com.pulumi.vault.pkiSecret.inputs.SecretBackendRoleState Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of vault Show documentation
Show all versions of vault Show documentation
A Pulumi package for creating and managing HashiCorp Vault cloud resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.vault.pkiSecret.inputs;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.vault.pkiSecret.inputs.SecretBackendRolePolicyIdentifierArgs;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class SecretBackendRoleState extends com.pulumi.resources.ResourceArgs {
public static final SecretBackendRoleState Empty = new SecretBackendRoleState();
/**
* Flag to allow any name
*
*/
@Import(name="allowAnyName")
private @Nullable Output allowAnyName;
/**
* @return Flag to allow any name
*
*/
public Optional> allowAnyName() {
return Optional.ofNullable(this.allowAnyName);
}
/**
* Flag to allow certificates matching the actual domain
*
*/
@Import(name="allowBareDomains")
private @Nullable Output allowBareDomains;
/**
* @return Flag to allow certificates matching the actual domain
*
*/
public Optional> allowBareDomains() {
return Optional.ofNullable(this.allowBareDomains);
}
/**
* Flag to allow names containing glob patterns.
*
*/
@Import(name="allowGlobDomains")
private @Nullable Output allowGlobDomains;
/**
* @return Flag to allow names containing glob patterns.
*
*/
public Optional> allowGlobDomains() {
return Optional.ofNullable(this.allowGlobDomains);
}
/**
* Flag to allow IP SANs
*
*/
@Import(name="allowIpSans")
private @Nullable Output allowIpSans;
/**
* @return Flag to allow IP SANs
*
*/
public Optional> allowIpSans() {
return Optional.ofNullable(this.allowIpSans);
}
/**
* Flag to allow certificates for localhost
*
*/
@Import(name="allowLocalhost")
private @Nullable Output allowLocalhost;
/**
* @return Flag to allow certificates for localhost
*
*/
public Optional> allowLocalhost() {
return Optional.ofNullable(this.allowLocalhost);
}
/**
* Flag to allow certificates matching subdomains
*
*/
@Import(name="allowSubdomains")
private @Nullable Output allowSubdomains;
/**
* @return Flag to allow certificates matching subdomains
*
*/
public Optional> allowSubdomains() {
return Optional.ofNullable(this.allowSubdomains);
}
/**
* Flag to allow wildcard certificates.
*
*/
@Import(name="allowWildcardCertificates")
private @Nullable Output allowWildcardCertificates;
/**
* @return Flag to allow wildcard certificates.
*
*/
public Optional> allowWildcardCertificates() {
return Optional.ofNullable(this.allowWildcardCertificates);
}
/**
* List of allowed domains for certificates
*
*/
@Import(name="allowedDomains")
private @Nullable Output> allowedDomains;
/**
* @return List of allowed domains for certificates
*
*/
public Optional>> allowedDomains() {
return Optional.ofNullable(this.allowedDomains);
}
/**
* Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
*/
@Import(name="allowedDomainsTemplate")
private @Nullable Output allowedDomainsTemplate;
/**
* @return Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
*/
public Optional> allowedDomainsTemplate() {
return Optional.ofNullable(this.allowedDomainsTemplate);
}
/**
* Defines allowed custom SANs
*
*/
@Import(name="allowedOtherSans")
private @Nullable Output> allowedOtherSans;
/**
* @return Defines allowed custom SANs
*
*/
public Optional>> allowedOtherSans() {
return Optional.ofNullable(this.allowedOtherSans);
}
/**
* An array of allowed serial numbers to put in Subject
*
*/
@Import(name="allowedSerialNumbers")
private @Nullable Output> allowedSerialNumbers;
/**
* @return An array of allowed serial numbers to put in Subject
*
*/
public Optional>> allowedSerialNumbers() {
return Optional.ofNullable(this.allowedSerialNumbers);
}
/**
* Defines allowed URI SANs
*
*/
@Import(name="allowedUriSans")
private @Nullable Output> allowedUriSans;
/**
* @return Defines allowed URI SANs
*
*/
public Optional>> allowedUriSans() {
return Optional.ofNullable(this.allowedUriSans);
}
/**
* Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
*/
@Import(name="allowedUriSansTemplate")
private @Nullable Output allowedUriSansTemplate;
/**
* @return Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
*/
public Optional> allowedUriSansTemplate() {
return Optional.ofNullable(this.allowedUriSansTemplate);
}
/**
* Defines allowed User IDs
*
*/
@Import(name="allowedUserIds")
private @Nullable Output> allowedUserIds;
/**
* @return Defines allowed User IDs
