Optional[pulumi.Input[
|
|
1425
|
+
def key_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1427
1426
|
"""
|
|
1428
1427
|
The number of bits of generated keys
|
|
1429
1428
|
"""
|
|
1430
1429
|
return pulumi.get(self, "key_bits")
|
|
1431
1430
|
|
|
1432
1431
|
@key_bits.setter
|
|
1433
|
-
def key_bits(self, value: Optional[pulumi.Input[
|
|
1432
|
+
def key_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1434
1433
|
pulumi.set(self, "key_bits", value)
|
|
1435
1434
|
|
|
1436
|
-
@property
|
|
1435
|
+
@_builtins.property
|
|
1437
1436
|
@pulumi.getter(name="keyType")
|
|
1438
|
-
def key_type(self) -> Optional[pulumi.Input[
|
|
1437
|
+
def key_type(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1439
1438
|
"""
|
|
1440
1439
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
1441
1440
|
Defaults to `rsa`
|
|
@@ -1443,12 +1442,12 @@ class _SecretBackendRoleState:
|
|
|
1443
1442
|
return pulumi.get(self, "key_type")
|
|
1444
1443
|
|
|
1445
1444
|
@key_type.setter
|
|
1446
|
-
def key_type(self, value: Optional[pulumi.Input[
|
|
1445
|
+
def key_type(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1447
1446
|
pulumi.set(self, "key_type", value)
|
|
1448
1447
|
|
|
1449
|
-
@property
|
|
1448
|
+
@_builtins.property
|
|
1450
1449
|
@pulumi.getter(name="keyUsages")
|
|
1451
|
-
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1450
|
+
def key_usages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1452
1451
|
"""
|
|
1453
1452
|
Specify the allowed key usage constraint on issued
|
|
1454
1453
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
@@ -1457,48 +1456,48 @@ class _SecretBackendRoleState:
|
|
|
1457
1456
|
return pulumi.get(self, "key_usages")
|
|
1458
1457
|
|
|
1459
1458
|
@key_usages.setter
|
|
1460
|
-
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1459
|
+
def key_usages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1461
1460
|
pulumi.set(self, "key_usages", value)
|
|
1462
1461
|
|
|
1463
|
-
@property
|
|
1462
|
+
@_builtins.property
|
|
1464
1463
|
@pulumi.getter
|
|
1465
|
-
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1464
|
+
def localities(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1466
1465
|
"""
|
|
1467
1466
|
The locality of generated certificates
|
|
1468
1467
|
"""
|
|
1469
1468
|
return pulumi.get(self, "localities")
|
|
1470
1469
|
|
|
1471
1470
|
@localities.setter
|
|
1472
|
-
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1471
|
+
def localities(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1473
1472
|
pulumi.set(self, "localities", value)
|
|
1474
1473
|
|
|
1475
|
-
@property
|
|
1474
|
+
@_builtins.property
|
|
1476
1475
|
@pulumi.getter(name="maxTtl")
|
|
1477
|
-
def max_ttl(self) -> Optional[pulumi.Input[
|
|
1476
|
+
def max_ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1478
1477
|
"""
|
|
1479
1478
|
The maximum lease TTL, in seconds, for the role.
|
|
1480
1479
|
"""
|
|
1481
1480
|
return pulumi.get(self, "max_ttl")
|
|
1482
1481
|
|
|
1483
1482
|
@max_ttl.setter
|
|
1484
|
-
def max_ttl(self, value: Optional[pulumi.Input[
|
|
1483
|
+
def max_ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1485
1484
|
pulumi.set(self, "max_ttl", value)
|
|
1486
1485
|
|
|
1487
|
-
@property
|
|
1486
|
+
@_builtins.property
|
|
1488
1487
|
@pulumi.getter
|
|
1489
|
-
def name(self) -> Optional[pulumi.Input[
|
|
1488
|
+
def name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1490
1489
|
"""
|
|
1491
1490
|
The name to identify this role within the backend. Must be unique within the backend.
|
|
1492
1491
|
"""
|
|
1493
1492
|
return pulumi.get(self, "name")
|
|
1494
1493
|
|
|
1495
1494
|
@name.setter
|
|
1496
|
-
def name(self, value: Optional[pulumi.Input[
|
|
1495
|
+
def name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1497
1496
|
pulumi.set(self, "name", value)
|
|
1498
1497
|
|
|
1499
|
-
@property
|
|
1498
|
+
@_builtins.property
|
|
1500
1499
|
@pulumi.getter
|
|
1501
|
-
def namespace(self) -> Optional[pulumi.Input[
|
|
1500
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1502
1501
|
"""
|
|
1503
1502
|
The namespace to provision the resource in.
|
|
1504
1503
|
The value should not contain leading or trailing forward slashes.
|
|
@@ -1508,82 +1507,82 @@ class _SecretBackendRoleState:
|
|
|
1508
1507
|
return pulumi.get(self, "namespace")
|
|
1509
1508
|
|
|
1510
1509
|
@namespace.setter
|
|
1511
|
-
def namespace(self, value: Optional[pulumi.Input[
|
|
1510
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1512
1511
|
pulumi.set(self, "namespace", value)
|
|
1513
1512
|
|
|
1514
|
-
@property
|
|
1513
|
+
@_builtins.property
|
|
1515
1514
|
@pulumi.getter(name="noStore")
|
|
1516
|
-
def no_store(self) -> Optional[pulumi.Input[
|
|
1515
|
+
def no_store(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1517
1516
|
"""
|
|
1518
1517
|
Flag to not store certificates in the storage backend
|
|
1519
1518
|
"""
|
|
1520
1519
|
return pulumi.get(self, "no_store")
|
|
1521
1520
|
|
|
1522
1521
|
@no_store.setter
|
|
1523
|
-
def no_store(self, value: Optional[pulumi.Input[
|
|
1522
|
+
def no_store(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1524
1523
|
pulumi.set(self, "no_store", value)
|
|
1525
1524
|
|
|
1526
|
-
@property
|
|
1525
|
+
@_builtins.property
|
|
1527
1526
|
@pulumi.getter(name="noStoreMetadata")
|
|
1528
|
-
def no_store_metadata(self) -> Optional[pulumi.Input[
|
|
1527
|
+
def no_store_metadata(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1529
1528
|
"""
|
|
1530
1529
|
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
1531
1530
|
"""
|
|
1532
1531
|
return pulumi.get(self, "no_store_metadata")
|
|
1533
1532
|
|
|
1534
1533
|
@no_store_metadata.setter
|
|
1535
|
-
def no_store_metadata(self, value: Optional[pulumi.Input[
|
|
1534
|
+
def no_store_metadata(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1536
1535
|
pulumi.set(self, "no_store_metadata", value)
|
|
1537
1536
|
|
|
1538
|
-
@property
|
|
1537
|
+
@_builtins.property
|
|
1539
1538
|
@pulumi.getter(name="notAfter")
|
|
1540
|
-
def not_after(self) -> Optional[pulumi.Input[
|
|
1539
|
+
def not_after(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1541
1540
|
"""
|
|
1542
1541
|
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
1543
1542
|
"""
|
|
1544
1543
|
return pulumi.get(self, "not_after")
|
|
1545
1544
|
|
|
1546
1545
|
@not_after.setter
|
|
1547
|
-
def not_after(self, value: Optional[pulumi.Input[
|
|
1546
|
+
def not_after(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1548
1547
|
pulumi.set(self, "not_after", value)
|
|
1549
1548
|
|
|
1550
|
-
@property
|
|
1549
|
+
@_builtins.property
|
|
1551
1550
|
@pulumi.getter(name="notBeforeDuration")
|
|
1552
|
-
def not_before_duration(self) -> Optional[pulumi.Input[
|
|
1551
|
+
def not_before_duration(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1553
1552
|
"""
|
|
1554
1553
|
Specifies the duration by which to backdate the NotBefore property.
