pulumi-vault 7.6.0a1764657486__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- pulumi_vault/__init__.py +1399 -0
- pulumi_vault/_inputs.py +2701 -0
- pulumi_vault/_utilities.py +331 -0
- pulumi_vault/ad/__init__.py +12 -0
- pulumi_vault/ad/get_access_credentials.py +177 -0
- pulumi_vault/ad/secret_backend.py +1916 -0
- pulumi_vault/ad/secret_library.py +546 -0
- pulumi_vault/ad/secret_role.py +499 -0
- pulumi_vault/alicloud/__init__.py +9 -0
- pulumi_vault/alicloud/auth_backend_role.py +866 -0
- pulumi_vault/approle/__init__.py +12 -0
- pulumi_vault/approle/auth_backend_login.py +571 -0
- pulumi_vault/approle/auth_backend_role.py +1082 -0
- pulumi_vault/approle/auth_backend_role_secret_id.py +796 -0
- pulumi_vault/approle/get_auth_backend_role_id.py +169 -0
- pulumi_vault/audit.py +499 -0
- pulumi_vault/audit_request_header.py +277 -0
- pulumi_vault/auth_backend.py +565 -0
- pulumi_vault/aws/__init__.py +22 -0
- pulumi_vault/aws/auth_backend_cert.py +420 -0
- pulumi_vault/aws/auth_backend_client.py +1259 -0
- pulumi_vault/aws/auth_backend_config_identity.py +494 -0
- pulumi_vault/aws/auth_backend_identity_whitelist.py +380 -0
- pulumi_vault/aws/auth_backend_login.py +1046 -0
- pulumi_vault/aws/auth_backend_role.py +1961 -0
- pulumi_vault/aws/auth_backend_role_tag.py +638 -0
- pulumi_vault/aws/auth_backend_roletag_blacklist.py +366 -0
- pulumi_vault/aws/auth_backend_sts_role.py +414 -0
- pulumi_vault/aws/get_access_credentials.py +369 -0
- pulumi_vault/aws/get_static_access_credentials.py +137 -0
- pulumi_vault/aws/secret_backend.py +2018 -0
- pulumi_vault/aws/secret_backend_role.py +1188 -0
- pulumi_vault/aws/secret_backend_static_role.py +639 -0
- pulumi_vault/azure/__init__.py +15 -0
- pulumi_vault/azure/_inputs.py +108 -0
- pulumi_vault/azure/auth_backend_config.py +1096 -0
- pulumi_vault/azure/auth_backend_role.py +1176 -0
- pulumi_vault/azure/backend.py +1793 -0
- pulumi_vault/azure/backend_role.py +883 -0
- pulumi_vault/azure/get_access_credentials.py +400 -0
- pulumi_vault/azure/outputs.py +107 -0
- pulumi_vault/cert_auth_backend_role.py +1539 -0
- pulumi_vault/config/__init__.py +9 -0
- pulumi_vault/config/__init__.pyi +164 -0
- pulumi_vault/config/_inputs.py +73 -0
- pulumi_vault/config/outputs.py +1225 -0
- pulumi_vault/config/ui_custom_message.py +530 -0
- pulumi_vault/config/vars.py +230 -0
- pulumi_vault/consul/__init__.py +10 -0
- pulumi_vault/consul/secret_backend.py +1517 -0
- pulumi_vault/consul/secret_backend_role.py +847 -0
- pulumi_vault/database/__init__.py +14 -0
- pulumi_vault/database/_inputs.py +11907 -0
- pulumi_vault/database/outputs.py +8496 -0
- pulumi_vault/database/secret_backend_connection.py +1676 -0
- pulumi_vault/database/secret_backend_role.py +840 -0
- pulumi_vault/database/secret_backend_static_role.py +881 -0
- pulumi_vault/database/secrets_mount.py +2160 -0
- pulumi_vault/egp_policy.py +399 -0
- pulumi_vault/gcp/__init__.py +17 -0
- pulumi_vault/gcp/_inputs.py +441 -0
- pulumi_vault/gcp/auth_backend.py +1486 -0
- pulumi_vault/gcp/auth_backend_role.py +1235 -0
- pulumi_vault/gcp/get_auth_backend_role.py +514 -0
- pulumi_vault/gcp/outputs.py +302 -0
- pulumi_vault/gcp/secret_backend.py +1807 -0
- pulumi_vault/gcp/secret_impersonated_account.py +484 -0
- pulumi_vault/gcp/secret_roleset.py +554 -0
- pulumi_vault/gcp/secret_static_account.py +557 -0
- pulumi_vault/generic/__init__.py +11 -0
- pulumi_vault/generic/endpoint.py +786 -0
- pulumi_vault/generic/get_secret.py +306 -0
- pulumi_vault/generic/secret.py +486 -0
- pulumi_vault/get_auth_backend.py +226 -0
- pulumi_vault/get_auth_backends.py +170 -0
- pulumi_vault/get_namespace.py +226 -0
- pulumi_vault/get_namespaces.py +202 -0
- pulumi_vault/get_nomad_access_token.py +210 -0
- pulumi_vault/get_policy_document.py +160 -0
- pulumi_vault/get_raft_autopilot_state.py +267 -0
- pulumi_vault/github/__init__.py +13 -0
- pulumi_vault/github/_inputs.py +225 -0
- pulumi_vault/github/auth_backend.py +1194 -0
- pulumi_vault/github/outputs.py +174 -0
- pulumi_vault/github/team.py +380 -0
- pulumi_vault/github/user.py +380 -0
- pulumi_vault/identity/__init__.py +35 -0
- pulumi_vault/identity/entity.py +447 -0
- pulumi_vault/identity/entity_alias.py +398 -0
- pulumi_vault/identity/entity_policies.py +455 -0
- pulumi_vault/identity/get_entity.py +384 -0
- pulumi_vault/identity/get_group.py +467 -0
- pulumi_vault/identity/get_oidc_client_creds.py +175 -0
- pulumi_vault/identity/get_oidc_openid_config.py +334 -0
- pulumi_vault/identity/get_oidc_public_keys.py +179 -0
- pulumi_vault/identity/group.py +805 -0
- pulumi_vault/identity/group_alias.py +386 -0
- pulumi_vault/identity/group_member_entity_ids.py +444 -0
- pulumi_vault/identity/group_member_group_ids.py +467 -0
- pulumi_vault/identity/group_policies.py +471 -0
- pulumi_vault/identity/mfa_duo.py +674 -0
- pulumi_vault/identity/mfa_login_enforcement.py +566 -0
- pulumi_vault/identity/mfa_okta.py +626 -0
- pulumi_vault/identity/mfa_pingid.py +616 -0
- pulumi_vault/identity/mfa_totp.py +758 -0
- pulumi_vault/identity/oidc.py +268 -0
- pulumi_vault/identity/oidc_assignment.py +375 -0
- pulumi_vault/identity/oidc_client.py +667 -0
- pulumi_vault/identity/oidc_key.py +474 -0
- pulumi_vault/identity/oidc_key_allowed_client_id.py +298 -0
- pulumi_vault/identity/oidc_provider.py +550 -0
- pulumi_vault/identity/oidc_role.py +543 -0
- pulumi_vault/identity/oidc_scope.py +355 -0
- pulumi_vault/identity/outputs.py +137 -0
- pulumi_vault/jwt/__init__.py +12 -0
- pulumi_vault/jwt/_inputs.py +225 -0
- pulumi_vault/jwt/auth_backend.py +1347 -0
- pulumi_vault/jwt/auth_backend_role.py +1847 -0
- pulumi_vault/jwt/outputs.py +174 -0
- pulumi_vault/kmip/__init__.py +11 -0
- pulumi_vault/kmip/secret_backend.py +1591 -0
- pulumi_vault/kmip/secret_role.py +1194 -0
- pulumi_vault/kmip/secret_scope.py +372 -0
- pulumi_vault/kubernetes/__init__.py +15 -0
- pulumi_vault/kubernetes/auth_backend_config.py +654 -0
- pulumi_vault/kubernetes/auth_backend_role.py +1031 -0
- pulumi_vault/kubernetes/get_auth_backend_config.py +280 -0
- pulumi_vault/kubernetes/get_auth_backend_role.py +470 -0
- pulumi_vault/kubernetes/get_service_account_token.py +344 -0
- pulumi_vault/kubernetes/secret_backend.py +1341 -0
- pulumi_vault/kubernetes/secret_backend_role.py +1140 -0
- pulumi_vault/kv/__init__.py +18 -0
- pulumi_vault/kv/_inputs.py +124 -0
- pulumi_vault/kv/get_secret.py +240 -0
- pulumi_vault/kv/get_secret_subkeys_v2.py +275 -0
- pulumi_vault/kv/get_secret_v2.py +315 -0
- pulumi_vault/kv/get_secrets_list.py +186 -0
- pulumi_vault/kv/get_secrets_list_v2.py +243 -0
- pulumi_vault/kv/outputs.py +102 -0
- pulumi_vault/kv/secret.py +397 -0
- pulumi_vault/kv/secret_backend_v2.py +455 -0
- pulumi_vault/kv/secret_v2.py +970 -0
- pulumi_vault/ldap/__init__.py +19 -0
- pulumi_vault/ldap/_inputs.py +225 -0
- pulumi_vault/ldap/auth_backend.py +2520 -0
- pulumi_vault/ldap/auth_backend_group.py +386 -0
- pulumi_vault/ldap/auth_backend_user.py +439 -0
- pulumi_vault/ldap/get_dynamic_credentials.py +181 -0
- pulumi_vault/ldap/get_static_credentials.py +192 -0
- pulumi_vault/ldap/outputs.py +174 -0
- pulumi_vault/ldap/secret_backend.py +2207 -0
- pulumi_vault/ldap/secret_backend_dynamic_role.py +767 -0
- pulumi_vault/ldap/secret_backend_library_set.py +552 -0
- pulumi_vault/ldap/secret_backend_static_role.py +541 -0
- pulumi_vault/managed/__init__.py +11 -0
- pulumi_vault/managed/_inputs.py +944 -0
- pulumi_vault/managed/keys.py +398 -0
- pulumi_vault/managed/outputs.py +667 -0
- pulumi_vault/mfa_duo.py +589 -0
- pulumi_vault/mfa_okta.py +623 -0
- pulumi_vault/mfa_pingid.py +670 -0
