PyPI - pulumi-venafi - Versions diffs - 1.8.0a1710160781__py3-none-any.whl → 1.11.0a1736835975__py3-none-any.whl - Mend

pulumi-venafi 1.8.0a1710160781py3-none-any.whl → 1.11.0a1736835975py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pulumi-venafi might be problematic. Click here for more details.

Files changed (18) hide show

pulumi_venafi/__init__.py +11 -0
pulumi_venafi/_utilities.py +41 -5
pulumi_venafi/certificate.py +459 -190
pulumi_venafi/cloud_keystore_installation.py +409 -0
pulumi_venafi/config/__init__.pyi +17 -2
pulumi_venafi/config/vars.py +21 -2
pulumi_venafi/get_cloud_keystore.py +166 -0
pulumi_venafi/get_cloud_provider.py +167 -0
pulumi_venafi/policy.py +58 -65
pulumi_venafi/provider.py +73 -25
pulumi_venafi/pulumi-plugin.json +2 -1
pulumi_venafi/ssh_certificate.py +126 -75
pulumi_venafi/ssh_config.py +5 -4
{pulumi_venafi-1.8.0a1710160781.dist-info → pulumi_venafi-1.11.0a1736835975.dist-info}/METADATA +7 -6
pulumi_venafi-1.11.0a1736835975.dist-info/RECORD +19 -0
{pulumi_venafi-1.8.0a1710160781.dist-info → pulumi_venafi-1.11.0a1736835975.dist-info}/WHEEL +1 -1
pulumi_venafi-1.8.0a1710160781.dist-info/RECORD +0 -16
{pulumi_venafi-1.8.0a1710160781.dist-info → pulumi_venafi-1.11.0a1736835975.dist-info}/top_level.txt +0 -0

pulumi_venafi/certificate.py CHANGED Viewed

@@ -4,9 +4,14 @@
 import copy
 import warnings
+import sys
 import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
 from . import _utilities
 __all__ = ['CertificateArgs', 'Certificate']
@@ -17,6 +22,7 @@ class CertificateArgs:
                  common_name: pulumi.Input[str],
                  algorithm: Optional[pulumi.Input[str]] = None,
                  certificate_dn: Optional[pulumi.Input[str]] = None,
+                 country: Optional[pulumi.Input[str]] = None,
                  csr_origin: Optional[pulumi.Input[str]] = None,
                  csr_pem: Optional[pulumi.Input[str]] = None,
                  custom_fields: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -24,53 +30,60 @@ class CertificateArgs:
                  expiration_window: Optional[pulumi.Input[int]] = None,
                  issuer_hint: Optional[pulumi.Input[str]] = None,
                  key_password: Optional[pulumi.Input[str]] = None,
+                 locality: Optional[pulumi.Input[str]] = None,
                  nickname: Optional[pulumi.Input[str]] = None,
+                 organization: Optional[pulumi.Input[str]] = None,
+                 organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  pkcs12: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
+                 renew_required: Optional[pulumi.Input[bool]] = None,
                  rsa_bits: Optional[pulumi.Input[int]] = None,
                  san_dns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_emails: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 state: Optional[pulumi.Input[str]] = None,
                  valid_days: Optional[pulumi.Input[int]] = None):
         """
         The set of arguments for constructing a Certificate resource.
         :param pulumi.Input[str] common_name: The common name of the certificate.
-        :param pulumi.Input[str] algorithm: Key encryption algorithm, either `RSA` or `ECDSA`.
-               Defaults to `RSA`.
-        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is `local`.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to
-               assign to the certificate.
+        :param pulumi.Input[str] algorithm: Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
+        :param pulumi.Input[str] country: Country of the certificate (C)
+        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is
+               `local`.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to assign to the certificate.
         :param pulumi.Input[str] ecdsa_curve: ECDSA curve to use when generating a key
-        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry
-               to request a new certificate.  Defaults to `168`.
-        :param pulumi.Input[str] issuer_hint: Used with valid_days to indicate the target
-               issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-               "Entrust", and "Microsoft".
+        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry to request a new certificate.
+               Defaults to `168`.
+        :param pulumi.Input[str] issuer_hint: Used with `valid_days` to indicate the target issuer when using Trust Protection
+               Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         :param pulumi.Input[str] key_password: The password used to encrypt the private key.
-        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
-        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`.
-               Useful when working with resources like
-               azurerm_key_vault_certificate.
+        :param pulumi.Input[str] locality: Locality/City of the certificate (L)
+        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed
+               in a policy. Only valid for Trust Protection Platform.
+        :param pulumi.Input[str] organization: Organization of the certificate (O)
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] organizational_units: List of Organizational Units of the certificate (OU)
+        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+               azure key_vault_certificate.
         :param pulumi.Input[str] private_key_pem: The private key in PEM format.
-        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key.
-               Applies when `algorithm=RSA`.  Defaults to `2048`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as
-               alternative subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[int] valid_days: Desired number of days for which the new
-               certificate will be valid.
+        :param pulumi.Input[bool] renew_required: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+               Defaults to `2048`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+               the certificate.
+        :param pulumi.Input[str] state: State of the certificate (S)
+        :param pulumi.Input[int] valid_days: Desired number of days for which the new certificate will be valid.