|
|
1555
1554
|
"""
|
|
1556
1555
|
return pulumi.get(self, "not_before_duration")
|
|
1557
1556
|
|
|
1558
1557
|
@not_before_duration.setter
|
|
1559
|
-
def not_before_duration(self, value: Optional[pulumi.Input[
|
|
1558
|
+
def not_before_duration(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1560
1559
|
pulumi.set(self, "not_before_duration", value)
|
|
1561
1560
|
|
|
1562
|
-
@property
|
|
1561
|
+
@_builtins.property
|
|
1563
1562
|
@pulumi.getter(name="organizationUnit")
|
|
1564
|
-
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1563
|
+
def organization_unit(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1565
1564
|
"""
|
|
1566
1565
|
The organization unit of generated certificates
|
|
1567
1566
|
"""
|
|
1568
1567
|
return pulumi.get(self, "organization_unit")
|
|
1569
1568
|
|
|
1570
1569
|
@organization_unit.setter
|
|
1571
|
-
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1570
|
+
def organization_unit(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1572
1571
|
pulumi.set(self, "organization_unit", value)
|
|
1573
1572
|
|
|
1574
|
-
@property
|
|
1573
|
+
@_builtins.property
|
|
1575
1574
|
@pulumi.getter
|
|
1576
|
-
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1575
|
+
def organizations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1577
1576
|
"""
|
|
1578
1577
|
The organization of generated certificates
|
|
1579
1578
|
"""
|
|
1580
1579
|
return pulumi.get(self, "organizations")
|
|
1581
1580
|
|
|
1582
1581
|
@organizations.setter
|
|
1583
|
-
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1582
|
+
def organizations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1584
1583
|
pulumi.set(self, "organizations", value)
|
|
1585
1584
|
|
|
1586
|
-
@property
|
|
1585
|
+
@_builtins.property
|
|
1587
1586
|
@pulumi.getter(name="policyIdentifier")
|
|
1588
1587
|
def policy_identifier(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]:
|
|
1589
1588
|
"""
|
|
@@ -1595,57 +1594,57 @@ class _SecretBackendRoleState:
|
|
|
1595
1594
|
def policy_identifier(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SecretBackendRolePolicyIdentifierArgs']]]]):
|
|
1596
1595
|
pulumi.set(self, "policy_identifier", value)
|
|
1597
1596
|
|
|
1598
|
-
@property
|
|
1597
|
+
@_builtins.property
|
|
1599
1598
|
@pulumi.getter(name="policyIdentifiers")
|
|
1600
|
-
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1599
|
+
def policy_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1601
1600
|
"""
|
|
1602
1601
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
1603
1602
|
"""
|
|
1604
1603
|
return pulumi.get(self, "policy_identifiers")
|
|
1605
1604
|
|
|
1606
1605
|
@policy_identifiers.setter
|
|
1607
|
-
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1606
|
+
def policy_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1608
1607
|
pulumi.set(self, "policy_identifiers", value)
|
|
1609
1608
|
|
|
1610
|
-
@property
|
|
1609
|
+
@_builtins.property
|
|
1611
1610
|
@pulumi.getter(name="postalCodes")
|
|
1612
|
-
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1611
|
+
def postal_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1613
1612
|
"""
|
|
1614
1613
|
The postal code of generated certificates
|
|
1615
1614
|
"""
|
|
1616
1615
|
return pulumi.get(self, "postal_codes")
|
|
1617
1616
|
|
|
1618
1617
|
@postal_codes.setter
|
|
1619
|
-
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1618
|
+
def postal_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1620
1619
|
pulumi.set(self, "postal_codes", value)
|
|
1621
1620
|
|
|
1622
|
-
@property
|
|
1621
|
+
@_builtins.property
|
|
1623
1622
|
@pulumi.getter
|
|
1624
|
-
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1623
|
+
def provinces(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1625
1624
|
"""
|
|
1626
1625
|
The province of generated certificates
|
|
1627
1626
|
"""
|
|
1628
1627
|
return pulumi.get(self, "provinces")
|
|
1629
1628
|
|
|
1630
1629
|
@provinces.setter
|
|
1631
|
-
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1630
|
+
def provinces(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1632
1631
|
pulumi.set(self, "provinces", value)
|
|
1633
1632
|
|
|
1634
|
-
@property
|
|
1633
|
+
@_builtins.property
|
|
1635
1634
|
@pulumi.getter(name="requireCn")
|
|
1636
|
-
def require_cn(self) -> Optional[pulumi.Input[
|
|
1635
|
+
def require_cn(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1637
1636
|
"""
|
|
1638
1637
|
Flag to force CN usage
|
|
1639
1638
|
"""
|
|
1640
1639
|
return pulumi.get(self, "require_cn")
|
|
1641
1640
|
|
|
1642
1641
|
@require_cn.setter
|
|
1643
|
-
def require_cn(self, value: Optional[pulumi.Input[
|
|
1642
|
+
def require_cn(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1644
1643
|
pulumi.set(self, "require_cn", value)
|
|
1645
1644
|
|
|
1646
|
-
@property
|
|
1645
|
+
@_builtins.property
|
|
1647
1646
|
@pulumi.getter(name="serialNumberSource")
|
|
1648
|
-
def serial_number_source(self) -> Optional[pulumi.Input[
|
|
1647
|
+
def serial_number_source(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1649
1648
|
"""
|
|
1650
1649
|
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
1651
1650
|
|
|
@@ -1654,91 +1653,91 @@ class _SecretBackendRoleState:
|
|
|
1654
1653
|
return pulumi.get(self, "serial_number_source")
|
|
1655
1654
|
|
|
1656
1655
|
@serial_number_source.setter
|
|
1657
|
-
def serial_number_source(self, value: Optional[pulumi.Input[
|
|
1656
|
+
def serial_number_source(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1658
1657
|
pulumi.set(self, "serial_number_source", value)
|
|
1659
1658
|
|
|
1660
|
-
@property
|
|
1659
|
+
@_builtins.property
|
|
1661
1660
|
@pulumi.getter(name="serverFlag")
|
|
1662
|
-
def server_flag(self) -> Optional[pulumi.Input[
|
|
1661
|
+
def server_flag(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1663
1662
|
"""
|
|
1664
1663
|
Flag to specify certificates for server use
|
|
1665
1664
|
"""
|
|
1666
1665
|
return pulumi.get(self, "server_flag")
|
|
1667
1666
|
|
|
1668
1667
|
@server_flag.setter
|
|
1669
|
-
def server_flag(self, value: Optional[pulumi.Input[
|
|
1668
|
+
def server_flag(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1670
1669
|
pulumi.set(self, "server_flag", value)
|
|
1671
1670
|
|
|
1672
|
-
@property
|
|
1671
|
+
@_builtins.property
|
|
1673
1672
|
@pulumi.getter(name="signatureBits")
|
|
1674
|
-
def signature_bits(self) -> Optional[pulumi.Input[
|
|
1673
|
+
def signature_bits(self) -> Optional[pulumi.Input[_builtins.int]]:
|
|
1675
1674
|
"""
|
|
1676
1675
|
The number of bits to use in the signature algorithm
|
|
1677
1676
|
"""
|
|
1678
1677
|
return pulumi.get(self, "signature_bits")
|
|
1679
1678
|
|
|
1680
1679
|
@signature_bits.setter
|
|
1681
|
-
def signature_bits(self, value: Optional[pulumi.Input[
|
|
1680
|
+
def signature_bits(self, value: Optional[pulumi.Input[_builtins.int]]):
|
|
1682
1681
|
pulumi.set(self, "signature_bits", value)
|
|
1683
1682
|
|
|
1684
|
-
@property
|
|
1683
|
+
@_builtins.property
|
|
1685
1684
|
@pulumi.getter(name="streetAddresses")
|
|
1686
|
-
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1685
|
+
def street_addresses(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
1687
1686
|
"""
|
|
1688
1687
|
The street address of generated certificates
|
|
1689
1688
|
"""
|
|
1690
1689
|
return pulumi.get(self, "street_addresses")
|
|
1691
1690
|
|
|
1692
1691
|
@street_addresses.setter
|
|
1693
|
-
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1692
|
+
def street_addresses(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
1694
1693
|
pulumi.set(self, "street_addresses", value)
|
|
1695
1694
|
|
|
1696
|
-
@property
|
|
1695
|
+
@_builtins.property
|
|
1697
1696
|
@pulumi.getter
|
|
1698
|
-
def ttl(self) -> Optional[pulumi.Input[
|
|
1697
|
+
def ttl(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
1699
1698
|
"""
|
|
1700
1699
|
The TTL, in seconds, for any certificate issued against this role.