- pulumi_vault/mfa_totp.py +620 -0
- pulumi_vault/mongodbatlas/__init__.py +10 -0
- pulumi_vault/mongodbatlas/secret_backend.py +388 -0
- pulumi_vault/mongodbatlas/secret_role.py +726 -0
- pulumi_vault/mount.py +1262 -0
- pulumi_vault/namespace.py +452 -0
- pulumi_vault/nomad_secret_backend.py +1559 -0
- pulumi_vault/nomad_secret_role.py +489 -0
- pulumi_vault/oci_auth_backend.py +676 -0
- pulumi_vault/oci_auth_backend_role.py +852 -0
- pulumi_vault/okta/__init__.py +13 -0
- pulumi_vault/okta/_inputs.py +320 -0
- pulumi_vault/okta/auth_backend.py +1231 -0
- pulumi_vault/okta/auth_backend_group.py +369 -0
- pulumi_vault/okta/auth_backend_user.py +416 -0
- pulumi_vault/okta/outputs.py +244 -0
- pulumi_vault/outputs.py +502 -0
- pulumi_vault/pkisecret/__init__.py +38 -0
- pulumi_vault/pkisecret/_inputs.py +270 -0
- pulumi_vault/pkisecret/backend_acme_eab.py +550 -0
- pulumi_vault/pkisecret/backend_config_acme.py +690 -0
- pulumi_vault/pkisecret/backend_config_auto_tidy.py +1370 -0
- pulumi_vault/pkisecret/backend_config_cluster.py +370 -0
- pulumi_vault/pkisecret/backend_config_cmpv2.py +693 -0
- pulumi_vault/pkisecret/backend_config_est.py +756 -0
- pulumi_vault/pkisecret/backend_config_scep.py +738 -0
- pulumi_vault/pkisecret/get_backend_cert_metadata.py +277 -0
- pulumi_vault/pkisecret/get_backend_config_cmpv2.py +226 -0
- pulumi_vault/pkisecret/get_backend_config_est.py +251 -0
- pulumi_vault/pkisecret/get_backend_config_scep.py +271 -0
- pulumi_vault/pkisecret/get_backend_issuer.py +395 -0
- pulumi_vault/pkisecret/get_backend_issuers.py +192 -0
- pulumi_vault/pkisecret/get_backend_key.py +211 -0
- pulumi_vault/pkisecret/get_backend_keys.py +192 -0
- pulumi_vault/pkisecret/outputs.py +270 -0
- pulumi_vault/pkisecret/secret_backend_cert.py +1315 -0
- pulumi_vault/pkisecret/secret_backend_config_ca.py +386 -0
- pulumi_vault/pkisecret/secret_backend_config_issuers.py +392 -0
- pulumi_vault/pkisecret/secret_backend_config_urls.py +462 -0
- pulumi_vault/pkisecret/secret_backend_crl_config.py +846 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +1629 -0
- pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +444 -0
- pulumi_vault/pkisecret/secret_backend_issuer.py +1089 -0
- pulumi_vault/pkisecret/secret_backend_key.py +613 -0
- pulumi_vault/pkisecret/secret_backend_role.py +2694 -0
- pulumi_vault/pkisecret/secret_backend_root_cert.py +2134 -0
- pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +2031 -0
- pulumi_vault/pkisecret/secret_backend_sign.py +1194 -0
- pulumi_vault/plugin.py +596 -0
- pulumi_vault/plugin_pinned_version.py +299 -0
- pulumi_vault/policy.py +279 -0
- pulumi_vault/provider.py +781 -0
- pulumi_vault/pulumi-plugin.json +5 -0
- pulumi_vault/py.typed +0 -0
- pulumi_vault/quota_lease_count.py +504 -0
- pulumi_vault/quota_rate_limit.py +751 -0
- pulumi_vault/rabbitmq/__init__.py +12 -0
- pulumi_vault/rabbitmq/_inputs.py +235 -0
- pulumi_vault/rabbitmq/outputs.py +144 -0
- pulumi_vault/rabbitmq/secret_backend.py +1437 -0
- pulumi_vault/rabbitmq/secret_backend_role.py +496 -0
- pulumi_vault/raft_autopilot.py +609 -0
- pulumi_vault/raft_snapshot_agent_config.py +1591 -0
- pulumi_vault/rgp_policy.py +349 -0
- pulumi_vault/saml/__init__.py +12 -0
- pulumi_vault/saml/_inputs.py +225 -0
- pulumi_vault/saml/auth_backend.py +811 -0
- pulumi_vault/saml/auth_backend_role.py +1068 -0
- pulumi_vault/saml/outputs.py +174 -0
- pulumi_vault/scep_auth_backend_role.py +908 -0
- pulumi_vault/secrets/__init__.py +18 -0
- pulumi_vault/secrets/_inputs.py +110 -0
- pulumi_vault/secrets/outputs.py +94 -0
- pulumi_vault/secrets/sync_association.py +450 -0
- pulumi_vault/secrets/sync_aws_destination.py +780 -0
- pulumi_vault/secrets/sync_azure_destination.py +736 -0
- pulumi_vault/secrets/sync_config.py +303 -0
- pulumi_vault/secrets/sync_gcp_destination.py +572 -0
- pulumi_vault/secrets/sync_gh_destination.py +688 -0
- pulumi_vault/secrets/sync_github_apps.py +376 -0
- pulumi_vault/secrets/sync_vercel_destination.py +603 -0
- pulumi_vault/ssh/__init__.py +13 -0
- pulumi_vault/ssh/_inputs.py +76 -0
- pulumi_vault/ssh/get_secret_backend_sign.py +294 -0
- pulumi_vault/ssh/outputs.py +51 -0
- pulumi_vault/ssh/secret_backend_ca.py +588 -0
- pulumi_vault/ssh/secret_backend_role.py +1493 -0
- pulumi_vault/terraformcloud/__init__.py +11 -0
- pulumi_vault/terraformcloud/secret_backend.py +1321 -0
- pulumi_vault/terraformcloud/secret_creds.py +445 -0
- pulumi_vault/terraformcloud/secret_role.py +563 -0
- pulumi_vault/token.py +1026 -0
- pulumi_vault/tokenauth/__init__.py +9 -0
- pulumi_vault/tokenauth/auth_backend_role.py +1135 -0
- pulumi_vault/transform/__init__.py +14 -0
- pulumi_vault/transform/alphabet.py +348 -0
- pulumi_vault/transform/get_decode.py +287 -0
- pulumi_vault/transform/get_encode.py +291 -0
- pulumi_vault/transform/role.py +350 -0
- pulumi_vault/transform/template.py +592 -0
- pulumi_vault/transform/transformation.py +608 -0
- pulumi_vault/transit/__init__.py +15 -0
- pulumi_vault/transit/get_cmac.py +256 -0
- pulumi_vault/transit/get_decrypt.py +181 -0
- pulumi_vault/transit/get_encrypt.py +174 -0
- pulumi_vault/transit/get_sign.py +328 -0
- pulumi_vault/transit/get_verify.py +373 -0
- pulumi_vault/transit/secret_backend_key.py +1202 -0
- pulumi_vault/transit/secret_cache_config.py +302 -0
- pulumi_vault-7.6.0a1764657486.dist-info/METADATA +92 -0
- pulumi_vault-7.6.0a1764657486.dist-info/RECORD +274 -0
- pulumi_vault-7.6.0a1764657486.dist-info/WHEEL +5 -0
- pulumi_vault-7.6.0a1764657486.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,1089 @@
|
|
|
1
|
+
# coding=utf-8
|
|
2
|
+
# *** WARNING: this file was generated by pulumi-language-python. ***
|
|
3
|
+
# *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
4
|
+
|
|
5
|
+
import builtins as _builtins
|
|
6
|
+
import warnings
|
|
7
|
+
import sys
|
|
8
|
+
import pulumi
|
|
9
|
+
import pulumi.runtime
|
|
10
|
+
from typing import Any, Mapping, Optional, Sequence, Union, overload
|
|
11
|
+
if sys.version_info >= (3, 11):
|
|
12
|
+
from typing import NotRequired, TypedDict, TypeAlias
|
|
13
|
+
else:
|
|
14
|
+
from typing_extensions import NotRequired, TypedDict, TypeAlias
|
|
15
|
+
from .. import _utilities
|
|
16
|
+
|
|
17
|
+
__all__ = ['SecretBackendIssuerArgs', 'SecretBackendIssuer']
|
|
18
|
+
|
|
19
|
+
@pulumi.input_type
|
|
20
|
+
class SecretBackendIssuerArgs:
|
|
21
|
+
def __init__(__self__, *,
|
|
22
|
+
backend: pulumi.Input[_builtins.str],
|
|
23
|
+
issuer_ref: pulumi.Input[_builtins.str],
|
|
24
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
25
|
+
disable_critical_extension_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
26
|
+
disable_name_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
27
|
+
disable_name_constraint_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
28
|
+
disable_path_length_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
29
|
+
enable_aia_url_templating: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
30
|
+
issuer_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
31
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
32
|
+
leaf_not_after_behavior: Optional[pulumi.Input[_builtins.str]] = None,
|
|
33
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
34
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
35
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
36
|
+
revocation_signature_algorithm: Optional[pulumi.Input[_builtins.str]] = None,
|
|
37
|
+
usage: Optional[pulumi.Input[_builtins.str]] = None):
|
|
38
|
+
"""
|
|
39
|
+
The set of arguments for constructing a SecretBackendIssuer resource.