         """
         pulumi.set(__self__, "common_name", common_name)
         if algorithm is not None:
             pulumi.set(__self__, "algorithm", algorithm)
         if certificate_dn is not None:
             pulumi.set(__self__, "certificate_dn", certificate_dn)
+        if country is not None:
+            pulumi.set(__self__, "country", country)
         if csr_origin is not None:
             pulumi.set(__self__, "csr_origin", csr_origin)
         if csr_pem is not None:
@@ -85,12 +98,20 @@ class CertificateArgs:
             pulumi.set(__self__, "issuer_hint", issuer_hint)
         if key_password is not None:
             pulumi.set(__self__, "key_password", key_password)
+        if locality is not None:
+            pulumi.set(__self__, "locality", locality)
         if nickname is not None:
             pulumi.set(__self__, "nickname", nickname)
+        if organization is not None:
+            pulumi.set(__self__, "organization", organization)
+        if organizational_units is not None:
+            pulumi.set(__self__, "organizational_units", organizational_units)
         if pkcs12 is not None:
             pulumi.set(__self__, "pkcs12", pkcs12)
         if private_key_pem is not None:
             pulumi.set(__self__, "private_key_pem", private_key_pem)
+        if renew_required is not None:
+            pulumi.set(__self__, "renew_required", renew_required)
         if rsa_bits is not None:
             pulumi.set(__self__, "rsa_bits", rsa_bits)
         if san_dns is not None:
@@ -101,6 +122,8 @@ class CertificateArgs:
             pulumi.set(__self__, "san_ips", san_ips)
         if san_uris is not None:
             pulumi.set(__self__, "san_uris", san_uris)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
         if valid_days is not None:
             pulumi.set(__self__, "valid_days", valid_days)
@@ -120,8 +143,7 @@ class CertificateArgs:
     @pulumi.getter
     def algorithm(self) -> Optional[pulumi.Input[str]]:
         """
-        Key encryption algorithm, either `RSA` or `ECDSA`.
-        Defaults to `RSA`.
+        Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
         """
         return pulumi.get(self, "algorithm")
@@ -138,11 +160,24 @@ class CertificateArgs:
     def certificate_dn(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "certificate_dn", value)
+    @property
+    @pulumi.getter
+    def country(self) -> Optional[pulumi.Input[str]]:
+        """
+        Country of the certificate (C)
+        """
+        return pulumi.get(self, "country")
+    @country.setter
+    def country(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "country", value)
     @property
     @pulumi.getter(name="csrOrigin")
     def csr_origin(self) -> Optional[pulumi.Input[str]]:
         """
-        Whether key-pair generation will be `local` or `service` generated. Default is `local`.
+        Whether key-pair generation will be `local` or `service` generated. Default is
+        `local`.
         """
         return pulumi.get(self, "csr_origin")
@@ -163,8 +198,7 @@ class CertificateArgs:
     @pulumi.getter(name="customFields")
     def custom_fields(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
-        Collection of Custom Field name-value pairs to
-        assign to the certificate.
+        Collection of Custom Field name-value pairs to assign to the certificate.
         """
         return pulumi.get(self, "custom_fields")
@@ -188,8 +222,8 @@ class CertificateArgs:
     @pulumi.getter(name="expirationWindow")
     def expiration_window(self) -> Optional[pulumi.Input[int]]:
         """
-        Number of hours before certificate expiry
-        to request a new certificate.  Defaults to `168`.
+        Number of hours before certificate expiry to request a new certificate.
+        Defaults to `168`.
         """
         return pulumi.get(self, "expiration_window")
@@ -201,9 +235,8 @@ class CertificateArgs:
     @pulumi.getter(name="issuerHint")
     def issuer_hint(self) -> Optional[pulumi.Input[str]]:
         """
-        Used with valid_days to indicate the target
-        issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-        "Entrust", and "Microsoft".
+        Used with `valid_days` to indicate the target issuer when using Trust Protection
+        Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         """
         return pulumi.get(self, "issuer_hint")
@@ -223,11 +256,24 @@ class CertificateArgs:
     def key_password(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "key_password", value)
+    @property
+    @pulumi.getter
+    def locality(self) -> Optional[pulumi.Input[str]]:
+        """
+        Locality/City of the certificate (L)
+        """
+        return pulumi.get(self, "locality")
+    @locality.setter
+    def locality(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "locality", value)
     @property
     @pulumi.getter
     def nickname(self) -> Optional[pulumi.Input[str]]:
         """
-        Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
+        Use to specify a name for the new certificate object that will be created and placed
+        in a policy. Only valid for Trust Protection Platform.
         """
         return pulumi.get(self, "nickname")
@@ -235,13 +281,36 @@ class CertificateArgs:
     def nickname(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "nickname", value)
+    @property
+    @pulumi.getter
+    def organization(self) -> Optional[pulumi.Input[str]]:
+        """
+        Organization of the certificate (O)
+        """
+        return pulumi.get(self, "organization")
+    @organization.setter
+    def organization(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "organization", value)
+    @property
+    @pulumi.getter(name="organizationalUnits")
+    def organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of Organizational Units of the certificate (OU)
+        """
+        return pulumi.get(self, "organizational_units")
+    @organizational_units.setter
+    def organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "organizational_units", value)
     @property
     @pulumi.getter
     def pkcs12(self) -> Optional[pulumi.Input[str]]:
         """
-        A base64-encoded PKCS#12 keystore secured by the `key_password`.
-        Useful when working with resources like
-        azurerm_key_vault_certificate.
+        A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+        azure key_vault_certificate.
         """
         return pulumi.get(self, "pkcs12")
@@ -261,12 +330,24 @@ class CertificateArgs:
     def private_key_pem(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "private_key_pem", value)
+    @property
+    @pulumi.getter(name="renewRequired")
+    def renew_required(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        """
+        return pulumi.get(self, "renew_required")
+    @renew_required.setter
+    def renew_required(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "renew_required", value)
     @property
     @pulumi.getter(name="rsaBits")
     def rsa_bits(self) -> Optional[pulumi.Input[int]]:
         """
-        Number of bits to use when generating an RSA key.