|
|
1701
1700
|
"""
|
|
1702
1701
|
return pulumi.get(self, "ttl")
|
|
1703
1702
|
|
|
1704
1703
|
@ttl.setter
|
|
1705
|
-
def ttl(self, value: Optional[pulumi.Input[
|
|
1704
|
+
def ttl(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
1706
1705
|
pulumi.set(self, "ttl", value)
|
|
1707
1706
|
|
|
1708
|
-
@property
|
|
1707
|
+
@_builtins.property
|
|
1709
1708
|
@pulumi.getter(name="useCsrCommonName")
|
|
1710
|
-
def use_csr_common_name(self) -> Optional[pulumi.Input[
|
|
1709
|
+
def use_csr_common_name(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1711
1710
|
"""
|
|
1712
1711
|
Flag to use the CN in the CSR
|
|
1713
1712
|
"""
|
|
1714
1713
|
return pulumi.get(self, "use_csr_common_name")
|
|
1715
1714
|
|
|
1716
1715
|
@use_csr_common_name.setter
|
|
1717
|
-
def use_csr_common_name(self, value: Optional[pulumi.Input[
|
|
1716
|
+
def use_csr_common_name(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1718
1717
|
pulumi.set(self, "use_csr_common_name", value)
|
|
1719
1718
|
|
|
1720
|
-
@property
|
|
1719
|
+
@_builtins.property
|
|
1721
1720
|
@pulumi.getter(name="useCsrSans")
|
|
1722
|
-
def use_csr_sans(self) -> Optional[pulumi.Input[
|
|
1721
|
+
def use_csr_sans(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1723
1722
|
"""
|
|
1724
1723
|
Flag to use the SANs in the CSR
|
|
1725
1724
|
"""
|
|
1726
1725
|
return pulumi.get(self, "use_csr_sans")
|
|
1727
1726
|
|
|
1728
1727
|
@use_csr_sans.setter
|
|
1729
|
-
def use_csr_sans(self, value: Optional[pulumi.Input[
|
|
1728
|
+
def use_csr_sans(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1730
1729
|
pulumi.set(self, "use_csr_sans", value)
|
|
1731
1730
|
|
|
1732
|
-
@property
|
|
1731
|
+
@_builtins.property
|
|
1733
1732
|
@pulumi.getter(name="usePss")
|
|
1734
|
-
def use_pss(self) -> Optional[pulumi.Input[
|
|
1733
|
+
def use_pss(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
1735
1734
|
"""
|
|
1736
1735
|
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
1737
1736
|
"""
|
|
1738
1737
|
return pulumi.get(self, "use_pss")
|
|
1739
1738
|
|
|
1740
1739
|
@use_pss.setter
|
|
1741
|
-
def use_pss(self, value: Optional[pulumi.Input[
|
|
1740
|
+
def use_pss(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
1742
1741
|
pulumi.set(self, "use_pss", value)
|
|
1743
1742
|
|
|
1744
1743
|
|
|
@@ -1748,58 +1747,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
1748
1747
|
def __init__(__self__,
|
|
1749
1748
|
resource_name: str,
|
|
1750
1749
|
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1751
|
-
allow_any_name: Optional[pulumi.Input[
|
|
1752
|
-
allow_bare_domains: Optional[pulumi.Input[
|
|
1753
|
-
allow_glob_domains: Optional[pulumi.Input[
|
|
1754
|
-
allow_ip_sans: Optional[pulumi.Input[
|
|
1755
|
-
allow_localhost: Optional[pulumi.Input[
|
|
1756
|
-
allow_subdomains: Optional[pulumi.Input[
|
|
1757
|
-
allow_wildcard_certificates: Optional[pulumi.Input[
|
|
1758
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1759
|
-
allowed_domains_template: Optional[pulumi.Input[
|
|
1760
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1761
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1762
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1763
|
-
allowed_uri_sans_template: Optional[pulumi.Input[
|
|
1764
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1765
|
-
backend: Optional[pulumi.Input[
|
|
1766
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[
|
|
1767
|
-
client_flag: Optional[pulumi.Input[
|
|
1768
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1769
|
-
code_signing_flag: Optional[pulumi.Input[
|
|
1770
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1771
|
-
email_protection_flag: Optional[pulumi.Input[
|
|
1772
|
-
enforce_hostnames: Optional[pulumi.Input[
|
|
1773
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1774
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1775
|
-
generate_lease: Optional[pulumi.Input[
|
|
1776
|
-
issuer_ref: Optional[pulumi.Input[
|
|
1777
|
-
key_bits: Optional[pulumi.Input[
|
|
1778
|
-
key_type: Optional[pulumi.Input[
|
|
1779
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1780
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1781
|
-
max_ttl: Optional[pulumi.Input[
|
|
1782
|
-
name: Optional[pulumi.Input[
|
|
1783
|
-
namespace: Optional[pulumi.Input[
|
|
1784
|
-
no_store: Optional[pulumi.Input[
|
|
1785
|
-
no_store_metadata: Optional[pulumi.Input[
|
|
1786
|
-
not_after: Optional[pulumi.Input[
|
|
1787
|
-
not_before_duration: Optional[pulumi.Input[
|
|
1788
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1789
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1750
|
+
allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1751
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1752
|
+
allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1753
|
+
allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1754
|
+
allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1755
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1756
|
+
allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1757
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1758
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1759
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1760
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1761
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1762
|
+
allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1763
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1764
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1765
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1766
|
+
client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1767
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1768
|
+
code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1769
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1770
|
+
email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1771
|
+
enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1772
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1773
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1774
|
+
generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1775
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1776
|
+
key_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1777
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1778
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1779
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1780
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1781
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1782
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1783
|
+
no_store: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1784
|
+
no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1785
|
+
not_after: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1786
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1787
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1788
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1790
1789
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
|
1791
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1792
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1793
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1794
|
-
require_cn: Optional[pulumi.Input[
|
|
1795
|
-
serial_number_source: Optional[pulumi.Input[
|
|
1796
|
-
server_flag: Optional[pulumi.Input[
|
|
1797
|
-
signature_bits: Optional[pulumi.Input[
|
|
1798
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1799
|
-
ttl: Optional[pulumi.Input[
|
|
1800
|
-
use_csr_common_name: Optional[pulumi.Input[
|
|
1801
|
-
use_csr_sans: Optional[pulumi.Input[
|
|
1802
|
-
use_pss: Optional[pulumi.Input[
|
|
1790
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1791
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1792
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1793
|
+
require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1794
|
+
serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1795
|
+
server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1796
|
+
signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1797
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1798
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1799
|
+
use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1800
|
+
use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1801
|
+
use_pss: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1803
1802
|
__props__=None):
|
|
1804
1803
|
"""
|
|
1805
1804
|
Creates a role on an PKI Secret Backend for Vault.
|
|
@@ -1815,7 +1814,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
1815
1814
|
type="pki",
|
|
1816
1815
|
default_lease_ttl_seconds=3600,
|
|
1817
1816
|
max_lease_ttl_seconds=86400)
|
|
1818
|
-
role = vault.
|
|
1817
|
+
role = vault.pkisecret.SecretBackendRole("role",
|
|
1819
1818
|
backend=pki.path,
|
|
1820
1819
|
name="my_role",
|
|
1821
1820
|
ttl="3600",
|
|
@@ -1839,69 +1838,69 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
1839
1838
|
|
|
1840
1839
|
:param str resource_name: The name of the resource.
|
|
1841
1840
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
1842
|
-
:param pulumi.Input[
|
|
1843
|
-
:param pulumi.Input[
|
|
1844
|
-
:param pulumi.Input[
|
|
1845
|
-
:param pulumi.Input[
|
|
1846
|
-
:param pulumi.Input[
|
|
1847
|
-
:param pulumi.Input[
|
|
1848
|
-
:param pulumi.Input[
|
|
1849
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1850
|
-
:param pulumi.Input[
|
|
1851
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1852
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1853
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1854
|
-
:param pulumi.Input[
|
|
1855
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1856
|
-
:param pulumi.Input[
|
|
1857
|
-
:param pulumi.Input[
|
|
1858
|
-
:param pulumi.Input[
|
|
1859
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1860
|
-
:param pulumi.Input[
|
|
1861
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1862
|
-
:param pulumi.Input[
|
|
1863
|
-
:param pulumi.Input[
|
|
1864
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1865
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1866
|
-
:param pulumi.Input[
|
|
1867
|
-
:param pulumi.Input[
|
|
1841
|
+
:param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
|
|
1842
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
|
1843
|
+
:param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
|
1844
|
+
:param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
|
1845
|
+
:param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
|
1846
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
|
1847
|
+
:param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
|
1848
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
|
|
1849
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
1850
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
|
1851
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
|
1852
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
|
1853
|
+
:param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
1854
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
|
1855
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
1856
|
+
:param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
|
1857
|
+
:param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
|
|
1858
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
1859
|
+
:param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
|
1860
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
|
|
1861
|
+
:param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
|
1862
|
+
:param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
|
1863
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
1864
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
|
1865
|
+
:param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
|
|
1866
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
|
1868
1867
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
1869
1868
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
|
1870
1869
|
overriding the role's `issuer_ref` value.
|
|
1871
|
-
:param pulumi.Input[
|
|
1872
|
-
:param pulumi.Input[
|
|
1870
|
+
:param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
|
|
1871
|
+
:param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
1873
1872
|
Defaults to `rsa`
|
|
1874
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1873
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
|
1875
1874
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
1876
1875
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
|
1877
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1878
|
-
:param pulumi.Input[
|
|
1879
|
-
:param pulumi.Input[
|
|
1880
|
-
:param pulumi.Input[
|
|
1876
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
|
|
1877
|
+
:param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
|
1878
|
+
:param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
|
1879
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
1881
1880
|
The value should not contain leading or trailing forward slashes.
|
|
1882
1881
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1883
1882
|
*Available only for Vault Enterprise*.
|
|
1884
|
-
:param pulumi.Input[
|
|
1885
|
-
:param pulumi.Input[
|
|
1886
|
-
:param pulumi.Input[
|
|
1887
|
-
:param pulumi.Input[
|
|
1888
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1889
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1883
|
+
:param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
|
|
1884
|
+
:param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
1885
|
+
:param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
1886
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
|
1887
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
|
|
1888
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
|
|
1890
1889
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
|
1891
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1892
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1893
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1894
|
-
:param pulumi.Input[
|
|
1895
|
-
:param pulumi.Input[
|
|
1890
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
1891
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
|
|
1892
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
|
|
1893
|
+
:param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
|
|
1894
|
+
:param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
1896
1895
|
|
|
1897
1896
|
Example usage:
|
|
1898
|
-
:param pulumi.Input[
|
|
1899
|
-
:param pulumi.Input[
|
|
1900
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
1901
|
-
:param pulumi.Input[
|
|
1902
|
-
:param pulumi.Input[
|
|
1903
|
-
:param pulumi.Input[
|
|
1904
|
-
:param pulumi.Input[
|
|
1897
|
+
:param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
|
|
1898
|
+
:param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
|
1899
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
|
|
1900
|
+
:param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
|
1901
|
+
:param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
|
1902
|
+
:param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
|
1903
|
+
:param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
1905
1904
|
"""
|
|
1906
1905
|
...
|
|
1907
1906
|
@overload
|
|
@@ -1923,7 +1922,7 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
1923
1922
|
type="pki",
|
|
1924
1923
|
default_lease_ttl_seconds=3600,
|
|
1925
1924
|
max_lease_ttl_seconds=86400)
|
|
1926
|
-
role = vault.