|
|
40
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
|
41
|
+
leading or trailing `/`s.
|
|
42
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Reference to an existing issuer.
|
|
43
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
|
44
|
+
Distribution Points field.
|
|
45
|
+
:param pulumi.Input[_builtins.bool] disable_critical_extension_checks: This determines whether this
|
|
46
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
47
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
48
|
+
:param pulumi.Input[_builtins.bool] disable_name_checks: This determines whether this issuer is able
|
|
49
|
+
to issue certificates where the chain of trust (including the final issued
|
|
50
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
51
|
+
does not match the named issuer of the certificate it signed.
|
|
52
|
+
:param pulumi.Input[_builtins.bool] disable_name_constraint_checks: This determines whether this
|
|
53
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
54
|
+
final issued certificate) violates the name constraints critical extension of
|
|
55
|
+
one of the issuer certificates in the chain.
|
|
56
|
+
:param pulumi.Input[_builtins.bool] disable_path_length_checks: This determines whether this issuer
|
|
57
|
+
is able to issue certificates where the chain of trust (including the final
|
|
58
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
59
|
+
chain.
|
|
60
|
+
:param pulumi.Input[_builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
|
61
|
+
be templated.
|
|
62
|
+
:param pulumi.Input[_builtins.str] issuer_name: Name of the issuer.
|
|
63
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
|
64
|
+
Certificate field.
|
|
65
|
+
:param pulumi.Input[_builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
|
66
|
+
issuance.
|
|
67
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
|
68
|
+
computed CAChain field from, when non-empty.
|
|
69
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
70
|
+
The value should not contain leading or trailing forward slashes.
|
|
71
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
72
|
+
*Available only for Vault Enterprise*.
|
|
73
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
|
74
|
+
:param pulumi.Input[_builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
|
75
|
+
when building CRLs.
|
|
76
|
+
:param pulumi.Input[_builtins.str] usage: Allowed usages for this issuer.
|
|
77
|
+
"""
|
|
78
|
+
pulumi.set(__self__, "backend", backend)
|
|
79
|
+
pulumi.set(__self__, "issuer_ref", issuer_ref)
|
|
80
|
+
if crl_distribution_points is not None:
|
|
81
|
+
pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
|
|
82
|
+
if disable_critical_extension_checks is not None:
|
|
83
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
|
84
|
+
if disable_name_checks is not None:
|
|
85
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
|
86
|
+
if disable_name_constraint_checks is not None:
|
|
87
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
|
88
|
+
if disable_path_length_checks is not None:
|
|
89
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
|
90
|
+
if enable_aia_url_templating is not None:
|
|
91
|
+
pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
|
|
92
|
+
if issuer_name is not None:
|
|
93
|
+
pulumi.set(__self__, "issuer_name", issuer_name)
|
|
94
|
+
if issuing_certificates is not None:
|
|
95
|
+
pulumi.set(__self__, "issuing_certificates", issuing_certificates)
|
|
96
|
+
if leaf_not_after_behavior is not None:
|
|
97
|
+
pulumi.set(__self__, "leaf_not_after_behavior", leaf_not_after_behavior)
|
|
98
|
+
if manual_chains is not None:
|
|
99
|
+
pulumi.set(__self__, "manual_chains", manual_chains)
|
|
100
|
+
if namespace is not None:
|
|
101
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
102
|
+
if ocsp_servers is not None:
|
|
103
|
+
pulumi.set(__self__, "ocsp_servers", ocsp_servers)
|
|
104
|
+
if revocation_signature_algorithm is not None:
|
|
105
|
+
pulumi.set(__self__, "revocation_signature_algorithm", revocation_signature_algorithm)
|
|
106
|
+
if usage is not None:
|
|
107
|
+
pulumi.set(__self__, "usage", usage)
|
|
108
|
+
|
|
109
|
+
@_builtins.property
|
|
110
|
+
@pulumi.getter
|
|
111
|
+
def backend(self) -> pulumi.Input[_builtins.str]:
|
|
112
|
+
"""
|
|
113
|
+
The path the PKI secret backend is mounted at, with no
|
|
114
|
+
leading or trailing `/`s.
|
|
115
|
+
"""
|
|
116
|
+
return pulumi.get(self, "backend")
|
|
117
|
+
|
|
118
|
+
@backend.setter
|
|
119
|
+
def backend(self, value: pulumi.Input[_builtins.str]):
|
|
120
|
+
pulumi.set(self, "backend", value)
|
|
121
|
+
|
|
122
|
+
@_builtins.property
|
|
123
|
+
@pulumi.getter(name="issuerRef")
|
|
124
|
+
def issuer_ref(self) -> pulumi.Input[_builtins.str]:
|
|
125
|
+
"""
|
|
126
|
+
Reference to an existing issuer.
|
|
127
|
+
"""
|
|
128
|
+
return pulumi.get(self, "issuer_ref")
|
|
129
|
+
|
|
130
|
+
@issuer_ref.setter
|
|
131
|
+
def issuer_ref(self, value: pulumi.Input[_builtins.str]):
|
|
132
|
+
pulumi.set(self, "issuer_ref", value)
|
|
133
|
+
|
|
134
|
+
@_builtins.property
|
|
135
|
+
@pulumi.getter(name="crlDistributionPoints")
|
|
136
|
+
def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
137
|
+
"""
|
|
138
|
+
Specifies the URL values for the CRL
|
|
139
|
+
Distribution Points field.
|
|
140
|
+
"""
|
|
141
|
+
return pulumi.get(self, "crl_distribution_points")
|
|
142
|
+
|
|
143
|
+
@crl_distribution_points.setter
|
|
144
|
+
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
145
|
+
pulumi.set(self, "crl_distribution_points", value)
|
|
146
|
+
|
|
147
|
+
@_builtins.property
|
|
148
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
|
149
|
+
def disable_critical_extension_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
150
|
+
"""
|
|
151
|
+
This determines whether this
|
|
152
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
153
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
154
|
+
"""
|
|
155
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
|
156
|
+
|
|
157
|
+
@disable_critical_extension_checks.setter
|
|
158
|
+
def disable_critical_extension_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
159
|
+
pulumi.set(self, "disable_critical_extension_checks", value)
|
|
160
|
+
|
|
161
|
+
@_builtins.property
|
|
162
|
+
@pulumi.getter(name="disableNameChecks")
|
|
163
|
+
def disable_name_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
164
|
+
"""
|
|
165
|
+
This determines whether this issuer is able
|
|
166
|
+
to issue certificates where the chain of trust (including the final issued
|
|
167
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
168
|
+
does not match the named issuer of the certificate it signed.
|
|
169
|
+
"""
|
|
170
|
+
return pulumi.get(self, "disable_name_checks")
|
|
171
|
+
|
|
172
|
+
@disable_name_checks.setter
|
|
173
|
+
def disable_name_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
174
|
+
pulumi.set(self, "disable_name_checks", value)
|
|
175
|
+
|
|
176
|
+
@_builtins.property
|
|
177
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
|
178
|
+
def disable_name_constraint_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
179
|
+
"""
|
|
180
|
+
This determines whether this
|
|
181
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
182
|
+
final issued certificate) violates the name constraints critical extension of
|
|
183
|
+
one of the issuer certificates in the chain.
|
|
184
|
+
"""
|
|
185
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
|
186
|
+
|
|
187
|
+
@disable_name_constraint_checks.setter
|
|
188
|
+
def disable_name_constraint_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
189
|
+
pulumi.set(self, "disable_name_constraint_checks", value)
|
|
190
|
+
|
|
191
|
+
@_builtins.property
|
|
192
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
|
193
|
+
def disable_path_length_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
194
|
+
"""
|
|
195
|
+
This determines whether this issuer
|
|
196
|
+
is able to issue certificates where the chain of trust (including the final
|
|
197
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
198
|
+
chain.