-        Applies when `algorithm=RSA`.  Defaults to `2048`.
+        Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+        Defaults to `2048`.
         """
         return pulumi.get(self, "rsa_bits")
@@ -278,8 +359,7 @@ class CertificateArgs:
     @pulumi.getter(name="sanDns")
     def san_dns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of DNS names to use as alternative
-        subjects of the certificate.
+        List of DNS names to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_dns")
@@ -291,8 +371,7 @@ class CertificateArgs:
     @pulumi.getter(name="sanEmails")
     def san_emails(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of email addresses to use as
-        alternative subjects of the certificate.
+        List of email addresses to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_emails")
@@ -304,8 +383,7 @@ class CertificateArgs:
     @pulumi.getter(name="sanIps")
     def san_ips(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of IP addresses to use as alternative
-        subjects of the certificate.
+        List of IP addresses to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_ips")
@@ -317,8 +395,8 @@ class CertificateArgs:
     @pulumi.getter(name="sanUris")
     def san_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of Uniform Resource Identifiers (URIs) to use as alternative
-        subjects of the certificate.
+        List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+        the certificate.
         """
         return pulumi.get(self, "san_uris")
@@ -326,12 +404,23 @@ class CertificateArgs:
     def san_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "san_uris", value)
+    @property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[str]]:
+        """
+        State of the certificate (S)
+        """
+        return pulumi.get(self, "state")
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "state", value)
     @property
     @pulumi.getter(name="validDays")
     def valid_days(self) -> Optional[pulumi.Input[int]]:
         """
-        Desired number of days for which the new
-        certificate will be valid.
+        Desired number of days for which the new certificate will be valid.
         """
         return pulumi.get(self, "valid_days")
@@ -346,8 +435,10 @@ class _CertificateState:
                  algorithm: Optional[pulumi.Input[str]] = None,
                  certificate: Optional[pulumi.Input[str]] = None,
                  certificate_dn: Optional[pulumi.Input[str]] = None,
+                 certificate_id: Optional[pulumi.Input[str]] = None,
                  chain: Optional[pulumi.Input[str]] = None,
                  common_name: Optional[pulumi.Input[str]] = None,
+                 country: Optional[pulumi.Input[str]] = None,
                  csr_origin: Optional[pulumi.Input[str]] = None,
                  csr_pem: Optional[pulumi.Input[str]] = None,
                  custom_fields: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -355,50 +446,55 @@ class _CertificateState:
                  expiration_window: Optional[pulumi.Input[int]] = None,
                  issuer_hint: Optional[pulumi.Input[str]] = None,
                  key_password: Optional[pulumi.Input[str]] = None,
+                 locality: Optional[pulumi.Input[str]] = None,
                  nickname: Optional[pulumi.Input[str]] = None,
+                 organization: Optional[pulumi.Input[str]] = None,
+                 organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  pkcs12: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
+                 renew_required: Optional[pulumi.Input[bool]] = None,
                  rsa_bits: Optional[pulumi.Input[int]] = None,
                  san_dns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_emails: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 state: Optional[pulumi.Input[str]] = None,
                  valid_days: Optional[pulumi.Input[int]] = None):
         """
         Input properties used for looking up and filtering Certificate resources.
-        :param pulumi.Input[str] algorithm: Key encryption algorithm, either `RSA` or `ECDSA`.
-               Defaults to `RSA`.
+        :param pulumi.Input[str] algorithm: Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
         :param pulumi.Input[str] certificate: The X509 certificate in PEM format.
-        :param pulumi.Input[str] chain: The trust chain of X509 certificate authority certificates in PEM format
-               concatenated together.
+        :param pulumi.Input[str] certificate_id: ID of the issued certificate
+        :param pulumi.Input[str] chain: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
         :param pulumi.Input[str] common_name: The common name of the certificate.
-        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is `local`.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to
-               assign to the certificate.
+        :param pulumi.Input[str] country: Country of the certificate (C)
+        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is
+               `local`.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to assign to the certificate.
         :param pulumi.Input[str] ecdsa_curve: ECDSA curve to use when generating a key
-        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry
-               to request a new certificate.  Defaults to `168`.
-        :param pulumi.Input[str] issuer_hint: Used with valid_days to indicate the target
-               issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-               "Entrust", and "Microsoft".
+        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry to request a new certificate.
+               Defaults to `168`.
+        :param pulumi.Input[str] issuer_hint: Used with `valid_days` to indicate the target issuer when using Trust Protection
+               Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         :param pulumi.Input[str] key_password: The password used to encrypt the private key.
-        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
-        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`.
-               Useful when working with resources like
-               azurerm_key_vault_certificate.
+        :param pulumi.Input[str] locality: Locality/City of the certificate (L)
+        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed
+               in a policy. Only valid for Trust Protection Platform.
+        :param pulumi.Input[str] organization: Organization of the certificate (O)
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] organizational_units: List of Organizational Units of the certificate (OU)
+        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+               azure key_vault_certificate.
         :param pulumi.Input[str] private_key_pem: The private key in PEM format.
-        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key.
-               Applies when `algorithm=RSA`.  Defaults to `2048`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as
-               alternative subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[int] valid_days: Desired number of days for which the new
-               certificate will be valid.
+        :param pulumi.Input[bool] renew_required: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+               Defaults to `2048`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+               the certificate.
+        :param pulumi.Input[str] state: State of the certificate (S)
+        :param pulumi.Input[int] valid_days: Desired number of days for which the new certificate will be valid.