|
|
1925
|
+
role = vault.pkisecret.SecretBackendRole("role",
|
|
1927
1926
|
backend=pki.path,
|
|
1928
1927
|
name="my_role",
|
|
1929
1928
|
ttl="3600",
|
|
@@ -1960,58 +1959,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
1960
1959
|
def _internal_init(__self__,
|
|
1961
1960
|
resource_name: str,
|
|
1962
1961
|
opts: Optional[pulumi.ResourceOptions] = None,
|
|
1963
|
-
allow_any_name: Optional[pulumi.Input[
|
|
1964
|
-
allow_bare_domains: Optional[pulumi.Input[
|
|
1965
|
-
allow_glob_domains: Optional[pulumi.Input[
|
|
1966
|
-
allow_ip_sans: Optional[pulumi.Input[
|
|
1967
|
-
allow_localhost: Optional[pulumi.Input[
|
|
1968
|
-
allow_subdomains: Optional[pulumi.Input[
|
|
1969
|
-
allow_wildcard_certificates: Optional[pulumi.Input[
|
|
1970
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1971
|
-
allowed_domains_template: Optional[pulumi.Input[
|
|
1972
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1973
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1974
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1975
|
-
allowed_uri_sans_template: Optional[pulumi.Input[
|
|
1976
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1977
|
-
backend: Optional[pulumi.Input[
|
|
1978
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[
|
|
1979
|
-
client_flag: Optional[pulumi.Input[
|
|
1980
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1981
|
-
code_signing_flag: Optional[pulumi.Input[
|
|
1982
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1983
|
-
email_protection_flag: Optional[pulumi.Input[
|
|
1984
|
-
enforce_hostnames: Optional[pulumi.Input[
|
|
1985
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1986
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1987
|
-
generate_lease: Optional[pulumi.Input[
|
|
1988
|
-
issuer_ref: Optional[pulumi.Input[
|
|
1989
|
-
key_bits: Optional[pulumi.Input[
|
|
1990
|
-
key_type: Optional[pulumi.Input[
|
|
1991
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1992
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1993
|
-
max_ttl: Optional[pulumi.Input[
|
|
1994
|
-
name: Optional[pulumi.Input[
|
|
1995
|
-
namespace: Optional[pulumi.Input[
|
|
1996
|
-
no_store: Optional[pulumi.Input[
|
|
1997
|
-
no_store_metadata: Optional[pulumi.Input[
|
|
1998
|
-
not_after: Optional[pulumi.Input[
|
|
1999
|
-
not_before_duration: Optional[pulumi.Input[
|
|
2000
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2001
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
1962
|
+
allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1963
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1964
|
+
allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1965
|
+
allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1966
|
+
allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1967
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1968
|
+
allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1969
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1970
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1971
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1972
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1973
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1974
|
+
allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1975
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1976
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1977
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1978
|
+
client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1979
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1980
|
+
code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1981
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1982
|
+
email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1983
|
+
enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1984
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1985
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1986
|
+
generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1987
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1988
|
+
key_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
1989
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1990
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1991
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
1992
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1993
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1994
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1995
|
+
no_store: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1996
|
+
no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
1997
|
+
not_after: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1998
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
1999
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2000
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2002
2001
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
|
2003
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2004
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2005
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2006
|
-
require_cn: Optional[pulumi.Input[
|
|
2007
|
-
serial_number_source: Optional[pulumi.Input[
|
|
2008
|
-
server_flag: Optional[pulumi.Input[
|
|
2009
|
-
signature_bits: Optional[pulumi.Input[
|
|
2010
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2011
|
-
ttl: Optional[pulumi.Input[
|
|
2012
|
-
use_csr_common_name: Optional[pulumi.Input[
|
|
2013
|
-
use_csr_sans: Optional[pulumi.Input[
|
|
2014
|
-
use_pss: Optional[pulumi.Input[
|
|
2002
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2003
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2004
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2005
|
+
require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2006
|
+
serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2007
|
+
server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2008
|
+
signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
2009
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2010
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2011
|
+
use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2012
|
+
use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2013
|
+
use_pss: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2015
2014
|
__props__=None):
|
|
2016
2015
|
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
2017
2016
|
if not isinstance(opts, pulumi.ResourceOptions):
|
|
@@ -2085,58 +2084,58 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2085
2084
|
def get(resource_name: str,
|
|
2086
2085
|
id: pulumi.Input[str],
|
|
2087
2086
|
opts: Optional[pulumi.ResourceOptions] = None,
|
|
2088
|
-
allow_any_name: Optional[pulumi.Input[
|
|
2089
|
-
allow_bare_domains: Optional[pulumi.Input[
|
|
2090
|
-
allow_glob_domains: Optional[pulumi.Input[
|
|
2091
|
-
allow_ip_sans: Optional[pulumi.Input[
|
|
2092
|
-
allow_localhost: Optional[pulumi.Input[
|
|
2093
|
-
allow_subdomains: Optional[pulumi.Input[
|
|
2094
|
-
allow_wildcard_certificates: Optional[pulumi.Input[
|
|
2095
|
-
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2096
|
-
allowed_domains_template: Optional[pulumi.Input[
|
|
2097
|
-
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2098
|
-
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2099
|
-
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2100
|
-
allowed_uri_sans_template: Optional[pulumi.Input[
|
|
2101
|
-
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2102
|
-
backend: Optional[pulumi.Input[
|
|
2103
|
-
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[
|
|
2104
|
-
client_flag: Optional[pulumi.Input[
|
|
2105
|
-
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2106
|
-
code_signing_flag: Optional[pulumi.Input[
|
|
2107
|
-
countries: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2108
|
-
email_protection_flag: Optional[pulumi.Input[
|
|
2109
|
-
enforce_hostnames: Optional[pulumi.Input[
|
|
2110
|
-
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2111
|
-
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2112
|
-
generate_lease: Optional[pulumi.Input[
|
|
2113
|
-
issuer_ref: Optional[pulumi.Input[
|
|
2114
|
-
key_bits: Optional[pulumi.Input[
|
|
2115
|
-
key_type: Optional[pulumi.Input[
|
|
2116
|
-
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2117
|
-
localities: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2118
|
-
max_ttl: Optional[pulumi.Input[
|
|
2119
|
-
name: Optional[pulumi.Input[
|
|
2120
|
-
namespace: Optional[pulumi.Input[
|
|
2121
|
-
no_store: Optional[pulumi.Input[
|
|
2122
|
-
no_store_metadata: Optional[pulumi.Input[
|
|
2123
|
-
not_after: Optional[pulumi.Input[
|
|
2124
|
-
not_before_duration: Optional[pulumi.Input[
|
|
2125
|
-
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2126
|
-
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2087
|
+
allow_any_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2088
|
+
allow_bare_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2089
|
+
allow_glob_domains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2090
|
+
allow_ip_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2091
|
+
allow_localhost: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2092
|
+
allow_subdomains: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2093
|
+
allow_wildcard_certificates: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2094
|
+
allowed_domains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2095
|
+
allowed_domains_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2096
|
+
allowed_other_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2097
|
+
allowed_serial_numbers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2098
|
+
allowed_uri_sans: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2099
|
+
allowed_uri_sans_template: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2100
|
+
allowed_user_ids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2101
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2102
|
+
basic_constraints_valid_for_non_ca: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2103
|
+
client_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2104
|
+
cn_validations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2105
|
+
code_signing_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2106
|
+
countries: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2107
|
+
email_protection_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2108
|
+
enforce_hostnames: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2109
|
+
ext_key_usage_oids: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2110
|
+
ext_key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2111
|
+
generate_lease: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2112
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2113
|
+
key_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
2114
|
+
key_type: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2115
|
+
key_usages: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2116
|
+
localities: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2117
|
+
max_ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2118
|
+
name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2119
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2120
|
+
no_store: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2121
|
+
no_store_metadata: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2122
|
+
not_after: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2123
|
+
not_before_duration: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2124
|
+
organization_unit: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2125
|
+
organizations: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2127
2126
|
policy_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]]] = None,
|
|
2128
|
-
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2129
|
-
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2130
|
-
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2131
|
-
require_cn: Optional[pulumi.Input[
|
|
2132
|
-
serial_number_source: Optional[pulumi.Input[
|
|
2133
|
-
server_flag: Optional[pulumi.Input[
|
|
2134
|
-
signature_bits: Optional[pulumi.Input[
|
|
2135
|
-
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[
|
|
2136
|
-
ttl: Optional[pulumi.Input[
|
|
2137
|
-
use_csr_common_name: Optional[pulumi.Input[
|
|
2138
|
-
use_csr_sans: Optional[pulumi.Input[
|
|
2139
|
-
use_pss: Optional[pulumi.Input[
|
|
2127
|
+
policy_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2128
|
+
postal_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2129
|
+
provinces: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2130
|
+
require_cn: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2131
|
+
serial_number_source: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2132
|
+
server_flag: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2133
|
+
signature_bits: Optional[pulumi.Input[_builtins.int]] = None,
|
|
2134
|
+
street_addresses: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
2135
|
+
ttl: Optional[pulumi.Input[_builtins.str]] = None,
|
|
2136
|
+
use_csr_common_name: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2137
|
+
use_csr_sans: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
2138
|
+
use_pss: Optional[pulumi.Input[_builtins.bool]] = None) -> 'SecretBackendRole':
|
|
2140
2139
|
"""
|
|
2141
2140
|
Get an existing SecretBackendRole resource's state with the given name, id, and optional extra
|
|
2142
2141
|
properties used to qualify the lookup.