|
|
199
|
+
"""
|
|
200
|
+
return pulumi.get(self, "disable_path_length_checks")
|
|
201
|
+
|
|
202
|
+
@disable_path_length_checks.setter
|
|
203
|
+
def disable_path_length_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
204
|
+
pulumi.set(self, "disable_path_length_checks", value)
|
|
205
|
+
|
|
206
|
+
@_builtins.property
|
|
207
|
+
@pulumi.getter(name="enableAiaUrlTemplating")
|
|
208
|
+
def enable_aia_url_templating(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
209
|
+
"""
|
|
210
|
+
Specifies that the AIA URL values should
|
|
211
|
+
be templated.
|
|
212
|
+
"""
|
|
213
|
+
return pulumi.get(self, "enable_aia_url_templating")
|
|
214
|
+
|
|
215
|
+
@enable_aia_url_templating.setter
|
|
216
|
+
def enable_aia_url_templating(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
217
|
+
pulumi.set(self, "enable_aia_url_templating", value)
|
|
218
|
+
|
|
219
|
+
@_builtins.property
|
|
220
|
+
@pulumi.getter(name="issuerName")
|
|
221
|
+
def issuer_name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
222
|
+
"""
|
|
223
|
+
Name of the issuer.
|
|
224
|
+
"""
|
|
225
|
+
return pulumi.get(self, "issuer_name")
|
|
226
|
+
|
|
227
|
+
@issuer_name.setter
|
|
228
|
+
def issuer_name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
229
|
+
pulumi.set(self, "issuer_name", value)
|
|
230
|
+
|
|
231
|
+
@_builtins.property
|
|
232
|
+
@pulumi.getter(name="issuingCertificates")
|
|
233
|
+
def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
234
|
+
"""
|
|
235
|
+
Specifies the URL values for the Issuing
|
|
236
|
+
Certificate field.
|
|
237
|
+
"""
|
|
238
|
+
return pulumi.get(self, "issuing_certificates")
|
|
239
|
+
|
|
240
|
+
@issuing_certificates.setter
|
|
241
|
+
def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
242
|
+
pulumi.set(self, "issuing_certificates", value)
|
|
243
|
+
|
|
244
|
+
@_builtins.property
|
|
245
|
+
@pulumi.getter(name="leafNotAfterBehavior")
|
|
246
|
+
def leaf_not_after_behavior(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
247
|
+
"""
|
|
248
|
+
Behavior of a leaf's NotAfter field during
|
|
249
|
+
issuance.
|
|
250
|
+
"""
|
|
251
|
+
return pulumi.get(self, "leaf_not_after_behavior")
|
|
252
|
+
|
|
253
|
+
@leaf_not_after_behavior.setter
|
|
254
|
+
def leaf_not_after_behavior(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
255
|
+
pulumi.set(self, "leaf_not_after_behavior", value)
|
|
256
|
+
|
|
257
|
+
@_builtins.property
|
|
258
|
+
@pulumi.getter(name="manualChains")
|
|
259
|
+
def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
260
|
+
"""
|
|
261
|
+
Chain of issuer references to build this issuer's
|
|
262
|
+
computed CAChain field from, when non-empty.
|
|
263
|
+
"""
|
|
264
|
+
return pulumi.get(self, "manual_chains")
|
|
265
|
+
|
|
266
|
+
@manual_chains.setter
|
|
267
|
+
def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
268
|
+
pulumi.set(self, "manual_chains", value)
|
|
269
|
+
|
|
270
|
+
@_builtins.property
|
|
271
|
+
@pulumi.getter
|
|
272
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
273
|
+
"""
|
|
274
|
+
The namespace to provision the resource in.
|
|
275
|
+
The value should not contain leading or trailing forward slashes.
|
|
276
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
277
|
+
*Available only for Vault Enterprise*.
|
|
278
|
+
"""
|
|
279
|
+
return pulumi.get(self, "namespace")
|
|
280
|
+
|
|
281
|
+
@namespace.setter
|
|
282
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
283
|
+
pulumi.set(self, "namespace", value)
|
|
284
|
+
|
|
285
|
+
@_builtins.property
|
|
286
|
+
@pulumi.getter(name="ocspServers")
|
|
287
|
+
def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
288
|
+
"""
|
|
289
|
+
Specifies the URL values for the OCSP Servers field.
|
|
290
|
+
"""
|
|
291
|
+
return pulumi.get(self, "ocsp_servers")
|
|
292
|
+
|
|
293
|
+
@ocsp_servers.setter
|
|
294
|
+
def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
295
|
+
pulumi.set(self, "ocsp_servers", value)
|
|
296
|
+
|
|
297
|
+
@_builtins.property
|
|
298
|
+
@pulumi.getter(name="revocationSignatureAlgorithm")
|
|
299
|
+
def revocation_signature_algorithm(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
300
|
+
"""
|
|
301
|
+
Which signature algorithm to use
|
|
302
|
+
when building CRLs.
|
|
303
|
+
"""
|
|
304
|
+
return pulumi.get(self, "revocation_signature_algorithm")
|
|
305
|
+
|
|
306
|
+
@revocation_signature_algorithm.setter
|
|
307
|
+
def revocation_signature_algorithm(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
308
|
+
pulumi.set(self, "revocation_signature_algorithm", value)
|
|
309
|
+
|
|
310
|
+
@_builtins.property
|
|
311
|
+
@pulumi.getter
|
|
312
|
+
def usage(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
313
|
+
"""
|
|
314
|
+
Allowed usages for this issuer.
|
|
315
|
+
"""
|
|
316
|
+
return pulumi.get(self, "usage")
|
|
317
|
+
|
|
318
|
+
@usage.setter
|
|
319
|
+
def usage(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
320
|
+
pulumi.set(self, "usage", value)
|
|
321
|
+
|
|
322
|
+
|
|
323
|
+
@pulumi.input_type
|
|
324
|
+
class _SecretBackendIssuerState:
|
|
325
|
+
def __init__(__self__, *,
|
|
326
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
327
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
328
|
+
disable_critical_extension_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
329
|
+
disable_name_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
330
|
+
disable_name_constraint_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
331
|
+
disable_path_length_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
332
|
+
enable_aia_url_templating: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
333
|
+
issuer_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
334
|
+
issuer_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
335
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
336
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
337
|
+
leaf_not_after_behavior: Optional[pulumi.Input[_builtins.str]] = None,
|
|
338
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
339
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
340
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
341
|
+
revocation_signature_algorithm: Optional[pulumi.Input[_builtins.str]] = None,
|
|
342
|
+
usage: Optional[pulumi.Input[_builtins.str]] = None):
|
|
343
|
+
"""
|
|
344
|
+
Input properties used for looking up and filtering SecretBackendIssuer resources.
|
|
345
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
|
346
|
+
leading or trailing `/`s.
|
|
347
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
|
348
|
+
Distribution Points field.
|
|
349
|
+
:param pulumi.Input[_builtins.bool] disable_critical_extension_checks: This determines whether this
|
|
350
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
351
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
352
|
+
:param pulumi.Input[_builtins.bool] disable_name_checks: This determines whether this issuer is able
|
|
353
|
+
to issue certificates where the chain of trust (including the final issued
|
|
354
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
355
|
+
does not match the named issuer of the certificate it signed.
|
|
356
|
+
:param pulumi.Input[_builtins.bool] disable_name_constraint_checks: This determines whether this
|
|
357
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
358
|
+
final issued certificate) violates the name constraints critical extension of
|
|
359
|
+
one of the issuer certificates in the chain.
|
|
360
|
+
:param pulumi.Input[_builtins.bool] disable_path_length_checks: This determines whether this issuer
|
|
361
|
+
is able to issue certificates where the chain of trust (including the final
|
|
362
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
363
|
+
chain.
|
|
364
|
+
:param pulumi.Input[_builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
|
365
|
+
be templated.
|
|
366
|
+
:param pulumi.Input[_builtins.str] issuer_id: ID of the issuer.
|
|
367
|
+
:param pulumi.Input[_builtins.str] issuer_name: Name of the issuer.
|
|
368
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Reference to an existing issuer.
|
|
369
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
|
370
|
+
Certificate field.
|
|
371
|
+
:param pulumi.Input[_builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
|
372
|
+
issuance.
|
|
373
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
|
374
|
+
computed CAChain field from, when non-empty.
|
|
375
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
376
|
+
The value should not contain leading or trailing forward slashes.
|
|
377
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
378
|
+
*Available only for Vault Enterprise*.
|
|
379
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
|
380
|
+
:param pulumi.Input[_builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
|
381
|
+
when building CRLs.
|
|
382
|
+
:param pulumi.Input[_builtins.str] usage: Allowed usages for this issuer.