         """
         if algorithm is not None:
             pulumi.set(__self__, "algorithm", algorithm)
@@ -406,10 +502,14 @@ class _CertificateState:
             pulumi.set(__self__, "certificate", certificate)
         if certificate_dn is not None:
             pulumi.set(__self__, "certificate_dn", certificate_dn)
+        if certificate_id is not None:
+            pulumi.set(__self__, "certificate_id", certificate_id)
         if chain is not None:
             pulumi.set(__self__, "chain", chain)
         if common_name is not None:
             pulumi.set(__self__, "common_name", common_name)
+        if country is not None:
+            pulumi.set(__self__, "country", country)
         if csr_origin is not None:
             pulumi.set(__self__, "csr_origin", csr_origin)
         if csr_pem is not None:
@@ -424,12 +524,20 @@ class _CertificateState:
             pulumi.set(__self__, "issuer_hint", issuer_hint)
         if key_password is not None:
             pulumi.set(__self__, "key_password", key_password)
+        if locality is not None:
+            pulumi.set(__self__, "locality", locality)
         if nickname is not None:
             pulumi.set(__self__, "nickname", nickname)
+        if organization is not None:
+            pulumi.set(__self__, "organization", organization)
+        if organizational_units is not None:
+            pulumi.set(__self__, "organizational_units", organizational_units)
         if pkcs12 is not None:
             pulumi.set(__self__, "pkcs12", pkcs12)
         if private_key_pem is not None:
             pulumi.set(__self__, "private_key_pem", private_key_pem)
+        if renew_required is not None:
+            pulumi.set(__self__, "renew_required", renew_required)
         if rsa_bits is not None:
             pulumi.set(__self__, "rsa_bits", rsa_bits)
         if san_dns is not None:
@@ -440,6 +548,8 @@ class _CertificateState:
             pulumi.set(__self__, "san_ips", san_ips)
         if san_uris is not None:
             pulumi.set(__self__, "san_uris", san_uris)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
         if valid_days is not None:
             pulumi.set(__self__, "valid_days", valid_days)
@@ -447,8 +557,7 @@ class _CertificateState:
     @pulumi.getter
     def algorithm(self) -> Optional[pulumi.Input[str]]:
         """
-        Key encryption algorithm, either `RSA` or `ECDSA`.
-        Defaults to `RSA`.
+        Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
         """
         return pulumi.get(self, "algorithm")
@@ -477,12 +586,23 @@ class _CertificateState:
     def certificate_dn(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "certificate_dn", value)
+    @property
+    @pulumi.getter(name="certificateId")
+    def certificate_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        ID of the issued certificate
+        """
+        return pulumi.get(self, "certificate_id")
+    @certificate_id.setter
+    def certificate_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "certificate_id", value)
     @property
     @pulumi.getter
     def chain(self) -> Optional[pulumi.Input[str]]:
         """
-        The trust chain of X509 certificate authority certificates in PEM format
-        concatenated together.
+        The trust chain of X509 certificate authority certificates in PEM format concatenated together.
         """
         return pulumi.get(self, "chain")
@@ -502,11 +622,24 @@ class _CertificateState:
     def common_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "common_name", value)
+    @property
+    @pulumi.getter
+    def country(self) -> Optional[pulumi.Input[str]]:
+        """
+        Country of the certificate (C)
+        """
+        return pulumi.get(self, "country")
+    @country.setter
+    def country(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "country", value)
     @property
     @pulumi.getter(name="csrOrigin")
     def csr_origin(self) -> Optional[pulumi.Input[str]]:
         """
-        Whether key-pair generation will be `local` or `service` generated. Default is `local`.
+        Whether key-pair generation will be `local` or `service` generated. Default is
+        `local`.
         """
         return pulumi.get(self, "csr_origin")
@@ -527,8 +660,7 @@ class _CertificateState:
     @pulumi.getter(name="customFields")
     def custom_fields(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
-        Collection of Custom Field name-value pairs to
-        assign to the certificate.
+        Collection of Custom Field name-value pairs to assign to the certificate.
         """
         return pulumi.get(self, "custom_fields")
@@ -552,8 +684,8 @@ class _CertificateState:
     @pulumi.getter(name="expirationWindow")
     def expiration_window(self) -> Optional[pulumi.Input[int]]:
         """
-        Number of hours before certificate expiry
-        to request a new certificate.  Defaults to `168`.
+        Number of hours before certificate expiry to request a new certificate.
+        Defaults to `168`.
         """
         return pulumi.get(self, "expiration_window")
@@ -565,9 +697,8 @@ class _CertificateState:
     @pulumi.getter(name="issuerHint")
     def issuer_hint(self) -> Optional[pulumi.Input[str]]:
         """
-        Used with valid_days to indicate the target
-        issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-        "Entrust", and "Microsoft".
+        Used with `valid_days` to indicate the target issuer when using Trust Protection
+        Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         """
         return pulumi.get(self, "issuer_hint")
@@ -587,11 +718,24 @@ class _CertificateState:
     def key_password(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "key_password", value)
+    @property
+    @pulumi.getter
+    def locality(self) -> Optional[pulumi.Input[str]]:
+        """
+        Locality/City of the certificate (L)
+        """
+        return pulumi.get(self, "locality")
+    @locality.setter
+    def locality(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "locality", value)
     @property
     @pulumi.getter
     def nickname(self) -> Optional[pulumi.Input[str]]:
         """
-        Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
+        Use to specify a name for the new certificate object that will be created and placed
+        in a policy. Only valid for Trust Protection Platform.