|
|
@@ -2144,69 +2143,69 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2144
2143
|
:param str resource_name: The unique name of the resulting resource.
|
|
2145
2144
|
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
2146
2145
|
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
2147
|
-
:param pulumi.Input[
|
|
2148
|
-
:param pulumi.Input[
|
|
2149
|
-
:param pulumi.Input[
|
|
2150
|
-
:param pulumi.Input[
|
|
2151
|
-
:param pulumi.Input[
|
|
2152
|
-
:param pulumi.Input[
|
|
2153
|
-
:param pulumi.Input[
|
|
2154
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2155
|
-
:param pulumi.Input[
|
|
2156
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2157
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2158
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2159
|
-
:param pulumi.Input[
|
|
2160
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2161
|
-
:param pulumi.Input[
|
|
2162
|
-
:param pulumi.Input[
|
|
2163
|
-
:param pulumi.Input[
|
|
2164
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2165
|
-
:param pulumi.Input[
|
|
2166
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2167
|
-
:param pulumi.Input[
|
|
2168
|
-
:param pulumi.Input[
|
|
2169
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2170
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2171
|
-
:param pulumi.Input[
|
|
2172
|
-
:param pulumi.Input[
|
|
2146
|
+
:param pulumi.Input[_builtins.bool] allow_any_name: Flag to allow any name
|
|
2147
|
+
:param pulumi.Input[_builtins.bool] allow_bare_domains: Flag to allow certificates matching the actual domain
|
|
2148
|
+
:param pulumi.Input[_builtins.bool] allow_glob_domains: Flag to allow names containing glob patterns.
|
|
2149
|
+
:param pulumi.Input[_builtins.bool] allow_ip_sans: Flag to allow IP SANs
|
|
2150
|
+
:param pulumi.Input[_builtins.bool] allow_localhost: Flag to allow certificates for localhost
|
|
2151
|
+
:param pulumi.Input[_builtins.bool] allow_subdomains: Flag to allow certificates matching subdomains
|
|
2152
|
+
:param pulumi.Input[_builtins.bool] allow_wildcard_certificates: Flag to allow wildcard certificates.
|
|
2153
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_domains: List of allowed domains for certificates
|
|
2154
|
+
:param pulumi.Input[_builtins.bool] allowed_domains_template: Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
2155
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_other_sans: Defines allowed custom SANs
|
|
2156
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_serial_numbers: An array of allowed serial numbers to put in Subject
|
|
2157
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_uri_sans: Defines allowed URI SANs
|
|
2158
|
+
:param pulumi.Input[_builtins.bool] allowed_uri_sans_template: Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
2159
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] allowed_user_ids: Defines allowed User IDs
|
|
2160
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
2161
|
+
:param pulumi.Input[_builtins.bool] basic_constraints_valid_for_non_ca: Flag to mark basic constraints valid when issuing non-CA certificates
|
|
2162
|
+
:param pulumi.Input[_builtins.bool] client_flag: Flag to specify certificates for client use
|
|
2163
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] cn_validations: Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
2164
|
+
:param pulumi.Input[_builtins.bool] code_signing_flag: Flag to specify certificates for code signing use
|
|
2165
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] countries: The country of generated certificates
|
|
2166
|
+
:param pulumi.Input[_builtins.bool] email_protection_flag: Flag to specify certificates for email protection use
|
|
2167
|
+
:param pulumi.Input[_builtins.bool] enforce_hostnames: Flag to allow only valid host names
|
|
2168
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usage_oids: Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
2169
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ext_key_usages: Specify the allowed extended key usage constraint on issued certificates
|
|
2170
|
+
:param pulumi.Input[_builtins.bool] generate_lease: Flag to generate leases with certificates
|
|
2171
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Specifies the default issuer of this request. May
|
|
2173
2172
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
2174
2173
|
the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
|
|
2175
2174
|
overriding the role's `issuer_ref` value.
|
|
2176
|
-
:param pulumi.Input[
|
|
2177
|
-
:param pulumi.Input[
|
|
2175
|
+
:param pulumi.Input[_builtins.int] key_bits: The number of bits of generated keys
|
|
2176
|
+
:param pulumi.Input[_builtins.str] key_type: The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
2178
2177
|
Defaults to `rsa`
|
|
2179
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2178
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] key_usages: Specify the allowed key usage constraint on issued
|
|
2180
2179
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
2181
2180
|
To specify no default key usage constraints, set this to an empty list `[]`.
|
|
2182
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2183
|
-
:param pulumi.Input[
|
|
2184
|
-
:param pulumi.Input[
|
|
2185
|
-
:param pulumi.Input[
|
|
2181
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] localities: The locality of generated certificates
|
|
2182
|
+
:param pulumi.Input[_builtins.str] max_ttl: The maximum lease TTL, in seconds, for the role.
|
|
2183
|
+
:param pulumi.Input[_builtins.str] name: The name to identify this role within the backend. Must be unique within the backend.
|
|
2184
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
2186
2185
|
The value should not contain leading or trailing forward slashes.
|
|
2187
2186
|
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
2188
2187
|
*Available only for Vault Enterprise*.
|
|
2189
|
-
:param pulumi.Input[
|
|
2190
|
-
:param pulumi.Input[
|
|
2191
|
-
:param pulumi.Input[
|
|
2192
|
-
:param pulumi.Input[
|
|
2193
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2194
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2188
|
+
:param pulumi.Input[_builtins.bool] no_store: Flag to not store certificates in the storage backend
|
|
2189
|
+
:param pulumi.Input[_builtins.bool] no_store_metadata: Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
2190
|
+
:param pulumi.Input[_builtins.str] not_after: Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
2191
|
+
:param pulumi.Input[_builtins.str] not_before_duration: Specifies the duration by which to backdate the NotBefore property.
|
|
2192
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organization_unit: The organization unit of generated certificates
|
|
2193
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] organizations: The organization of generated certificates
|
|
2195
2194
|
:param pulumi.Input[Sequence[pulumi.Input[Union['SecretBackendRolePolicyIdentifierArgs', 'SecretBackendRolePolicyIdentifierArgsDict']]]] policy_identifier: (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
|
|
2196
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2197
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2198
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2199
|
-
:param pulumi.Input[
|
|
2200
|
-
:param pulumi.Input[
|
|
2195
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] policy_identifiers: Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
2196
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] postal_codes: The postal code of generated certificates
|
|
2197
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] provinces: The province of generated certificates
|
|
2198
|
+
:param pulumi.Input[_builtins.bool] require_cn: Flag to force CN usage
|
|
2199
|
+
:param pulumi.Input[_builtins.str] serial_number_source: Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
2201
2200
|
|
|
2202
2201
|
Example usage:
|
|
2203
|
-
:param pulumi.Input[
|
|
2204
|
-
:param pulumi.Input[
|
|
2205
|
-
:param pulumi.Input[Sequence[pulumi.Input[
|
|
2206
|
-
:param pulumi.Input[
|
|
2207
|
-
:param pulumi.Input[
|
|
2208
|
-
:param pulumi.Input[
|
|
2209
|
-
:param pulumi.Input[
|
|
2202
|
+
:param pulumi.Input[_builtins.bool] server_flag: Flag to specify certificates for server use
|
|
2203
|
+
:param pulumi.Input[_builtins.int] signature_bits: The number of bits to use in the signature algorithm
|
|
2204
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] street_addresses: The street address of generated certificates
|
|
2205
|
+
:param pulumi.Input[_builtins.str] ttl: The TTL, in seconds, for any certificate issued against this role.
|
|
2206
|
+
:param pulumi.Input[_builtins.bool] use_csr_common_name: Flag to use the CN in the CSR
|
|
2207
|
+
:param pulumi.Input[_builtins.bool] use_csr_sans: Flag to use the SANs in the CSR
|
|
2208
|
+
:param pulumi.Input[_builtins.bool] use_pss: Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
2210
2209
|
"""
|
|
2211
2210
|
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
2212
2211
|
|
|
@@ -2266,209 +2265,209 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2266
2265
|
__props__.__dict__["use_pss"] = use_pss
|
|
2267
2266
|
return SecretBackendRole(resource_name, opts=opts, __props__=__props__)
|
|
2268
2267
|
|
|
2269
|
-
@property
|
|
2268
|
+
@_builtins.property
|
|
2270
2269
|
@pulumi.getter(name="allowAnyName")
|
|
2271
|
-
def allow_any_name(self) -> pulumi.Output[Optional[
|
|
2270
|
+
def allow_any_name(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2272
2271
|
"""
|
|
2273
2272
|
Flag to allow any name
|
|
2274
2273
|
"""
|
|
2275
2274
|
return pulumi.get(self, "allow_any_name")
|
|
2276
2275
|
|
|
2277
|
-
@property
|
|
2276
|
+
@_builtins.property
|
|
2278
2277
|
@pulumi.getter(name="allowBareDomains")
|
|
2279
|
-
def allow_bare_domains(self) -> pulumi.Output[Optional[
|
|
2278
|
+
def allow_bare_domains(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2280
2279
|
"""
|
|
2281
2280
|
Flag to allow certificates matching the actual domain
|
|
2282
2281
|
"""
|
|
2283
2282
|
return pulumi.get(self, "allow_bare_domains")
|
|
2284
2283
|
|
|
2285
|
-
@property
|
|
2284
|
+
@_builtins.property
|
|
2286
2285
|
@pulumi.getter(name="allowGlobDomains")
|
|
2287
|
-
def allow_glob_domains(self) -> pulumi.Output[Optional[
|
|
2286
|
+
def allow_glob_domains(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2288
2287
|
"""
|
|
2289
2288
|
Flag to allow names containing glob patterns.