*
*/
public Optional>> allowedUserIds() {
return Optional.ofNullable(this.allowedUserIds);
}
/**
* The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
*
*/
@Import(name="backend")
private @Nullable Output backend;
/**
* @return The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
*
*/
public Optional> backend() {
return Optional.ofNullable(this.backend);
}
/**
* Flag to mark basic constraints valid when issuing non-CA certificates
*
*/
@Import(name="basicConstraintsValidForNonCa")
private @Nullable Output basicConstraintsValidForNonCa;
/**
* @return Flag to mark basic constraints valid when issuing non-CA certificates
*
*/
public Optional> basicConstraintsValidForNonCa() {
return Optional.ofNullable(this.basicConstraintsValidForNonCa);
}
/**
* Flag to specify certificates for client use
*
*/
@Import(name="clientFlag")
private @Nullable Output clientFlag;
/**
* @return Flag to specify certificates for client use
*
*/
public Optional> clientFlag() {
return Optional.ofNullable(this.clientFlag);
}
/**
* Flag to specify certificates for code signing use
*
*/
@Import(name="codeSigningFlag")
private @Nullable Output codeSigningFlag;
/**
* @return Flag to specify certificates for code signing use
*
*/
public Optional> codeSigningFlag() {
return Optional.ofNullable(this.codeSigningFlag);
}
/**
* The country of generated certificates
*
*/
@Import(name="countries")
private @Nullable Output> countries;
/**
* @return The country of generated certificates
*
*/
public Optional>> countries() {
return Optional.ofNullable(this.countries);
}
/**
* Flag to specify certificates for email protection use
*
*/
@Import(name="emailProtectionFlag")
private @Nullable Output emailProtectionFlag;
/**
* @return Flag to specify certificates for email protection use
*
*/
public Optional> emailProtectionFlag() {
return Optional.ofNullable(this.emailProtectionFlag);
}
/**
* Flag to allow only valid host names
*
*/
@Import(name="enforceHostnames")
private @Nullable Output enforceHostnames;
/**
* @return Flag to allow only valid host names
*
*/
public Optional> enforceHostnames() {
return Optional.ofNullable(this.enforceHostnames);
}
/**
* Specify the allowed extended key usage OIDs constraint on issued certificates
*
*/
@Import(name="extKeyUsageOids")
private @Nullable Output> extKeyUsageOids;
/**
* @return Specify the allowed extended key usage OIDs constraint on issued certificates
*
*/
public Optional>> extKeyUsageOids() {
return Optional.ofNullable(this.extKeyUsageOids);
}
/**
* Specify the allowed extended key usage constraint on issued certificates
*
*/
@Import(name="extKeyUsages")
private @Nullable Output> extKeyUsages;
/**
* @return Specify the allowed extended key usage constraint on issued certificates
*
*/
public Optional>> extKeyUsages() {
return Optional.ofNullable(this.extKeyUsages);
}
/**
* Flag to generate leases with certificates
*
*/
@Import(name="generateLease")
private @Nullable Output generateLease;
/**
* @return Flag to generate leases with certificates
*
*/
public Optional> generateLease() {
return Optional.ofNullable(this.generateLease);
}
/**
* Specifies the default issuer of this request. May
* be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
* the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
* overriding the role's `issuer_ref` value.
*
*/
@Import(name="issuerRef")
private @Nullable Output issuerRef;
/**
* @return Specifies the default issuer of this request. May
* be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
* the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
* overriding the role's `issuer_ref` value.
*
*/
public Optional> issuerRef() {
return Optional.ofNullable(this.issuerRef);
}
/**
* The number of bits of generated keys
*
*/
@Import(name="keyBits")
private @Nullable Output keyBits;
/**
* @return The number of bits of generated keys
*
*/
public Optional> keyBits() {
return Optional.ofNullable(this.keyBits);
}
/**
* The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
* Defaults to `rsa`
*
*/
@Import(name="keyType")
private @Nullable Output keyType;
/**
* @return The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
* Defaults to `rsa`
*
*/
public Optional> keyType() {
return Optional.ofNullable(this.keyType);
}
/**
* Specify the allowed key usage constraint on issued
* certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
* To specify no default key usage constraints, set this to an empty list `[]`.