         """
         return pulumi.get(self, "nickname")
@@ -599,13 +743,36 @@ class _CertificateState:
     def nickname(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "nickname", value)
+    @property
+    @pulumi.getter
+    def organization(self) -> Optional[pulumi.Input[str]]:
+        """
+        Organization of the certificate (O)
+        """
+        return pulumi.get(self, "organization")
+    @organization.setter
+    def organization(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "organization", value)
+    @property
+    @pulumi.getter(name="organizationalUnits")
+    def organizational_units(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        List of Organizational Units of the certificate (OU)
+        """
+        return pulumi.get(self, "organizational_units")
+    @organizational_units.setter
+    def organizational_units(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "organizational_units", value)
     @property
     @pulumi.getter
     def pkcs12(self) -> Optional[pulumi.Input[str]]:
         """
-        A base64-encoded PKCS#12 keystore secured by the `key_password`.
-        Useful when working with resources like
-        azurerm_key_vault_certificate.
+        A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+        azure key_vault_certificate.
         """
         return pulumi.get(self, "pkcs12")
@@ -625,12 +792,24 @@ class _CertificateState:
     def private_key_pem(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "private_key_pem", value)
+    @property
+    @pulumi.getter(name="renewRequired")
+    def renew_required(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        """
+        return pulumi.get(self, "renew_required")
+    @renew_required.setter
+    def renew_required(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "renew_required", value)
     @property
     @pulumi.getter(name="rsaBits")
     def rsa_bits(self) -> Optional[pulumi.Input[int]]:
         """
-        Number of bits to use when generating an RSA key.
-        Applies when `algorithm=RSA`.  Defaults to `2048`.
+        Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+        Defaults to `2048`.
         """
         return pulumi.get(self, "rsa_bits")
@@ -642,8 +821,7 @@ class _CertificateState:
     @pulumi.getter(name="sanDns")
     def san_dns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of DNS names to use as alternative
-        subjects of the certificate.
+        List of DNS names to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_dns")
@@ -655,8 +833,7 @@ class _CertificateState:
     @pulumi.getter(name="sanEmails")
     def san_emails(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of email addresses to use as
-        alternative subjects of the certificate.
+        List of email addresses to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_emails")
@@ -668,8 +845,7 @@ class _CertificateState:
     @pulumi.getter(name="sanIps")
     def san_ips(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of IP addresses to use as alternative
-        subjects of the certificate.
+        List of IP addresses to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_ips")
@@ -681,8 +857,8 @@ class _CertificateState:
     @pulumi.getter(name="sanUris")
     def san_uris(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of Uniform Resource Identifiers (URIs) to use as alternative
-        subjects of the certificate.
+        List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+        the certificate.
         """
         return pulumi.get(self, "san_uris")
@@ -690,12 +866,23 @@ class _CertificateState:
     def san_uris(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "san_uris", value)
+    @property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[str]]:
+        """
+        State of the certificate (S)
+        """
+        return pulumi.get(self, "state")
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "state", value)
     @property
     @pulumi.getter(name="validDays")
     def valid_days(self) -> Optional[pulumi.Input[int]]:
         """
-        Desired number of days for which the new
-        certificate will be valid.
+        Desired number of days for which the new certificate will be valid.
         """
         return pulumi.get(self, "valid_days")
@@ -712,6 +899,7 @@ class Certificate(pulumi.CustomResource):
                  algorithm: Optional[pulumi.Input[str]] = None,
                  certificate_dn: Optional[pulumi.Input[str]] = None,
                  common_name: Optional[pulumi.Input[str]] = None,
+                 country: Optional[pulumi.Input[str]] = None,
                  csr_origin: Optional[pulumi.Input[str]] = None,
                  csr_pem: Optional[pulumi.Input[str]] = None,
                  custom_fields: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -719,50 +907,55 @@ class Certificate(pulumi.CustomResource):
                  expiration_window: Optional[pulumi.Input[int]] = None,
                  issuer_hint: Optional[pulumi.Input[str]] = None,
                  key_password: Optional[pulumi.Input[str]] = None,
+                 locality: Optional[pulumi.Input[str]] = None,
                  nickname: Optional[pulumi.Input[str]] = None,
+                 organization: Optional[pulumi.Input[str]] = None,
+                 organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  pkcs12: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
+                 renew_required: Optional[pulumi.Input[bool]] = None,
                  rsa_bits: Optional[pulumi.Input[int]] = None,
                  san_dns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_emails: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 state: Optional[pulumi.Input[str]] = None,
                  valid_days: Optional[pulumi.Input[int]] = None,
                  __props__=None):
         """
         Create a Certificate resource with the given unique name, props, and options.
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] algorithm: Key encryption algorithm, either `RSA` or `ECDSA`.
-               Defaults to `RSA`.
+        :param pulumi.Input[str] algorithm: Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
         :param pulumi.Input[str] common_name: The common name of the certificate.
-        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is `local`.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to
-               assign to the certificate.
+        :param pulumi.Input[str] country: Country of the certificate (C)
+        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is
+               `local`.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to assign to the certificate.
         :param pulumi.Input[str] ecdsa_curve: ECDSA curve to use when generating a key
-        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry
-               to request a new certificate.  Defaults to `168`.
-        :param pulumi.Input[str] issuer_hint: Used with valid_days to indicate the target
-               issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-               "Entrust", and "Microsoft".
+        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry to request a new certificate.
+               Defaults to `168`.
+        :param pulumi.Input[str] issuer_hint: Used with `valid_days` to indicate the target issuer when using Trust Protection
+               Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         :param pulumi.Input[str] key_password: The password used to encrypt the private key.
-        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
-        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`.
-               Useful when working with resources like
-               azurerm_key_vault_certificate.
+        :param pulumi.Input[str] locality: Locality/City of the certificate (L)
+        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed
+               in a policy. Only valid for Trust Protection Platform.
+        :param pulumi.Input[str] organization: Organization of the certificate (O)
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] organizational_units: List of Organizational Units of the certificate (OU)
+        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+               azure key_vault_certificate.
         :param pulumi.Input[str] private_key_pem: The private key in PEM format.