|
|
383
|
+
"""
|
|
384
|
+
if backend is not None:
|
|
385
|
+
pulumi.set(__self__, "backend", backend)
|
|
386
|
+
if crl_distribution_points is not None:
|
|
387
|
+
pulumi.set(__self__, "crl_distribution_points", crl_distribution_points)
|
|
388
|
+
if disable_critical_extension_checks is not None:
|
|
389
|
+
pulumi.set(__self__, "disable_critical_extension_checks", disable_critical_extension_checks)
|
|
390
|
+
if disable_name_checks is not None:
|
|
391
|
+
pulumi.set(__self__, "disable_name_checks", disable_name_checks)
|
|
392
|
+
if disable_name_constraint_checks is not None:
|
|
393
|
+
pulumi.set(__self__, "disable_name_constraint_checks", disable_name_constraint_checks)
|
|
394
|
+
if disable_path_length_checks is not None:
|
|
395
|
+
pulumi.set(__self__, "disable_path_length_checks", disable_path_length_checks)
|
|
396
|
+
if enable_aia_url_templating is not None:
|
|
397
|
+
pulumi.set(__self__, "enable_aia_url_templating", enable_aia_url_templating)
|
|
398
|
+
if issuer_id is not None:
|
|
399
|
+
pulumi.set(__self__, "issuer_id", issuer_id)
|
|
400
|
+
if issuer_name is not None:
|
|
401
|
+
pulumi.set(__self__, "issuer_name", issuer_name)
|
|
402
|
+
if issuer_ref is not None:
|
|
403
|
+
pulumi.set(__self__, "issuer_ref", issuer_ref)
|
|
404
|
+
if issuing_certificates is not None:
|
|
405
|
+
pulumi.set(__self__, "issuing_certificates", issuing_certificates)
|
|
406
|
+
if leaf_not_after_behavior is not None:
|
|
407
|
+
pulumi.set(__self__, "leaf_not_after_behavior", leaf_not_after_behavior)
|
|
408
|
+
if manual_chains is not None:
|
|
409
|
+
pulumi.set(__self__, "manual_chains", manual_chains)
|
|
410
|
+
if namespace is not None:
|
|
411
|
+
pulumi.set(__self__, "namespace", namespace)
|
|
412
|
+
if ocsp_servers is not None:
|
|
413
|
+
pulumi.set(__self__, "ocsp_servers", ocsp_servers)
|
|
414
|
+
if revocation_signature_algorithm is not None:
|
|
415
|
+
pulumi.set(__self__, "revocation_signature_algorithm", revocation_signature_algorithm)
|
|
416
|
+
if usage is not None:
|
|
417
|
+
pulumi.set(__self__, "usage", usage)
|
|
418
|
+
|
|
419
|
+
@_builtins.property
|
|
420
|
+
@pulumi.getter
|
|
421
|
+
def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
422
|
+
"""
|
|
423
|
+
The path the PKI secret backend is mounted at, with no
|
|
424
|
+
leading or trailing `/`s.
|
|
425
|
+
"""
|
|
426
|
+
return pulumi.get(self, "backend")
|
|
427
|
+
|
|
428
|
+
@backend.setter
|
|
429
|
+
def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
430
|
+
pulumi.set(self, "backend", value)
|
|
431
|
+
|
|
432
|
+
@_builtins.property
|
|
433
|
+
@pulumi.getter(name="crlDistributionPoints")
|
|
434
|
+
def crl_distribution_points(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
435
|
+
"""
|
|
436
|
+
Specifies the URL values for the CRL
|
|
437
|
+
Distribution Points field.
|
|
438
|
+
"""
|
|
439
|
+
return pulumi.get(self, "crl_distribution_points")
|
|
440
|
+
|
|
441
|
+
@crl_distribution_points.setter
|
|
442
|
+
def crl_distribution_points(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
443
|
+
pulumi.set(self, "crl_distribution_points", value)
|
|
444
|
+
|
|
445
|
+
@_builtins.property
|
|
446
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
|
447
|
+
def disable_critical_extension_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
448
|
+
"""
|
|
449
|
+
This determines whether this
|
|
450
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
451
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
452
|
+
"""
|
|
453
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
|
454
|
+
|
|
455
|
+
@disable_critical_extension_checks.setter
|
|
456
|
+
def disable_critical_extension_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
457
|
+
pulumi.set(self, "disable_critical_extension_checks", value)
|
|
458
|
+
|
|
459
|
+
@_builtins.property
|
|
460
|
+
@pulumi.getter(name="disableNameChecks")
|
|
461
|
+
def disable_name_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
462
|
+
"""
|
|
463
|
+
This determines whether this issuer is able
|
|
464
|
+
to issue certificates where the chain of trust (including the final issued
|
|
465
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
466
|
+
does not match the named issuer of the certificate it signed.
|
|
467
|
+
"""
|
|
468
|
+
return pulumi.get(self, "disable_name_checks")
|
|
469
|
+
|
|
470
|
+
@disable_name_checks.setter
|
|
471
|
+
def disable_name_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
472
|
+
pulumi.set(self, "disable_name_checks", value)
|
|
473
|
+
|
|
474
|
+
@_builtins.property
|
|
475
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
|
476
|
+
def disable_name_constraint_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
477
|
+
"""
|
|
478
|
+
This determines whether this
|
|
479
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
480
|
+
final issued certificate) violates the name constraints critical extension of
|
|
481
|
+
one of the issuer certificates in the chain.
|
|
482
|
+
"""
|
|
483
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
|
484
|
+
|
|
485
|
+
@disable_name_constraint_checks.setter
|
|
486
|
+
def disable_name_constraint_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
487
|
+
pulumi.set(self, "disable_name_constraint_checks", value)
|
|
488
|
+
|
|
489
|
+
@_builtins.property
|
|
490
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
|
491
|
+
def disable_path_length_checks(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
492
|
+
"""
|
|
493
|
+
This determines whether this issuer
|
|
494
|
+
is able to issue certificates where the chain of trust (including the final
|
|
495
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
496
|
+
chain.
|
|
497
|
+
"""
|
|
498
|
+
return pulumi.get(self, "disable_path_length_checks")
|
|
499
|
+
|
|
500
|
+
@disable_path_length_checks.setter
|
|
501
|
+
def disable_path_length_checks(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
502
|
+
pulumi.set(self, "disable_path_length_checks", value)
|
|
503
|
+
|
|
504
|
+
@_builtins.property
|
|
505
|
+
@pulumi.getter(name="enableAiaUrlTemplating")
|
|
506
|
+
def enable_aia_url_templating(self) -> Optional[pulumi.Input[_builtins.bool]]:
|
|
507
|
+
"""
|
|
508
|
+
Specifies that the AIA URL values should
|
|
509
|
+
be templated.
|
|
510
|
+
"""
|
|
511
|
+
return pulumi.get(self, "enable_aia_url_templating")
|
|
512
|
+
|
|
513
|
+
@enable_aia_url_templating.setter
|
|
514
|
+
def enable_aia_url_templating(self, value: Optional[pulumi.Input[_builtins.bool]]):
|
|
515
|
+
pulumi.set(self, "enable_aia_url_templating", value)
|
|
516
|
+
|
|
517
|
+
@_builtins.property
|
|
518
|
+
@pulumi.getter(name="issuerId")
|
|
519
|
+
def issuer_id(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
520
|
+
"""
|
|
521
|
+
ID of the issuer.
|
|
522
|
+
"""
|
|
523
|
+
return pulumi.get(self, "issuer_id")
|
|
524
|
+
|
|
525
|
+
@issuer_id.setter
|
|
526
|
+
def issuer_id(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
527
|
+
pulumi.set(self, "issuer_id", value)
|
|
528
|
+
|
|
529
|
+
@_builtins.property
|
|
530
|
+
@pulumi.getter(name="issuerName")
|
|
531
|
+
def issuer_name(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
532
|
+
"""
|
|
533
|
+
Name of the issuer.
|
|
534
|
+
"""
|
|
535
|
+
return pulumi.get(self, "issuer_name")
|
|
536
|
+
|
|
537
|
+
@issuer_name.setter
|
|
538
|
+
def issuer_name(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
539
|
+
pulumi.set(self, "issuer_name", value)
|
|
540
|
+
|
|
541
|
+
@_builtins.property
|
|
542
|
+
@pulumi.getter(name="issuerRef")
|
|
543
|
+
def issuer_ref(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
544
|
+
"""
|
|
545
|
+
Reference to an existing issuer.
|
|
546
|
+
"""
|
|
547
|
+
return pulumi.get(self, "issuer_ref")
|
|
548
|
+
|
|
549
|
+
@issuer_ref.setter
|
|
550
|
+
def issuer_ref(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
551
|
+
pulumi.set(self, "issuer_ref", value)
|
|
552
|
+
|
|
553
|
+
@_builtins.property
|
|
554
|
+
@pulumi.getter(name="issuingCertificates")
|
|
555
|
+
def issuing_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
556
|
+
"""
|
|
557
|
+
Specifies the URL values for the Issuing
|
|
558
|
+
Certificate field.
|
|
559
|
+
"""
|
|
560
|
+
return pulumi.get(self, "issuing_certificates")
|
|
561
|
+
|
|
562
|
+
@issuing_certificates.setter
|
|
563
|
+
def issuing_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
564
|
+
pulumi.set(self, "issuing_certificates", value)
|
|
565
|
+
|
|
566
|
+
@_builtins.property
|
|
567
|
+
@pulumi.getter(name="leafNotAfterBehavior")
|
|
568
|
+
def leaf_not_after_behavior(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
569
|
+
"""
|
|
570
|
+
Behavior of a leaf's NotAfter field during
|
|
571
|
+
issuance.
|
|
572
|
+
"""
|
|
573
|
+
return pulumi.get(self, "leaf_not_after_behavior")
|
|
574
|
+
|
|
575
|
+
@leaf_not_after_behavior.setter
|
|
576
|
+
def leaf_not_after_behavior(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
577
|
+
pulumi.set(self, "leaf_not_after_behavior", value)
|
|
578
|
+
|
|
579
|
+
@_builtins.property
|
|
580
|
+
@pulumi.getter(name="manualChains")
|
|
581
|
+
def manual_chains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
582
|
+
"""
|
|
583
|
+
Chain of issuer references to build this issuer's
|
|
584
|
+
computed CAChain field from, when non-empty.