*
*/
@Import(name="keyUsages")
private @Nullable Output> keyUsages;
/**
* @return Specify the allowed key usage constraint on issued
* certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
* To specify no default key usage constraints, set this to an empty list `[]`.
*
*/
public Optional>> keyUsages() {
return Optional.ofNullable(this.keyUsages);
}
/**
* The locality of generated certificates
*
*/
@Import(name="localities")
private @Nullable Output> localities;
/**
* @return The locality of generated certificates
*
*/
public Optional>> localities() {
return Optional.ofNullable(this.localities);
}
/**
* The maximum lease TTL, in seconds, for the role.
*
*/
@Import(name="maxTtl")
private @Nullable Output maxTtl;
/**
* @return The maximum lease TTL, in seconds, for the role.
*
*/
public Optional> maxTtl() {
return Optional.ofNullable(this.maxTtl);
}
/**
* The name to identify this role within the backend. Must be unique within the backend.
*
*/
@Import(name="name")
private @Nullable Output name;
/**
* @return The name to identify this role within the backend. Must be unique within the backend.
*
*/
public Optional> name() {
return Optional.ofNullable(this.name);
}
/**
* The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
*/
@Import(name="namespace")
private @Nullable Output namespace;
/**
* @return The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
*/
public Optional> namespace() {
return Optional.ofNullable(this.namespace);
}
/**
* Flag to not store certificates in the storage backend
*
*/
@Import(name="noStore")
private @Nullable Output noStore;
/**
* @return Flag to not store certificates in the storage backend
*
*/
public Optional> noStore() {
return Optional.ofNullable(this.noStore);
}
/**
* Specifies the duration by which to backdate the NotBefore property.
*
*/
@Import(name="notBeforeDuration")
private @Nullable Output notBeforeDuration;
/**
* @return Specifies the duration by which to backdate the NotBefore property.
*
*/
public Optional> notBeforeDuration() {
return Optional.ofNullable(this.notBeforeDuration);
}
/**
* The organization unit of generated certificates
*
*/
@Import(name="organizationUnit")
private @Nullable Output> organizationUnit;
/**
* @return The organization unit of generated certificates
*
*/
public Optional>> organizationUnit() {
return Optional.ofNullable(this.organizationUnit);
}
/**
* The organization of generated certificates
*
*/
@Import(name="organizations")
private @Nullable Output> organizations;
/**
* @return The organization of generated certificates
*
*/
public Optional>> organizations() {
return Optional.ofNullable(this.organizations);
}
/**
* (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
*
*/
@Import(name="policyIdentifier")
private @Nullable Output> policyIdentifier;
/**
* @return (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
*
*/
public Optional>> policyIdentifier() {
return Optional.ofNullable(this.policyIdentifier);
}
/**
* Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
*
*/
@Import(name="policyIdentifiers")
private @Nullable Output> policyIdentifiers;
/**
* @return Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
*
*/
public Optional>> policyIdentifiers() {
return Optional.ofNullable(this.policyIdentifiers);
}
/**
* The postal code of generated certificates
*
*/
@Import(name="postalCodes")
private @Nullable Output> postalCodes;
/**
* @return The postal code of generated certificates
*
*/
public Optional>> postalCodes() {
return Optional.ofNullable(this.postalCodes);
}
/**
* The province of generated certificates
*
*/
@Import(name="provinces")
private @Nullable Output> provinces;
/**
* @return The province of generated certificates
*
*/
public Optional>> provinces() {
return Optional.ofNullable(this.provinces);
}
/**
* Flag to force CN usage
*
*/
@Import(name="requireCn")
private @Nullable Output requireCn;
/**
* @return Flag to force CN usage
*
*/
public Optional> requireCn() {
return Optional.ofNullable(this.requireCn);
}
/**
* Flag to specify certificates for server use
*
*/
@Import(name="serverFlag")
private @Nullable Output serverFlag;
/**
* @return Flag to specify certificates for server use
*
*/
public Optional> serverFlag() {
return Optional.ofNullable(this.serverFlag);
}
/**
* The street address of generated certificates
*
*/
@Import(name="streetAddresses")
private @Nullable Output> streetAddresses;
/**
* @return The street address of generated certificates
*
*/
public Optional>> streetAddresses() {
return Optional.ofNullable(this.streetAddresses);
}
/**
* The TTL, in seconds, for any certificate issued against this role.