-        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key.
-               Applies when `algorithm=RSA`.  Defaults to `2048`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as
-               alternative subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[int] valid_days: Desired number of days for which the new
-               certificate will be valid.
+        :param pulumi.Input[bool] renew_required: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+               Defaults to `2048`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+               the certificate.
+        :param pulumi.Input[str] state: State of the certificate (S)
+        :param pulumi.Input[int] valid_days: Desired number of days for which the new certificate will be valid.
         """
         ...
     @overload
@@ -790,6 +983,7 @@ class Certificate(pulumi.CustomResource):
                  algorithm: Optional[pulumi.Input[str]] = None,
                  certificate_dn: Optional[pulumi.Input[str]] = None,
                  common_name: Optional[pulumi.Input[str]] = None,
+                 country: Optional[pulumi.Input[str]] = None,
                  csr_origin: Optional[pulumi.Input[str]] = None,
                  csr_pem: Optional[pulumi.Input[str]] = None,
                  custom_fields: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -797,14 +991,19 @@ class Certificate(pulumi.CustomResource):
                  expiration_window: Optional[pulumi.Input[int]] = None,
                  issuer_hint: Optional[pulumi.Input[str]] = None,
                  key_password: Optional[pulumi.Input[str]] = None,
+                 locality: Optional[pulumi.Input[str]] = None,
                  nickname: Optional[pulumi.Input[str]] = None,
+                 organization: Optional[pulumi.Input[str]] = None,
+                 organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  pkcs12: Optional[pulumi.Input[str]] = None,
                  private_key_pem: Optional[pulumi.Input[str]] = None,
+                 renew_required: Optional[pulumi.Input[bool]] = None,
                  rsa_bits: Optional[pulumi.Input[int]] = None,
                  san_dns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_emails: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  san_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 state: Optional[pulumi.Input[str]] = None,
                  valid_days: Optional[pulumi.Input[int]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -820,6 +1019,7 @@ class Certificate(pulumi.CustomResource):
             if common_name is None and not opts.urn:
                 raise TypeError("Missing required property 'common_name'")
             __props__.__dict__["common_name"] = common_name
+            __props__.__dict__["country"] = country
             __props__.__dict__["csr_origin"] = csr_origin
             __props__.__dict__["csr_pem"] = csr_pem
             __props__.__dict__["custom_fields"] = custom_fields
@@ -827,16 +1027,22 @@ class Certificate(pulumi.CustomResource):
             __props__.__dict__["expiration_window"] = expiration_window
             __props__.__dict__["issuer_hint"] = issuer_hint
             __props__.__dict__["key_password"] = None if key_password is None else pulumi.Output.secret(key_password)
+            __props__.__dict__["locality"] = locality
             __props__.__dict__["nickname"] = nickname
+            __props__.__dict__["organization"] = organization
+            __props__.__dict__["organizational_units"] = organizational_units
             __props__.__dict__["pkcs12"] = pkcs12
             __props__.__dict__["private_key_pem"] = None if private_key_pem is None else pulumi.Output.secret(private_key_pem)
+            __props__.__dict__["renew_required"] = renew_required
             __props__.__dict__["rsa_bits"] = rsa_bits
             __props__.__dict__["san_dns"] = san_dns
             __props__.__dict__["san_emails"] = san_emails
             __props__.__dict__["san_ips"] = san_ips
             __props__.__dict__["san_uris"] = san_uris
+            __props__.__dict__["state"] = state
             __props__.__dict__["valid_days"] = valid_days
             __props__.__dict__["certificate"] = None
+            __props__.__dict__["certificate_id"] = None
             __props__.__dict__["chain"] = None
         secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["keyPassword", "privateKeyPem"])
         opts = pulumi.ResourceOptions.merge(opts, secret_opts)
@@ -853,8 +1059,10 @@ class Certificate(pulumi.CustomResource):
             algorithm: Optional[pulumi.Input[str]] = None,
             certificate: Optional[pulumi.Input[str]] = None,
             certificate_dn: Optional[pulumi.Input[str]] = None,
+            certificate_id: Optional[pulumi.Input[str]] = None,
             chain: Optional[pulumi.Input[str]] = None,
             common_name: Optional[pulumi.Input[str]] = None,
+            country: Optional[pulumi.Input[str]] = None,
             csr_origin: Optional[pulumi.Input[str]] = None,
             csr_pem: Optional[pulumi.Input[str]] = None,
             custom_fields: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -862,14 +1070,19 @@ class Certificate(pulumi.CustomResource):
             expiration_window: Optional[pulumi.Input[int]] = None,
             issuer_hint: Optional[pulumi.Input[str]] = None,
             key_password: Optional[pulumi.Input[str]] = None,
+            locality: Optional[pulumi.Input[str]] = None,
             nickname: Optional[pulumi.Input[str]] = None,
+            organization: Optional[pulumi.Input[str]] = None,
+            organizational_units: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             pkcs12: Optional[pulumi.Input[str]] = None,
             private_key_pem: Optional[pulumi.Input[str]] = None,
+            renew_required: Optional[pulumi.Input[bool]] = None,
             rsa_bits: Optional[pulumi.Input[int]] = None,
             san_dns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             san_emails: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             san_ips: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
             san_uris: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            state: Optional[pulumi.Input[str]] = None,
             valid_days: Optional[pulumi.Input[int]] = None) -> 'Certificate':
         """
         Get an existing Certificate resource's state with the given name, id, and optional extra
@@ -878,39 +1091,39 @@ class Certificate(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[str] algorithm: Key encryption algorithm, either `RSA` or `ECDSA`.
-               Defaults to `RSA`.
+        :param pulumi.Input[str] algorithm: Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
         :param pulumi.Input[str] certificate: The X509 certificate in PEM format.