|
|
2290
2289
|
"""
|
|
2291
2290
|
return pulumi.get(self, "allow_glob_domains")
|
|
2292
2291
|
|
|
2293
|
-
@property
|
|
2292
|
+
@_builtins.property
|
|
2294
2293
|
@pulumi.getter(name="allowIpSans")
|
|
2295
|
-
def allow_ip_sans(self) -> pulumi.Output[Optional[
|
|
2294
|
+
def allow_ip_sans(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2296
2295
|
"""
|
|
2297
2296
|
Flag to allow IP SANs
|
|
2298
2297
|
"""
|
|
2299
2298
|
return pulumi.get(self, "allow_ip_sans")
|
|
2300
2299
|
|
|
2301
|
-
@property
|
|
2300
|
+
@_builtins.property
|
|
2302
2301
|
@pulumi.getter(name="allowLocalhost")
|
|
2303
|
-
def allow_localhost(self) -> pulumi.Output[Optional[
|
|
2302
|
+
def allow_localhost(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2304
2303
|
"""
|
|
2305
2304
|
Flag to allow certificates for localhost
|
|
2306
2305
|
"""
|
|
2307
2306
|
return pulumi.get(self, "allow_localhost")
|
|
2308
2307
|
|
|
2309
|
-
@property
|
|
2308
|
+
@_builtins.property
|
|
2310
2309
|
@pulumi.getter(name="allowSubdomains")
|
|
2311
|
-
def allow_subdomains(self) -> pulumi.Output[Optional[
|
|
2310
|
+
def allow_subdomains(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2312
2311
|
"""
|
|
2313
2312
|
Flag to allow certificates matching subdomains
|
|
2314
2313
|
"""
|
|
2315
2314
|
return pulumi.get(self, "allow_subdomains")
|
|
2316
2315
|
|
|
2317
|
-
@property
|
|
2316
|
+
@_builtins.property
|
|
2318
2317
|
@pulumi.getter(name="allowWildcardCertificates")
|
|
2319
|
-
def allow_wildcard_certificates(self) -> pulumi.Output[Optional[
|
|
2318
|
+
def allow_wildcard_certificates(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2320
2319
|
"""
|
|
2321
2320
|
Flag to allow wildcard certificates.
|
|
2322
2321
|
"""
|
|
2323
2322
|
return pulumi.get(self, "allow_wildcard_certificates")
|
|
2324
2323
|
|
|
2325
|
-
@property
|
|
2324
|
+
@_builtins.property
|
|
2326
2325
|
@pulumi.getter(name="allowedDomains")
|
|
2327
|
-
def allowed_domains(self) -> pulumi.Output[Optional[Sequence[
|
|
2326
|
+
def allowed_domains(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2328
2327
|
"""
|
|
2329
2328
|
List of allowed domains for certificates
|
|
2330
2329
|
"""
|
|
2331
2330
|
return pulumi.get(self, "allowed_domains")
|
|
2332
2331
|
|
|
2333
|
-
@property
|
|
2332
|
+
@_builtins.property
|
|
2334
2333
|
@pulumi.getter(name="allowedDomainsTemplate")
|
|
2335
|
-
def allowed_domains_template(self) -> pulumi.Output[Optional[
|
|
2334
|
+
def allowed_domains_template(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2336
2335
|
"""
|
|
2337
2336
|
Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
2338
2337
|
"""
|
|
2339
2338
|
return pulumi.get(self, "allowed_domains_template")
|
|
2340
2339
|
|
|
2341
|
-
@property
|
|
2340
|
+
@_builtins.property
|
|
2342
2341
|
@pulumi.getter(name="allowedOtherSans")
|
|
2343
|
-
def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[
|
|
2342
|
+
def allowed_other_sans(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2344
2343
|
"""
|
|
2345
2344
|
Defines allowed custom SANs
|
|
2346
2345
|
"""
|
|
2347
2346
|
return pulumi.get(self, "allowed_other_sans")
|
|
2348
2347
|
|
|
2349
|
-
@property
|
|
2348
|
+
@_builtins.property
|
|
2350
2349
|
@pulumi.getter(name="allowedSerialNumbers")
|
|
2351
|
-
def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[
|
|
2350
|
+
def allowed_serial_numbers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2352
2351
|
"""
|
|
2353
2352
|
An array of allowed serial numbers to put in Subject
|
|
2354
2353
|
"""
|
|
2355
2354
|
return pulumi.get(self, "allowed_serial_numbers")
|
|
2356
2355
|
|
|
2357
|
-
@property
|
|
2356
|
+
@_builtins.property
|
|
2358
2357
|
@pulumi.getter(name="allowedUriSans")
|
|
2359
|
-
def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[
|
|
2358
|
+
def allowed_uri_sans(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2360
2359
|
"""
|
|
2361
2360
|
Defines allowed URI SANs
|
|
2362
2361
|
"""
|
|
2363
2362
|
return pulumi.get(self, "allowed_uri_sans")
|
|
2364
2363
|
|
|
2365
|
-
@property
|
|
2364
|
+
@_builtins.property
|
|
2366
2365
|
@pulumi.getter(name="allowedUriSansTemplate")
|
|
2367
|
-
def allowed_uri_sans_template(self) -> pulumi.Output[
|
|
2366
|
+
def allowed_uri_sans_template(self) -> pulumi.Output[_builtins.bool]:
|
|
2368
2367
|
"""
|
|
2369
2368
|
Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
|
|
2370
2369
|
"""
|
|
2371
2370
|
return pulumi.get(self, "allowed_uri_sans_template")
|
|
2372
2371
|
|
|
2373
|
-
@property
|
|
2372
|
+
@_builtins.property
|
|
2374
2373
|
@pulumi.getter(name="allowedUserIds")
|
|
2375
|
-
def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[
|
|
2374
|
+
def allowed_user_ids(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2376
2375
|
"""
|
|
2377
2376
|
Defines allowed User IDs
|
|
2378
2377
|
"""
|
|
2379
2378
|
return pulumi.get(self, "allowed_user_ids")
|
|
2380
2379
|
|
|
2381
|
-
@property
|
|
2380
|
+
@_builtins.property
|
|
2382
2381
|
@pulumi.getter
|
|
2383
|
-
def backend(self) -> pulumi.Output[
|
|
2382
|
+
def backend(self) -> pulumi.Output[_builtins.str]:
|
|
2384
2383
|
"""
|
|
2385
2384
|
The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
|
|
2386
2385
|
"""
|
|
2387
2386
|
return pulumi.get(self, "backend")
|
|
2388
2387
|
|
|
2389
|
-
@property
|
|
2388
|
+
@_builtins.property
|
|
2390
2389
|
@pulumi.getter(name="basicConstraintsValidForNonCa")
|
|
2391
|
-
def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[
|
|
2390
|
+
def basic_constraints_valid_for_non_ca(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2392
2391
|
"""
|
|
2393
2392
|
Flag to mark basic constraints valid when issuing non-CA certificates
|
|
2394
2393
|
"""
|
|
2395
2394
|
return pulumi.get(self, "basic_constraints_valid_for_non_ca")
|
|
2396
2395
|
|
|
2397
|
-
@property
|
|
2396
|
+
@_builtins.property
|
|
2398
2397
|
@pulumi.getter(name="clientFlag")
|
|
2399
|
-
def client_flag(self) -> pulumi.Output[Optional[
|
|
2398
|
+
def client_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2400
2399
|
"""
|
|
2401
2400
|
Flag to specify certificates for client use
|
|
2402
2401
|
"""
|
|
2403
2402
|
return pulumi.get(self, "client_flag")
|
|
2404
2403
|
|
|
2405
|
-
@property
|
|
2404
|
+
@_builtins.property
|
|
2406
2405
|
@pulumi.getter(name="cnValidations")
|
|
2407
|
-
def cn_validations(self) -> pulumi.Output[Sequence[
|
|
2406
|
+
def cn_validations(self) -> pulumi.Output[Sequence[_builtins.str]]:
|
|
2408
2407
|
"""
|
|
2409
2408
|
Validations to run on the Common Name field of the certificate, choices: `email`, `hostname`, `disabled`
|
|
2410
2409
|
"""
|
|
2411
2410
|
return pulumi.get(self, "cn_validations")
|
|
2412
2411
|
|
|
2413
|
-
@property
|
|
2412
|
+
@_builtins.property
|
|
2414
2413
|
@pulumi.getter(name="codeSigningFlag")
|
|
2415
|
-
def code_signing_flag(self) -> pulumi.Output[Optional[
|
|
2414
|
+
def code_signing_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2416
2415
|
"""
|
|
2417
2416
|
Flag to specify certificates for code signing use
|
|
2418
2417
|
"""
|
|
2419
2418
|
return pulumi.get(self, "code_signing_flag")
|
|
2420
2419
|
|
|
2421
|
-
@property
|
|
2420
|
+
@_builtins.property
|
|
2422
2421
|
@pulumi.getter
|
|
2423
|
-
def countries(self) -> pulumi.Output[Optional[Sequence[
|
|
2422
|
+
def countries(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2424
2423
|
"""
|
|
2425
2424
|
The country of generated certificates
|
|
2426
2425
|
"""
|
|
2427
2426
|