*
*/
@Import(name="ttl")
private @Nullable Output ttl;
/**
* @return The TTL, in seconds, for any certificate issued against this role.
*
*/
public Optional> ttl() {
return Optional.ofNullable(this.ttl);
}
/**
* Flag to use the CN in the CSR
*
*/
@Import(name="useCsrCommonName")
private @Nullable Output useCsrCommonName;
/**
* @return Flag to use the CN in the CSR
*
*/
public Optional> useCsrCommonName() {
return Optional.ofNullable(this.useCsrCommonName);
}
/**
* Flag to use the SANs in the CSR
*
*/
@Import(name="useCsrSans")
private @Nullable Output useCsrSans;
/**
* @return Flag to use the SANs in the CSR
*
*/
public Optional> useCsrSans() {
return Optional.ofNullable(this.useCsrSans);
}
private SecretBackendRoleState() {}
private SecretBackendRoleState(SecretBackendRoleState $) {
this.allowAnyName = $.allowAnyName;
this.allowBareDomains = $.allowBareDomains;
this.allowGlobDomains = $.allowGlobDomains;
this.allowIpSans = $.allowIpSans;
this.allowLocalhost = $.allowLocalhost;
this.allowSubdomains = $.allowSubdomains;
this.allowWildcardCertificates = $.allowWildcardCertificates;
this.allowedDomains = $.allowedDomains;
this.allowedDomainsTemplate = $.allowedDomainsTemplate;
this.allowedOtherSans = $.allowedOtherSans;
this.allowedSerialNumbers = $.allowedSerialNumbers;
this.allowedUriSans = $.allowedUriSans;
this.allowedUriSansTemplate = $.allowedUriSansTemplate;
this.allowedUserIds = $.allowedUserIds;
this.backend = $.backend;
this.basicConstraintsValidForNonCa = $.basicConstraintsValidForNonCa;
this.clientFlag = $.clientFlag;
this.codeSigningFlag = $.codeSigningFlag;
this.countries = $.countries;
this.emailProtectionFlag = $.emailProtectionFlag;
this.enforceHostnames = $.enforceHostnames;
this.extKeyUsageOids = $.extKeyUsageOids;
this.extKeyUsages = $.extKeyUsages;
this.generateLease = $.generateLease;
this.issuerRef = $.issuerRef;
this.keyBits = $.keyBits;
this.keyType = $.keyType;
this.keyUsages = $.keyUsages;
this.localities = $.localities;
this.maxTtl = $.maxTtl;
this.name = $.name;
this.namespace = $.namespace;
this.noStore = $.noStore;
this.notBeforeDuration = $.notBeforeDuration;
this.organizationUnit = $.organizationUnit;
this.organizations = $.organizations;
this.policyIdentifier = $.policyIdentifier;
this.policyIdentifiers = $.policyIdentifiers;
this.postalCodes = $.postalCodes;
this.provinces = $.provinces;
this.requireCn = $.requireCn;
this.serverFlag = $.serverFlag;
this.streetAddresses = $.streetAddresses;
this.ttl = $.ttl;
this.useCsrCommonName = $.useCsrCommonName;
this.useCsrSans = $.useCsrSans;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(SecretBackendRoleState defaults) {
return new Builder(defaults);
}
public static final class Builder {
private SecretBackendRoleState $;
public Builder() {
$ = new SecretBackendRoleState();
}
public Builder(SecretBackendRoleState defaults) {
$ = new SecretBackendRoleState(Objects.requireNonNull(defaults));
}
/**
* @param allowAnyName Flag to allow any name
*
* @return builder
*
*/
public Builder allowAnyName(@Nullable Output allowAnyName) {
$.allowAnyName = allowAnyName;
return this;
}
/**
* @param allowAnyName Flag to allow any name
*
* @return builder
*
*/
public Builder allowAnyName(Boolean allowAnyName) {
return allowAnyName(Output.of(allowAnyName));
}
/**
* @param allowBareDomains Flag to allow certificates matching the actual domain
*
* @return builder
*
*/
public Builder allowBareDomains(@Nullable Output allowBareDomains) {
$.allowBareDomains = allowBareDomains;
return this;
}
/**
* @param allowBareDomains Flag to allow certificates matching the actual domain
*
* @return builder
*
*/
public Builder allowBareDomains(Boolean allowBareDomains) {
return allowBareDomains(Output.of(allowBareDomains));
}
/**
* @param allowGlobDomains Flag to allow names containing glob patterns.