-        :param pulumi.Input[str] chain: The trust chain of X509 certificate authority certificates in PEM format
-               concatenated together.
+        :param pulumi.Input[str] certificate_id: ID of the issued certificate
+        :param pulumi.Input[str] chain: The trust chain of X509 certificate authority certificates in PEM format concatenated together.
         :param pulumi.Input[str] common_name: The common name of the certificate.
-        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is `local`.
-        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to
-               assign to the certificate.
+        :param pulumi.Input[str] country: Country of the certificate (C)
+        :param pulumi.Input[str] csr_origin: Whether key-pair generation will be `local` or `service` generated. Default is
+               `local`.
+        :param pulumi.Input[Mapping[str, pulumi.Input[str]]] custom_fields: Collection of Custom Field name-value pairs to assign to the certificate.
         :param pulumi.Input[str] ecdsa_curve: ECDSA curve to use when generating a key
-        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry
-               to request a new certificate.  Defaults to `168`.
-        :param pulumi.Input[str] issuer_hint: Used with valid_days to indicate the target
-               issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-               "Entrust", and "Microsoft".
+        :param pulumi.Input[int] expiration_window: Number of hours before certificate expiry to request a new certificate.
+               Defaults to `168`.
+        :param pulumi.Input[str] issuer_hint: Used with `valid_days` to indicate the target issuer when using Trust Protection
+               Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         :param pulumi.Input[str] key_password: The password used to encrypt the private key.
-        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
-        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`.
-               Useful when working with resources like
-               azurerm_key_vault_certificate.
+        :param pulumi.Input[str] locality: Locality/City of the certificate (L)
+        :param pulumi.Input[str] nickname: Use to specify a name for the new certificate object that will be created and placed
+               in a policy. Only valid for Trust Protection Platform.
+        :param pulumi.Input[str] organization: Organization of the certificate (O)
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] organizational_units: List of Organizational Units of the certificate (OU)
+        :param pulumi.Input[str] pkcs12: A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+               azure key_vault_certificate.
         :param pulumi.Input[str] private_key_pem: The private key in PEM format.
-        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key.
-               Applies when `algorithm=RSA`.  Defaults to `2048`.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as
-               alternative subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative
-               subjects of the certificate.
-        :param pulumi.Input[int] valid_days: Desired number of days for which the new
-               certificate will be valid.
+        :param pulumi.Input[bool] renew_required: Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        :param pulumi.Input[int] rsa_bits: Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+               Defaults to `2048`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_dns: List of DNS names to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_emails: List of email addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_ips: List of IP addresses to use as alternative subjects of the certificate.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] san_uris: List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+               the certificate.
+        :param pulumi.Input[str] state: State of the certificate (S)
+        :param pulumi.Input[int] valid_days: Desired number of days for which the new certificate will be valid.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -919,8 +1132,10 @@ class Certificate(pulumi.CustomResource):
         __props__.__dict__["algorithm"] = algorithm
         __props__.__dict__["certificate"] = certificate
         __props__.__dict__["certificate_dn"] = certificate_dn
+        __props__.__dict__["certificate_id"] = certificate_id
         __props__.__dict__["chain"] = chain
         __props__.__dict__["common_name"] = common_name
+        __props__.__dict__["country"] = country
         __props__.__dict__["csr_origin"] = csr_origin
         __props__.__dict__["csr_pem"] = csr_pem
         __props__.__dict__["custom_fields"] = custom_fields
@@ -928,14 +1143,19 @@ class Certificate(pulumi.CustomResource):
         __props__.__dict__["expiration_window"] = expiration_window
         __props__.__dict__["issuer_hint"] = issuer_hint
         __props__.__dict__["key_password"] = key_password
+        __props__.__dict__["locality"] = locality
         __props__.__dict__["nickname"] = nickname
+        __props__.__dict__["organization"] = organization
+        __props__.__dict__["organizational_units"] = organizational_units
         __props__.__dict__["pkcs12"] = pkcs12
         __props__.__dict__["private_key_pem"] = private_key_pem
+        __props__.__dict__["renew_required"] = renew_required
         __props__.__dict__["rsa_bits"] = rsa_bits
         __props__.__dict__["san_dns"] = san_dns
         __props__.__dict__["san_emails"] = san_emails
         __props__.__dict__["san_ips"] = san_ips
         __props__.__dict__["san_uris"] = san_uris
+        __props__.__dict__["state"] = state
         __props__.__dict__["valid_days"] = valid_days
         return Certificate(resource_name, opts=opts, __props__=__props__)
@@ -943,8 +1163,7 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter
     def algorithm(self) -> pulumi.Output[Optional[str]]:
         """
-        Key encryption algorithm, either `RSA` or `ECDSA`.
-        Defaults to `RSA`.
+        Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.
         """
         return pulumi.get(self, "algorithm")
@@ -961,12 +1180,19 @@ class Certificate(pulumi.CustomResource):
     def certificate_dn(self) -> pulumi.Output[str]:
         return pulumi.get(self, "certificate_dn")
+    @property
+    @pulumi.getter(name="certificateId")
+    def certificate_id(self) -> pulumi.Output[str]:
+        """
+        ID of the issued certificate
+        """
+        return pulumi.get(self, "certificate_id")
     @property
     @pulumi.getter
     def chain(self) -> pulumi.Output[str]:
         """
-        The trust chain of X509 certificate authority certificates in PEM format
-        concatenated together.
+        The trust chain of X509 certificate authority certificates in PEM format concatenated together.