return pulumi.get(self, "countries")
|
|
2428
2427
|
|
|
2429
|
-
@property
|
|
2428
|
+
@_builtins.property
|
|
2430
2429
|
@pulumi.getter(name="emailProtectionFlag")
|
|
2431
|
-
def email_protection_flag(self) -> pulumi.Output[Optional[
|
|
2430
|
+
def email_protection_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2432
2431
|
"""
|
|
2433
2432
|
Flag to specify certificates for email protection use
|
|
2434
2433
|
"""
|
|
2435
2434
|
return pulumi.get(self, "email_protection_flag")
|
|
2436
2435
|
|
|
2437
|
-
@property
|
|
2436
|
+
@_builtins.property
|
|
2438
2437
|
@pulumi.getter(name="enforceHostnames")
|
|
2439
|
-
def enforce_hostnames(self) -> pulumi.Output[Optional[
|
|
2438
|
+
def enforce_hostnames(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2440
2439
|
"""
|
|
2441
2440
|
Flag to allow only valid host names
|
|
2442
2441
|
"""
|
|
2443
2442
|
return pulumi.get(self, "enforce_hostnames")
|
|
2444
2443
|
|
|
2445
|
-
@property
|
|
2444
|
+
@_builtins.property
|
|
2446
2445
|
@pulumi.getter(name="extKeyUsageOids")
|
|
2447
|
-
def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[
|
|
2446
|
+
def ext_key_usage_oids(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2448
2447
|
"""
|
|
2449
2448
|
Specify the allowed extended key usage OIDs constraint on issued certificates
|
|
2450
2449
|
"""
|
|
2451
2450
|
return pulumi.get(self, "ext_key_usage_oids")
|
|
2452
2451
|
|
|
2453
|
-
@property
|
|
2452
|
+
@_builtins.property
|
|
2454
2453
|
@pulumi.getter(name="extKeyUsages")
|
|
2455
|
-
def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[
|
|
2454
|
+
def ext_key_usages(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2456
2455
|
"""
|
|
2457
2456
|
Specify the allowed extended key usage constraint on issued certificates
|
|
2458
2457
|
"""
|
|
2459
2458
|
return pulumi.get(self, "ext_key_usages")
|
|
2460
2459
|
|
|
2461
|
-
@property
|
|
2460
|
+
@_builtins.property
|
|
2462
2461
|
@pulumi.getter(name="generateLease")
|
|
2463
|
-
def generate_lease(self) -> pulumi.Output[Optional[
|
|
2462
|
+
def generate_lease(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2464
2463
|
"""
|
|
2465
2464
|
Flag to generate leases with certificates
|
|
2466
2465
|
"""
|
|
2467
2466
|
return pulumi.get(self, "generate_lease")
|
|
2468
2467
|
|
|
2469
|
-
@property
|
|
2468
|
+
@_builtins.property
|
|
2470
2469
|
@pulumi.getter(name="issuerRef")
|
|
2471
|
-
def issuer_ref(self) -> pulumi.Output[
|
|
2470
|
+
def issuer_ref(self) -> pulumi.Output[_builtins.str]:
|
|
2472
2471
|
"""
|
|
2473
2472
|
Specifies the default issuer of this request. May
|
|
2474
2473
|
be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
|
|
@@ -2477,26 +2476,26 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2477
2476
|
"""
|
|
2478
2477
|
return pulumi.get(self, "issuer_ref")
|
|
2479
2478
|
|
|
2480
|
-
@property
|
|
2479
|
+
@_builtins.property
|
|
2481
2480
|
@pulumi.getter(name="keyBits")
|
|
2482
|
-
def key_bits(self) -> pulumi.Output[Optional[
|
|
2481
|
+
def key_bits(self) -> pulumi.Output[Optional[_builtins.int]]:
|
|
2483
2482
|
"""
|
|
2484
2483
|
The number of bits of generated keys
|
|
2485
2484
|
"""
|
|
2486
2485
|
return pulumi.get(self, "key_bits")
|
|
2487
2486
|
|
|
2488
|
-
@property
|
|
2487
|
+
@_builtins.property
|
|
2489
2488
|
@pulumi.getter(name="keyType")
|
|
2490
|
-
def key_type(self) -> pulumi.Output[Optional[
|
|
2489
|
+
def key_type(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
2491
2490
|
"""
|
|
2492
2491
|
The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
|
|
2493
2492
|
Defaults to `rsa`
|
|
2494
2493
|
"""
|
|
2495
2494
|
return pulumi.get(self, "key_type")
|
|
2496
2495
|
|
|
2497
|
-
@property
|
|
2496
|
+
@_builtins.property
|
|
2498
2497
|
@pulumi.getter(name="keyUsages")
|
|
2499
|
-
def key_usages(self) -> pulumi.Output[Sequence[
|
|
2498
|
+
def key_usages(self) -> pulumi.Output[Sequence[_builtins.str]]:
|
|
2500
2499
|
"""
|
|
2501
2500
|
Specify the allowed key usage constraint on issued
|
|
2502
2501
|
certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
|
|
@@ -2504,33 +2503,33 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2504
2503
|
"""
|
|
2505
2504
|
return pulumi.get(self, "key_usages")
|
|
2506
2505
|
|
|
2507
|
-
@property
|
|
2506
|
+
@_builtins.property
|
|
2508
2507
|
@pulumi.getter
|
|
2509
|
-
def localities(self) -> pulumi.Output[Optional[Sequence[
|
|
2508
|
+
def localities(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2510
2509
|
"""
|
|
2511
2510
|
The locality of generated certificates
|
|
2512
2511
|
"""
|
|
2513
2512
|
return pulumi.get(self, "localities")
|
|
2514
2513
|
|
|
2515
|
-
@property
|
|
2514
|
+
@_builtins.property
|
|
2516
2515
|
@pulumi.getter(name="maxTtl")
|
|
2517
|
-
def max_ttl(self) -> pulumi.Output[
|
|
2516
|
+
def max_ttl(self) -> pulumi.Output[_builtins.str]:
|
|
2518
2517
|
"""
|
|
2519
2518
|
The maximum lease TTL, in seconds, for the role.
|
|
2520
2519
|
"""
|
|
2521
2520
|
return pulumi.get(self, "max_ttl")
|
|
2522
2521
|
|
|
2523
|
-
@property
|
|
2522
|
+
@_builtins.property
|
|
2524
2523
|
@pulumi.getter
|
|
2525
|
-
def name(self) -> pulumi.Output[
|
|
2524
|
+
def name(self) -> pulumi.Output[_builtins.str]:
|
|
2526
2525
|
"""
|
|
2527
2526
|
The name to identify this role within the backend. Must be unique within the backend.
|
|
2528
2527
|
"""
|
|
2529
2528
|
return pulumi.get(self, "name")
|
|
2530
2529
|
|
|
2531
|
-
@property
|
|
2530
|
+
@_builtins.property
|
|
2532
2531
|
@pulumi.getter
|
|
2533
|
-
def namespace(self) -> pulumi.Output[Optional[
|
|
2532
|
+
def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
2534
2533
|
"""
|
|
2535
2534
|
The namespace to provision the resource in.
|
|
2536
2535
|
The value should not contain leading or trailing forward slashes.
|
|
@@ -2539,55 +2538,55 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2539
2538
|
"""
|
|
2540
2539
|
return pulumi.get(self, "namespace")
|
|
2541
2540
|
|
|
2542
|
-
@property
|
|
2541
|
+
@_builtins.property
|
|
2543
2542
|
@pulumi.getter(name="noStore")
|
|
2544
|
-
def no_store(self) -> pulumi.Output[Optional[
|
|
2543
|
+
def no_store(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2545
2544
|
"""
|
|
2546
2545
|
Flag to not store certificates in the storage backend
|
|
2547
2546
|
"""
|
|
2548
2547
|
return pulumi.get(self, "no_store")
|
|
2549
2548
|
|
|
2550
|
-
@property
|
|
2549
|
+
@_builtins.property
|
|
2551
2550
|
@pulumi.getter(name="noStoreMetadata")
|
|
2552
|
-
def no_store_metadata(self) -> pulumi.Output[Optional[
|
|
2551
|
+
def no_store_metadata(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2553
2552
|
"""
|
|
2554
2553
|
Allows metadata to be stored keyed on the certificate's serial number. The field is independent of no_store, allowing metadata storage regardless of whether certificates are stored. If true, metadata is not stored and an error is returned if the metadata field is specified on issuance APIs
|
|
2555
2554
|
"""
|
|
2556
2555
|
return pulumi.get(self, "no_store_metadata")
|
|
2557
2556
|
|
|
2558
|
-
@property
|
|
2557
|
+
@_builtins.property
|
|
2559
2558
|
@pulumi.getter(name="notAfter")
|
|
2560
|
-
def not_after(self) -> pulumi.Output[Optional[
|
|
2559
|
+
def not_after(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
2561
2560
|
"""
|
|
2562
2561
|
Set the Not After field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. Supports the Y10K end date for IEEE 802.1AR-2018 standard devices, 9999-12-31T23:59:59Z.