|
|
585
|
+
"""
|
|
586
|
+
return pulumi.get(self, "manual_chains")
|
|
587
|
+
|
|
588
|
+
@manual_chains.setter
|
|
589
|
+
def manual_chains(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
590
|
+
pulumi.set(self, "manual_chains", value)
|
|
591
|
+
|
|
592
|
+
@_builtins.property
|
|
593
|
+
@pulumi.getter
|
|
594
|
+
def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
595
|
+
"""
|
|
596
|
+
The namespace to provision the resource in.
|
|
597
|
+
The value should not contain leading or trailing forward slashes.
|
|
598
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
599
|
+
*Available only for Vault Enterprise*.
|
|
600
|
+
"""
|
|
601
|
+
return pulumi.get(self, "namespace")
|
|
602
|
+
|
|
603
|
+
@namespace.setter
|
|
604
|
+
def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
605
|
+
pulumi.set(self, "namespace", value)
|
|
606
|
+
|
|
607
|
+
@_builtins.property
|
|
608
|
+
@pulumi.getter(name="ocspServers")
|
|
609
|
+
def ocsp_servers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
|
|
610
|
+
"""
|
|
611
|
+
Specifies the URL values for the OCSP Servers field.
|
|
612
|
+
"""
|
|
613
|
+
return pulumi.get(self, "ocsp_servers")
|
|
614
|
+
|
|
615
|
+
@ocsp_servers.setter
|
|
616
|
+
def ocsp_servers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
|
|
617
|
+
pulumi.set(self, "ocsp_servers", value)
|
|
618
|
+
|
|
619
|
+
@_builtins.property
|
|
620
|
+
@pulumi.getter(name="revocationSignatureAlgorithm")
|
|
621
|
+
def revocation_signature_algorithm(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
622
|
+
"""
|
|
623
|
+
Which signature algorithm to use
|
|
624
|
+
when building CRLs.
|
|
625
|
+
"""
|
|
626
|
+
return pulumi.get(self, "revocation_signature_algorithm")
|
|
627
|
+
|
|
628
|
+
@revocation_signature_algorithm.setter
|
|
629
|
+
def revocation_signature_algorithm(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
630
|
+
pulumi.set(self, "revocation_signature_algorithm", value)
|
|
631
|
+
|
|
632
|
+
@_builtins.property
|
|
633
|
+
@pulumi.getter
|
|
634
|
+
def usage(self) -> Optional[pulumi.Input[_builtins.str]]:
|
|
635
|
+
"""
|
|
636
|
+
Allowed usages for this issuer.
|
|
637
|
+
"""
|
|
638
|
+
return pulumi.get(self, "usage")
|
|
639
|
+
|
|
640
|
+
@usage.setter
|
|
641
|
+
def usage(self, value: Optional[pulumi.Input[_builtins.str]]):
|
|
642
|
+
pulumi.set(self, "usage", value)
|
|
643
|
+
|
|
644
|
+
|
|
645
|
+
@pulumi.type_token("vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer")
|
|
646
|
+
class SecretBackendIssuer(pulumi.CustomResource):
|
|
647
|
+
@overload
|
|
648
|
+
def __init__(__self__,
|
|
649
|
+
resource_name: str,
|
|
650
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
651
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
652
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
653
|
+
disable_critical_extension_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
654
|
+
disable_name_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
655
|
+
disable_name_constraint_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
656
|
+
disable_path_length_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
657
|
+
enable_aia_url_templating: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
658
|
+
issuer_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
659
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
660
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
661
|
+
leaf_not_after_behavior: Optional[pulumi.Input[_builtins.str]] = None,
|
|
662
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
663
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
664
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
665
|
+
revocation_signature_algorithm: Optional[pulumi.Input[_builtins.str]] = None,
|
|
666
|
+
usage: Optional[pulumi.Input[_builtins.str]] = None,
|
|
667
|
+
__props__=None):
|
|
668
|
+
"""
|
|
669
|
+
## Example Usage
|
|
670
|
+
|
|
671
|
+
```python
|
|
672
|
+
import pulumi
|
|
673
|
+
import pulumi_vault as vault
|
|
674
|
+
|
|
675
|
+
pki = vault.Mount("pki",
|
|
676
|
+
path="pki",
|
|
677
|
+
type="pki",
|
|
678
|
+
default_lease_ttl_seconds=3600,
|
|
679
|
+
max_lease_ttl_seconds=86400)
|
|
680
|
+
root = vault.pkisecret.SecretBackendRootCert("root",
|
|
681
|
+
backend=pki.path,
|
|
682
|
+
type="internal",
|
|
683
|
+
common_name="test",
|
|
684
|
+
ttl="86400")
|
|
685
|
+
example = vault.pkisecret.SecretBackendIssuer("example",
|
|
686
|
+
backend=root.backend,
|
|
687
|
+
issuer_ref=root.issuer_id,
|
|
688
|
+
issuer_name="example-issuer")
|
|
689
|
+
```
|
|
690
|
+
|
|
691
|
+
## Import
|
|
692
|
+
|
|
693
|
+
PKI secret backend issuer can be imported using the `id`, e.g.
|
|
694
|
+
|
|
695
|
+
```sh
|
|
696
|
+
$ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
|
|
697
|
+
```
|
|
698
|
+
|
|
699
|
+
:param str resource_name: The name of the resource.
|
|
700
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
701
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
|
702
|
+
leading or trailing `/`s.
|
|
703
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
|
704
|
+
Distribution Points field.
|
|
705
|
+
:param pulumi.Input[_builtins.bool] disable_critical_extension_checks: This determines whether this
|
|
706
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
707
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
708
|
+
:param pulumi.Input[_builtins.bool] disable_name_checks: This determines whether this issuer is able
|
|
709
|
+
to issue certificates where the chain of trust (including the final issued
|
|
710
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
711
|
+
does not match the named issuer of the certificate it signed.
|
|
712
|
+
:param pulumi.Input[_builtins.bool] disable_name_constraint_checks: This determines whether this
|
|
713
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
714
|
+
final issued certificate) violates the name constraints critical extension of
|
|
715
|
+
one of the issuer certificates in the chain.
|
|
716
|
+
:param pulumi.Input[_builtins.bool] disable_path_length_checks: This determines whether this issuer
|
|
717
|
+
is able to issue certificates where the chain of trust (including the final
|
|
718
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
719
|
+
chain.
|
|
720
|
+
:param pulumi.Input[_builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
|
721
|
+
be templated.
|
|
722
|
+
:param pulumi.Input[_builtins.str] issuer_name: Name of the issuer.
|
|
723
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Reference to an existing issuer.
|
|
724
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
|
725
|
+
Certificate field.
|
|
726
|
+
:param pulumi.Input[_builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
|
727
|
+
issuance.
|
|
728
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
|
729
|
+
computed CAChain field from, when non-empty.
|
|
730
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
731
|
+
The value should not contain leading or trailing forward slashes.
|
|
732
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
733
|
+
*Available only for Vault Enterprise*.
|
|
734
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
|
735
|
+
:param pulumi.Input[_builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
|
736
|
+
when building CRLs.
|
|
737
|
+
:param pulumi.Input[_builtins.str] usage: Allowed usages for this issuer.
|
|
738
|
+
"""
|
|
739
|
+
...
|
|
740
|
+
@overload
|
|
741
|
+
def __init__(__self__,
|
|
742
|
+
resource_name: str,
|
|
743
|
+
args: SecretBackendIssuerArgs,
|
|
744
|
+
opts: Optional[pulumi.ResourceOptions] = None):
|
|
745
|
+
"""
|
|
746
|
+
## Example Usage
|
|
747
|
+
|
|
748
|
+
```python
|
|
749
|
+
import pulumi
|
|
750
|
+
import pulumi_vault as vault
|
|
751
|
+
|
|
752
|
+
pki = vault.Mount("pki",
|
|
753
|
+
path="pki",
|
|
754
|
+
type="pki",
|
|
755
|
+
default_lease_ttl_seconds=3600,
|
|
756
|
+
max_lease_ttl_seconds=86400)
|
|
757
|
+
root = vault.pkisecret.SecretBackendRootCert("root",
|
|
758
|
+
backend=pki.path,
|
|
759
|
+
type="internal",
|
|
760
|
+
common_name="test",
|
|
761
|
+
ttl="86400")
|
|
762
|
+
example = vault.pkisecret.SecretBackendIssuer("example",
|
|
763
|
+
backend=root.backend,
|
|
764
|
+
issuer_ref=root.issuer_id,
|
|
765
|
+
issuer_name="example-issuer")
|
|
766
|
+
```
|
|
767
|
+
|
|
768
|
+
## Import
|
|
769
|
+
|
|
770
|
+
PKI secret backend issuer can be imported using the `id`, e.g.
|
|
771
|
+
|
|
772
|
+
```sh
|
|
773
|
+
$ pulumi import vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer example pki/issuer/bf9b0d48-d0dd-652c-30be-77d04fc7e94d
|
|
774
|
+
```
|
|
775
|
+
|
|
776
|
+
:param str resource_name: The name of the resource.