         """
         return pulumi.get(self, "chain")
@@ -978,11 +1204,20 @@ class Certificate(pulumi.CustomResource):
         """
         return pulumi.get(self, "common_name")
+    @property
+    @pulumi.getter
+    def country(self) -> pulumi.Output[Optional[str]]:
+        """
+        Country of the certificate (C)
+        """
+        return pulumi.get(self, "country")
     @property
     @pulumi.getter(name="csrOrigin")
     def csr_origin(self) -> pulumi.Output[Optional[str]]:
         """
-        Whether key-pair generation will be `local` or `service` generated. Default is `local`.
+        Whether key-pair generation will be `local` or `service` generated. Default is
+        `local`.
         """
         return pulumi.get(self, "csr_origin")
@@ -995,8 +1230,7 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="customFields")
     def custom_fields(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
-        Collection of Custom Field name-value pairs to
-        assign to the certificate.
+        Collection of Custom Field name-value pairs to assign to the certificate.
         """
         return pulumi.get(self, "custom_fields")
@@ -1012,8 +1246,8 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="expirationWindow")
     def expiration_window(self) -> pulumi.Output[Optional[int]]:
         """
-        Number of hours before certificate expiry
-        to request a new certificate.  Defaults to `168`.
+        Number of hours before certificate expiry to request a new certificate.
+        Defaults to `168`.
         """
         return pulumi.get(self, "expiration_window")
@@ -1021,9 +1255,8 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="issuerHint")
     def issuer_hint(self) -> pulumi.Output[Optional[str]]:
         """
-        Used with valid_days to indicate the target
-        issuer when using Trust Protection Platform.  Relevant values are: "DigiCert",
-        "Entrust", and "Microsoft".
+        Used with `valid_days` to indicate the target issuer when using Trust Protection
+        Platform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.
         """
         return pulumi.get(self, "issuer_hint")
@@ -1035,21 +1268,45 @@ class Certificate(pulumi.CustomResource):
         """
         return pulumi.get(self, "key_password")
+    @property
+    @pulumi.getter
+    def locality(self) -> pulumi.Output[Optional[str]]:
+        """
+        Locality/City of the certificate (L)
+        """
+        return pulumi.get(self, "locality")
     @property
     @pulumi.getter
     def nickname(self) -> pulumi.Output[Optional[str]]:
         """
-        Use to specify a name for the new certificate object that will be created and placed in a policy. Only valid for TPP.
+        Use to specify a name for the new certificate object that will be created and placed
+        in a policy. Only valid for Trust Protection Platform.
         """
         return pulumi.get(self, "nickname")
+    @property
+    @pulumi.getter
+    def organization(self) -> pulumi.Output[Optional[str]]:
+        """
+        Organization of the certificate (O)
+        """
+        return pulumi.get(self, "organization")
+    @property
+    @pulumi.getter(name="organizationalUnits")
+    def organizational_units(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        List of Organizational Units of the certificate (OU)
+        """
+        return pulumi.get(self, "organizational_units")
     @property
     @pulumi.getter
     def pkcs12(self) -> pulumi.Output[str]:
         """
-        A base64-encoded PKCS#12 keystore secured by the `key_password`.
-        Useful when working with resources like
-        azurerm_key_vault_certificate.
+        A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like
+        azure key_vault_certificate.
         """
         return pulumi.get(self, "pkcs12")
@@ -1061,12 +1318,20 @@ class Certificate(pulumi.CustomResource):
         """
         return pulumi.get(self, "private_key_pem")
+    @property
+    @pulumi.getter(name="renewRequired")
+    def renew_required(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Indicates the certificate should be reissued. This means the resource will destroyed and recreated
+        """
+        return pulumi.get(self, "renew_required")
     @property
     @pulumi.getter(name="rsaBits")
     def rsa_bits(self) -> pulumi.Output[Optional[int]]:
         """
-        Number of bits to use when generating an RSA key.
-        Applies when `algorithm=RSA`.  Defaults to `2048`.
+        Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`.
+        Defaults to `2048`.
         """
         return pulumi.get(self, "rsa_bits")
@@ -1074,8 +1339,7 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="sanDns")
     def san_dns(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        List of DNS names to use as alternative
-        subjects of the certificate.
+        List of DNS names to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_dns")
@@ -1083,8 +1347,7 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="sanEmails")
     def san_emails(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        List of email addresses to use as
-        alternative subjects of the certificate.
+        List of email addresses to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_emails")
@@ -1092,8 +1355,7 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="sanIps")
     def san_ips(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        List of IP addresses to use as alternative
-        subjects of the certificate.
+        List of IP addresses to use as alternative subjects of the certificate.
         """
         return pulumi.get(self, "san_ips")
@@ -1101,17 +1363,24 @@ class Certificate(pulumi.CustomResource):
     @pulumi.getter(name="sanUris")
     def san_uris(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        List of Uniform Resource Identifiers (URIs) to use as alternative
-        subjects of the certificate.
+        List of Uniform Resource Identifiers (URIs) to use as alternative subjects of
+        the certificate.
         """
         return pulumi.get(self, "san_uris")
+    @property
+    @pulumi.getter
+    def state(self) -> pulumi.Output[Optional[str]]:
+        """
+        State of the certificate (S)
+        """
+        return pulumi.get(self, "state")
     @property
     @pulumi.getter(name="validDays")
     def valid_days(self) -> pulumi.Output[Optional[int]]:
         """
-        Desired number of days for which the new
-        certificate will be valid.
+        Desired number of days for which the new certificate will be valid.
         """
         return pulumi.get(self, "valid_days")

pulumi-venafi 1.8.0a1710160781__py3-none-any.whl → 1.11.0a1736835975__py3-none-any.whl

Potentially problematic release.

pulumi-venafi 1.8.0a1710160781py3-none-any.whl → 1.11.0a1736835975py3-none-any.whl