|
|
2563
2562
|
"""
|
|
2564
2563
|
return pulumi.get(self, "not_after")
|
|
2565
2564
|
|
|
2566
|
-
@property
|
|
2565
|
+
@_builtins.property
|
|
2567
2566
|
@pulumi.getter(name="notBeforeDuration")
|
|
2568
|
-
def not_before_duration(self) -> pulumi.Output[
|
|
2567
|
+
def not_before_duration(self) -> pulumi.Output[_builtins.str]:
|
|
2569
2568
|
"""
|
|
2570
2569
|
Specifies the duration by which to backdate the NotBefore property.
|
|
2571
2570
|
"""
|
|
2572
2571
|
return pulumi.get(self, "not_before_duration")
|
|
2573
2572
|
|
|
2574
|
-
@property
|
|
2573
|
+
@_builtins.property
|
|
2575
2574
|
@pulumi.getter(name="organizationUnit")
|
|
2576
|
-
def organization_unit(self) -> pulumi.Output[Optional[Sequence[
|
|
2575
|
+
def organization_unit(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2577
2576
|
"""
|
|
2578
2577
|
The organization unit of generated certificates
|
|
2579
2578
|
"""
|
|
2580
2579
|
return pulumi.get(self, "organization_unit")
|
|
2581
2580
|
|
|
2582
|
-
@property
|
|
2581
|
+
@_builtins.property
|
|
2583
2582
|
@pulumi.getter
|
|
2584
|
-
def organizations(self) -> pulumi.Output[Optional[Sequence[
|
|
2583
|
+
def organizations(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2585
2584
|
"""
|
|
2586
2585
|
The organization of generated certificates
|
|
2587
2586
|
"""
|
|
2588
2587
|
return pulumi.get(self, "organizations")
|
|
2589
2588
|
|
|
2590
|
-
@property
|
|
2589
|
+
@_builtins.property
|
|
2591
2590
|
@pulumi.getter(name="policyIdentifier")
|
|
2592
2591
|
def policy_identifier(self) -> pulumi.Output[Optional[Sequence['outputs.SecretBackendRolePolicyIdentifier']]]:
|
|
2593
2592
|
"""
|
|
@@ -2595,41 +2594,41 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2595
2594
|
"""
|
|
2596
2595
|
return pulumi.get(self, "policy_identifier")
|
|
2597
2596
|
|
|
2598
|
-
@property
|
|
2597
|
+
@_builtins.property
|
|
2599
2598
|
@pulumi.getter(name="policyIdentifiers")
|
|
2600
|
-
def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[
|
|
2599
|
+
def policy_identifiers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2601
2600
|
"""
|
|
2602
2601
|
Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
|
|
2603
2602
|
"""
|
|
2604
2603
|
return pulumi.get(self, "policy_identifiers")
|
|
2605
2604
|
|
|
2606
|
-
@property
|
|
2605
|
+
@_builtins.property
|
|
2607
2606
|
@pulumi.getter(name="postalCodes")
|
|
2608
|
-
def postal_codes(self) -> pulumi.Output[Optional[Sequence[
|
|
2607
|
+
def postal_codes(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2609
2608
|
"""
|
|
2610
2609
|
The postal code of generated certificates
|
|
2611
2610
|
"""
|
|
2612
2611
|
return pulumi.get(self, "postal_codes")
|
|
2613
2612
|
|
|
2614
|
-
@property
|
|
2613
|
+
@_builtins.property
|
|
2615
2614
|
@pulumi.getter
|
|
2616
|
-
def provinces(self) -> pulumi.Output[Optional[Sequence[
|
|
2615
|
+
def provinces(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2617
2616
|
"""
|
|
2618
2617
|
The province of generated certificates
|
|
2619
2618
|
"""
|
|
2620
2619
|
return pulumi.get(self, "provinces")
|
|
2621
2620
|
|
|
2622
|
-
@property
|
|
2621
|
+
@_builtins.property
|
|
2623
2622
|
@pulumi.getter(name="requireCn")
|
|
2624
|
-
def require_cn(self) -> pulumi.Output[Optional[
|
|
2623
|
+
def require_cn(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2625
2624
|
"""
|
|
2626
2625
|
Flag to force CN usage
|
|
2627
2626
|
"""
|
|
2628
2627
|
return pulumi.get(self, "require_cn")
|
|
2629
2628
|
|
|
2630
|
-
@property
|
|
2629
|
+
@_builtins.property
|
|
2631
2630
|
@pulumi.getter(name="serialNumberSource")
|
|
2632
|
-
def serial_number_source(self) -> pulumi.Output[
|
|
2631
|
+
def serial_number_source(self) -> pulumi.Output[_builtins.str]:
|
|
2633
2632
|
"""
|
|
2634
2633
|
Specifies the source of the subject serial number. Valid values are json-csr (default) or json. When set to json-csr, the subject serial number is taken from the serial_number parameter and falls back to the serial number in the CSR. When set to json, the subject serial number is taken from the serial_number parameter but will ignore any value in the CSR. For backwards compatibility an empty value for this field will default to the json-csr behavior.
|
|
2635
2634
|
|
|
@@ -2637,57 +2636,57 @@ class SecretBackendRole(pulumi.CustomResource):
|
|
|
2637
2636
|
"""
|
|
2638
2637
|
return pulumi.get(self, "serial_number_source")
|
|
2639
2638
|
|
|
2640
|
-
@property
|
|
2639
|
+
@_builtins.property
|
|
2641
2640
|
@pulumi.getter(name="serverFlag")
|
|
2642
|
-
def server_flag(self) -> pulumi.Output[Optional[
|
|
2641
|
+
def server_flag(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2643
2642
|
"""
|
|
2644
2643
|
Flag to specify certificates for server use
|
|
2645
2644
|
"""
|
|
2646
2645
|
return pulumi.get(self, "server_flag")
|
|
2647
2646
|
|
|
2648
|
-
@property
|
|
2647
|
+
@_builtins.property
|
|
2649
2648
|
@pulumi.getter(name="signatureBits")
|
|
2650
|
-
def signature_bits(self) -> pulumi.Output[
|
|
2649
|
+
def signature_bits(self) -> pulumi.Output[_builtins.int]:
|
|
2651
2650
|
"""
|
|
2652
2651
|
The number of bits to use in the signature algorithm
|
|
2653
2652
|
"""
|
|
2654
2653
|
return pulumi.get(self, "signature_bits")
|
|
2655
2654
|
|
|
2656
|
-
@property
|
|
2655
|
+
@_builtins.property
|
|
2657
2656
|
@pulumi.getter(name="streetAddresses")
|
|
2658
|
-
def street_addresses(self) -> pulumi.Output[Optional[Sequence[
|
|
2657
|
+
def street_addresses(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
2659
2658
|
"""
|
|
2660
2659
|
The street address of generated certificates
|
|
2661
2660
|
"""
|
|
2662
2661
|
return pulumi.get(self, "street_addresses")
|
|
2663
2662
|
|
|
2664
|
-
@property
|
|
2663
|
+
@_builtins.property
|
|
2665
2664
|
@pulumi.getter
|
|
2666
|
-
def ttl(self) -> pulumi.Output[
|
|
2665
|
+
def ttl(self) -> pulumi.Output[_builtins.str]:
|
|
2667
2666
|
"""
|
|
2668
2667
|
The TTL, in seconds, for any certificate issued against this role.
|
|
2669
2668
|
"""
|
|
2670
2669
|
return pulumi.get(self, "ttl")
|
|
2671
2670
|
|
|
2672
|
-
@property
|
|
2671
|
+
@_builtins.property
|
|
2673
2672
|
@pulumi.getter(name="useCsrCommonName")
|
|
2674
|
-
def use_csr_common_name(self) -> pulumi.Output[Optional[
|
|
2673
|
+
def use_csr_common_name(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2675
2674
|
"""
|
|
2676
2675
|
Flag to use the CN in the CSR
|
|
2677
2676
|
"""
|
|
2678
2677
|
return pulumi.get(self, "use_csr_common_name")
|
|
2679
2678
|
|
|
2680
|
-
@property
|
|
2679
|
+
@_builtins.property
|
|
2681
2680
|
@pulumi.getter(name="useCsrSans")
|
|
2682
|
-
def use_csr_sans(self) -> pulumi.Output[Optional[
|
|
2681
|
+
def use_csr_sans(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2683
2682
|
"""
|
|
2684
2683
|
Flag to use the SANs in the CSR
|
|
2685
2684
|
"""
|
|
2686
2685
|
return pulumi.get(self, "use_csr_sans")
|
|
2687
2686
|
|
|
2688
|
-
@property
|
|
2687
|
+
@_builtins.property
|
|
2689
2688
|
@pulumi.getter(name="usePss")
|
|
2690
|
-
def use_pss(self) -> pulumi.Output[Optional[
|
|
2689
|
+
def use_pss(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
2691
2690
|
"""
|
|
2692
2691
|
Specifies whether or not to use PSS signatures over PKCS#1v1.5 signatures when a RSA-type issuer is used. Ignored for ECDSA/Ed25519 issuers.
|
|
2693
2692
|
"""
|