|
|
777
|
+
:param SecretBackendIssuerArgs args: The arguments to use to populate this resource's properties.
|
|
778
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
779
|
+
"""
|
|
780
|
+
...
|
|
781
|
+
def __init__(__self__, resource_name: str, *args, **kwargs):
|
|
782
|
+
resource_args, opts = _utilities.get_resource_args_opts(SecretBackendIssuerArgs, pulumi.ResourceOptions, *args, **kwargs)
|
|
783
|
+
if resource_args is not None:
|
|
784
|
+
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
|
|
785
|
+
else:
|
|
786
|
+
__self__._internal_init(resource_name, *args, **kwargs)
|
|
787
|
+
|
|
788
|
+
def _internal_init(__self__,
|
|
789
|
+
resource_name: str,
|
|
790
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
791
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
792
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
793
|
+
disable_critical_extension_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
794
|
+
disable_name_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
795
|
+
disable_name_constraint_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
796
|
+
disable_path_length_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
797
|
+
enable_aia_url_templating: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
798
|
+
issuer_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
799
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
800
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
801
|
+
leaf_not_after_behavior: Optional[pulumi.Input[_builtins.str]] = None,
|
|
802
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
803
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
804
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
805
|
+
revocation_signature_algorithm: Optional[pulumi.Input[_builtins.str]] = None,
|
|
806
|
+
usage: Optional[pulumi.Input[_builtins.str]] = None,
|
|
807
|
+
__props__=None):
|
|
808
|
+
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
|
|
809
|
+
if not isinstance(opts, pulumi.ResourceOptions):
|
|
810
|
+
raise TypeError('Expected resource options to be a ResourceOptions instance')
|
|
811
|
+
if opts.id is None:
|
|
812
|
+
if __props__ is not None:
|
|
813
|
+
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
|
|
814
|
+
__props__ = SecretBackendIssuerArgs.__new__(SecretBackendIssuerArgs)
|
|
815
|
+
|
|
816
|
+
if backend is None and not opts.urn:
|
|
817
|
+
raise TypeError("Missing required property 'backend'")
|
|
818
|
+
__props__.__dict__["backend"] = backend
|
|
819
|
+
__props__.__dict__["crl_distribution_points"] = crl_distribution_points
|
|
820
|
+
__props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
|
|
821
|
+
__props__.__dict__["disable_name_checks"] = disable_name_checks
|
|
822
|
+
__props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
|
|
823
|
+
__props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
|
|
824
|
+
__props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
|
|
825
|
+
__props__.__dict__["issuer_name"] = issuer_name
|
|
826
|
+
if issuer_ref is None and not opts.urn:
|
|
827
|
+
raise TypeError("Missing required property 'issuer_ref'")
|
|
828
|
+
__props__.__dict__["issuer_ref"] = issuer_ref
|
|
829
|
+
__props__.__dict__["issuing_certificates"] = issuing_certificates
|
|
830
|
+
__props__.__dict__["leaf_not_after_behavior"] = leaf_not_after_behavior
|
|
831
|
+
__props__.__dict__["manual_chains"] = manual_chains
|
|
832
|
+
__props__.__dict__["namespace"] = namespace
|
|
833
|
+
__props__.__dict__["ocsp_servers"] = ocsp_servers
|
|
834
|
+
__props__.__dict__["revocation_signature_algorithm"] = revocation_signature_algorithm
|
|
835
|
+
__props__.__dict__["usage"] = usage
|
|
836
|
+
__props__.__dict__["issuer_id"] = None
|
|
837
|
+
super(SecretBackendIssuer, __self__).__init__(
|
|
838
|
+
'vault:pkiSecret/secretBackendIssuer:SecretBackendIssuer',
|
|
839
|
+
resource_name,
|
|
840
|
+
__props__,
|
|
841
|
+
opts)
|
|
842
|
+
|
|
843
|
+
@staticmethod
|
|
844
|
+
def get(resource_name: str,
|
|
845
|
+
id: pulumi.Input[str],
|
|
846
|
+
opts: Optional[pulumi.ResourceOptions] = None,
|
|
847
|
+
backend: Optional[pulumi.Input[_builtins.str]] = None,
|
|
848
|
+
crl_distribution_points: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
849
|
+
disable_critical_extension_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
850
|
+
disable_name_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
851
|
+
disable_name_constraint_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
852
|
+
disable_path_length_checks: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
853
|
+
enable_aia_url_templating: Optional[pulumi.Input[_builtins.bool]] = None,
|
|
854
|
+
issuer_id: Optional[pulumi.Input[_builtins.str]] = None,
|
|
855
|
+
issuer_name: Optional[pulumi.Input[_builtins.str]] = None,
|
|
856
|
+
issuer_ref: Optional[pulumi.Input[_builtins.str]] = None,
|
|
857
|
+
issuing_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
858
|
+
leaf_not_after_behavior: Optional[pulumi.Input[_builtins.str]] = None,
|
|
859
|
+
manual_chains: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
860
|
+
namespace: Optional[pulumi.Input[_builtins.str]] = None,
|
|
861
|
+
ocsp_servers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
|
|
862
|
+
revocation_signature_algorithm: Optional[pulumi.Input[_builtins.str]] = None,
|
|
863
|
+
usage: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackendIssuer':
|
|
864
|
+
"""
|
|
865
|
+
Get an existing SecretBackendIssuer resource's state with the given name, id, and optional extra
|
|
866
|
+
properties used to qualify the lookup.
|
|
867
|
+
|
|
868
|
+
:param str resource_name: The unique name of the resulting resource.
|
|
869
|
+
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
|
|
870
|
+
:param pulumi.ResourceOptions opts: Options for the resource.
|
|
871
|
+
:param pulumi.Input[_builtins.str] backend: The path the PKI secret backend is mounted at, with no
|
|
872
|
+
leading or trailing `/`s.
|
|
873
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] crl_distribution_points: Specifies the URL values for the CRL
|
|
874
|
+
Distribution Points field.
|
|
875
|
+
:param pulumi.Input[_builtins.bool] disable_critical_extension_checks: This determines whether this
|
|
876
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
877
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
878
|
+
:param pulumi.Input[_builtins.bool] disable_name_checks: This determines whether this issuer is able
|
|
879
|
+
to issue certificates where the chain of trust (including the final issued
|
|
880
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
881
|
+
does not match the named issuer of the certificate it signed.
|
|
882
|
+
:param pulumi.Input[_builtins.bool] disable_name_constraint_checks: This determines whether this
|
|
883
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
884
|
+
final issued certificate) violates the name constraints critical extension of
|
|
885
|
+
one of the issuer certificates in the chain.
|
|
886
|
+
:param pulumi.Input[_builtins.bool] disable_path_length_checks: This determines whether this issuer
|
|
887
|
+
is able to issue certificates where the chain of trust (including the final
|
|
888
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
889
|
+
chain.
|
|
890
|
+
:param pulumi.Input[_builtins.bool] enable_aia_url_templating: Specifies that the AIA URL values should
|
|
891
|
+
be templated.
|
|
892
|
+
:param pulumi.Input[_builtins.str] issuer_id: ID of the issuer.
|
|
893
|
+
:param pulumi.Input[_builtins.str] issuer_name: Name of the issuer.
|
|
894
|
+
:param pulumi.Input[_builtins.str] issuer_ref: Reference to an existing issuer.
|
|
895
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] issuing_certificates: Specifies the URL values for the Issuing
|
|
896
|
+
Certificate field.
|
|
897
|
+
:param pulumi.Input[_builtins.str] leaf_not_after_behavior: Behavior of a leaf's NotAfter field during
|
|
898
|
+
issuance.
|
|
899
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] manual_chains: Chain of issuer references to build this issuer's
|
|
900
|
+
computed CAChain field from, when non-empty.
|
|
901
|
+
:param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
|
|
902
|
+
The value should not contain leading or trailing forward slashes.
|
|
903
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
904
|
+
*Available only for Vault Enterprise*.
|
|
905
|
+
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] ocsp_servers: Specifies the URL values for the OCSP Servers field.
|
|
906
|
+
:param pulumi.Input[_builtins.str] revocation_signature_algorithm: Which signature algorithm to use
|
|
907
|
+
when building CRLs.
|
|
908
|
+
:param pulumi.Input[_builtins.str] usage: Allowed usages for this issuer.
|
|
909
|
+
"""
|
|
910
|
+
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
|
|
911
|
+
|
|
912
|
+
__props__ = _SecretBackendIssuerState.__new__(_SecretBackendIssuerState)
|
|
913
|
+
|
|
914
|
+
__props__.__dict__["backend"] = backend
|
|
915
|
+
__props__.__dict__["crl_distribution_points"] = crl_distribution_points
|
|
916
|
+
__props__.__dict__["disable_critical_extension_checks"] = disable_critical_extension_checks
|
|
917
|
+
__props__.__dict__["disable_name_checks"] = disable_name_checks
|
|
918
|
+
__props__.__dict__["disable_name_constraint_checks"] = disable_name_constraint_checks
|
|
919
|
+
__props__.__dict__["disable_path_length_checks"] = disable_path_length_checks
|
|
920
|
+
__props__.__dict__["enable_aia_url_templating"] = enable_aia_url_templating
|
|
921
|
+
__props__.__dict__["issuer_id"] = issuer_id
|
|
922
|
+
__props__.__dict__["issuer_name"] = issuer_name
|
|
923
|
+
__props__.__dict__["issuer_ref"] = issuer_ref
|
|
924
|
+
__props__.__dict__["issuing_certificates"] = issuing_certificates
|
|
925
|
+
__props__.__dict__["leaf_not_after_behavior"] = leaf_not_after_behavior
|
|
926
|
+
__props__.__dict__["manual_chains"] = manual_chains
|
|
927
|
+
__props__.__dict__["namespace"] = namespace
|
|
928
|
+
__props__.__dict__["ocsp_servers"] = ocsp_servers
|
|
929
|
+
__props__.__dict__["revocation_signature_algorithm"] = revocation_signature_algorithm
|
|
930
|
+
__props__.__dict__["usage"] = usage
|
|
931
|
+
return SecretBackendIssuer(resource_name, opts=opts, __props__=__props__)
|
|
932
|
+
|
|
933
|
+
@_builtins.property
|
|
934
|
+
@pulumi.getter
|
|
935
|
+
def backend(self) -> pulumi.Output[_builtins.str]:
|
|
936
|
+
"""
|
|
937
|
+
The path the PKI secret backend is mounted at, with no
|
|
938
|
+
leading or trailing `/`s.
|
|
939
|
+
"""
|
|
940
|
+
return pulumi.get(self, "backend")
|
|
941
|
+
|
|
942
|
+
@_builtins.property
|
|
943
|
+
@pulumi.getter(name="crlDistributionPoints")
|
|
944
|
+
def crl_distribution_points(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
945
|
+
"""
|
|
946
|
+
Specifies the URL values for the CRL
|
|
947
|
+
Distribution Points field.
|
|
948
|
+
"""
|
|
949
|
+
return pulumi.get(self, "crl_distribution_points")
|
|
950
|
+
|
|
951
|
+
@_builtins.property
|
|
952
|
+
@pulumi.getter(name="disableCriticalExtensionChecks")
|
|
953
|
+
def disable_critical_extension_checks(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
954
|
+
"""
|
|
955
|
+
This determines whether this
|
|
956
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
957
|
+
issued certificate) contain critical extensions not processed by Vault.
|
|
958
|
+
"""
|
|
959
|
+
return pulumi.get(self, "disable_critical_extension_checks")
|
|
960
|
+
|
|
961
|
+
@_builtins.property
|
|
962
|
+
@pulumi.getter(name="disableNameChecks")
|
|
963
|
+
def disable_name_checks(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
964
|
+
"""
|
|
965
|
+
This determines whether this issuer is able
|
|
966
|
+
to issue certificates where the chain of trust (including the final issued
|
|
967
|
+
certificate) contains a link in which the subject of the issuing certificate
|
|
968
|
+
does not match the named issuer of the certificate it signed.
|
|
969
|
+
"""
|
|
970
|
+
return pulumi.get(self, "disable_name_checks")
|
|
971
|
+
|
|
972
|
+
@_builtins.property
|
|
973
|
+
@pulumi.getter(name="disableNameConstraintChecks")
|
|
974
|
+
def disable_name_constraint_checks(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
975
|
+
"""
|
|
976
|
+
This determines whether this
|
|
977
|
+
issuer is able to issue certificates where the chain of trust (including the
|
|
978
|
+
final issued certificate) violates the name constraints critical extension of
|
|
979
|
+
one of the issuer certificates in the chain.
|
|
980
|
+
"""
|
|
981
|
+
return pulumi.get(self, "disable_name_constraint_checks")
|
|
982
|
+
|
|
983
|
+
@_builtins.property
|
|
984
|
+
@pulumi.getter(name="disablePathLengthChecks")
|
|
985
|
+
def disable_path_length_checks(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
986
|
+
"""
|
|
987
|
+
This determines whether this issuer
|
|
988
|
+
is able to issue certificates where the chain of trust (including the final
|
|
989
|
+
issued certificate) is longer than allowed by a certificate authority in that
|
|
990
|
+
chain.
|
|
991
|
+
"""
|
|
992
|
+
return pulumi.get(self, "disable_path_length_checks")
|
|
993
|
+
|
|
994
|
+
@_builtins.property
|
|
995
|
+
@pulumi.getter(name="enableAiaUrlTemplating")
|
|
996
|
+
def enable_aia_url_templating(self) -> pulumi.Output[Optional[_builtins.bool]]:
|
|
997
|
+
"""
|
|
998
|
+
Specifies that the AIA URL values should
|
|
999
|
+
be templated.
|
|
1000
|
+
"""
|
|
1001
|
+
return pulumi.get(self, "enable_aia_url_templating")
|
|
1002
|
+
|
|
1003
|
+
@_builtins.property
|
|
1004
|
+
@pulumi.getter(name="issuerId")
|
|
1005
|
+
def issuer_id(self) -> pulumi.Output[_builtins.str]:
|
|
1006
|
+
"""
|
|
1007
|
+
ID of the issuer.
|
|
1008
|
+
"""
|
|
1009
|
+
return pulumi.get(self, "issuer_id")
|
|
1010
|
+
|
|
1011
|
+
@_builtins.property
|
|
1012
|
+
@pulumi.getter(name="issuerName")
|
|
1013
|
+
def issuer_name(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1014
|
+
"""
|
|
1015
|
+
Name of the issuer.
|
|
1016
|
+
"""
|
|
1017
|
+
return pulumi.get(self, "issuer_name")
|
|
1018
|
+
|
|
1019
|
+
@_builtins.property
|
|
1020
|
+
@pulumi.getter(name="issuerRef")
|
|
1021
|
+
def issuer_ref(self) -> pulumi.Output[_builtins.str]:
|
|
1022
|
+
"""
|
|
1023
|
+
Reference to an existing issuer.
|
|
1024
|
+
"""
|
|
1025
|
+
return pulumi.get(self, "issuer_ref")
|
|
1026
|
+
|
|
1027
|
+
@_builtins.property
|
|
1028
|
+
@pulumi.getter(name="issuingCertificates")
|
|
1029
|
+
def issuing_certificates(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
1030
|
+
"""
|
|
1031
|
+
Specifies the URL values for the Issuing
|
|
1032
|
+
Certificate field.
|
|
1033
|
+
"""
|
|
1034
|
+
return pulumi.get(self, "issuing_certificates")
|
|
1035
|
+
|
|
1036
|
+
@_builtins.property
|
|
1037
|
+
@pulumi.getter(name="leafNotAfterBehavior")
|
|
1038
|
+
def leaf_not_after_behavior(self) -> pulumi.Output[_builtins.str]:
|
|
1039
|
+
"""
|
|
1040
|
+
Behavior of a leaf's NotAfter field during
|
|
1041
|
+
issuance.
|
|
1042
|
+
"""
|
|
1043
|
+
return pulumi.get(self, "leaf_not_after_behavior")
|
|
1044
|
+
|
|
1045
|
+
@_builtins.property
|
|
1046
|
+
@pulumi.getter(name="manualChains")
|
|
1047
|
+
def manual_chains(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
1048
|
+
"""
|
|
1049
|
+
Chain of issuer references to build this issuer's
|
|
1050
|
+
computed CAChain field from, when non-empty.
|
|
1051
|
+
"""
|
|
1052
|
+
return pulumi.get(self, "manual_chains")
|
|
1053
|
+
|
|
1054
|
+
@_builtins.property
|
|
1055
|
+
@pulumi.getter
|
|
1056
|
+
def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
|
|
1057
|
+
"""
|
|
1058
|
+
The namespace to provision the resource in.
|
|
1059
|
+
The value should not contain leading or trailing forward slashes.
|
|
1060
|
+
The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
|
|
1061
|
+
*Available only for Vault Enterprise*.
|
|
1062
|
+
"""
|
|
1063
|
+
return pulumi.get(self, "namespace")
|
|
1064
|
+
|
|
1065
|
+
@_builtins.property
|
|
1066
|
+
@pulumi.getter(name="ocspServers")
|
|
1067
|
+
def ocsp_servers(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
|
|
1068
|
+
"""
|
|
1069
|
+
Specifies the URL values for the OCSP Servers field.
|
|
1070
|
+
"""
|
|
1071
|
+
return pulumi.get(self, "ocsp_servers")
|
|
1072
|
+
|
|
1073
|
+
@_builtins.property
|
|
1074
|
+
@pulumi.getter(name="revocationSignatureAlgorithm")
|
|
1075
|
+
def revocation_signature_algorithm(self) -> pulumi.Output[_builtins.str]:
|
|
1076
|
+
"""
|
|
1077
|
+
Which signature algorithm to use
|
|
1078
|
+
when building CRLs.
|
|
1079
|
+
"""
|
|
1080
|
+
return pulumi.get(self, "revocation_signature_algorithm")
|
|
1081
|
+
|
|
1082
|
+
@_builtins.property
|
|
1083
|
+
@pulumi.getter
|
|
1084
|
+
def usage(self) -> pulumi.Output[_builtins.str]:
|
|
1085
|
+
"""
|
|
1086
|
+
Allowed usages for this issuer.
|
|
1087
|
+
"""
|
|
1088
|
+
return pulumi.get(self, "usage")
|
|
1089
|
+
|