*
* @return builder
*
*/
public Builder allowGlobDomains(@Nullable Output allowGlobDomains) {
$.allowGlobDomains = allowGlobDomains;
return this;
}
/**
* @param allowGlobDomains Flag to allow names containing glob patterns.
*
* @return builder
*
*/
public Builder allowGlobDomains(Boolean allowGlobDomains) {
return allowGlobDomains(Output.of(allowGlobDomains));
}
/**
* @param allowIpSans Flag to allow IP SANs
*
* @return builder
*
*/
public Builder allowIpSans(@Nullable Output allowIpSans) {
$.allowIpSans = allowIpSans;
return this;
}
/**
* @param allowIpSans Flag to allow IP SANs
*
* @return builder
*
*/
public Builder allowIpSans(Boolean allowIpSans) {
return allowIpSans(Output.of(allowIpSans));
}
/**
* @param allowLocalhost Flag to allow certificates for localhost
*
* @return builder
*
*/
public Builder allowLocalhost(@Nullable Output allowLocalhost) {
$.allowLocalhost = allowLocalhost;
return this;
}
/**
* @param allowLocalhost Flag to allow certificates for localhost
*
* @return builder
*
*/
public Builder allowLocalhost(Boolean allowLocalhost) {
return allowLocalhost(Output.of(allowLocalhost));
}
/**
* @param allowSubdomains Flag to allow certificates matching subdomains
*
* @return builder
*
*/
public Builder allowSubdomains(@Nullable Output allowSubdomains) {
$.allowSubdomains = allowSubdomains;
return this;
}
/**
* @param allowSubdomains Flag to allow certificates matching subdomains
*
* @return builder
*
*/
public Builder allowSubdomains(Boolean allowSubdomains) {
return allowSubdomains(Output.of(allowSubdomains));
}
/**
* @param allowWildcardCertificates Flag to allow wildcard certificates.
*
* @return builder
*
*/
public Builder allowWildcardCertificates(@Nullable Output allowWildcardCertificates) {
$.allowWildcardCertificates = allowWildcardCertificates;
return this;
}
/**
* @param allowWildcardCertificates Flag to allow wildcard certificates.
*
* @return builder
*
*/
public Builder allowWildcardCertificates(Boolean allowWildcardCertificates) {
return allowWildcardCertificates(Output.of(allowWildcardCertificates));
}
/**
* @param allowedDomains List of allowed domains for certificates
*
* @return builder
*
*/
public Builder allowedDomains(@Nullable Output> allowedDomains) {
$.allowedDomains = allowedDomains;
return this;
}
/**
* @param allowedDomains List of allowed domains for certificates
*
* @return builder
*
*/
public Builder allowedDomains(List allowedDomains) {
return allowedDomains(Output.of(allowedDomains));
}
/**
* @param allowedDomains List of allowed domains for certificates
*
* @return builder
*
*/
public Builder allowedDomains(String... allowedDomains) {
return allowedDomains(List.of(allowedDomains));
}
/**
* @param allowedDomainsTemplate Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
* @return builder
*
*/
public Builder allowedDomainsTemplate(@Nullable Output allowedDomainsTemplate) {
$.allowedDomainsTemplate = allowedDomainsTemplate;
return this;
}
/**
* @param allowedDomainsTemplate Flag, if set, `allowed_domains` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
* @return builder
*
*/
public Builder allowedDomainsTemplate(Boolean allowedDomainsTemplate) {
return allowedDomainsTemplate(Output.of(allowedDomainsTemplate));
}
/**
* @param allowedOtherSans Defines allowed custom SANs
*
* @return builder
*
*/
public Builder allowedOtherSans(@Nullable Output> allowedOtherSans) {
$.allowedOtherSans = allowedOtherSans;
return this;
}
/**
* @param allowedOtherSans Defines allowed custom SANs
*
* @return builder
*
*/
public Builder allowedOtherSans(List allowedOtherSans) {
return allowedOtherSans(Output.of(allowedOtherSans));
}
/**
* @param allowedOtherSans Defines allowed custom SANs
*
* @return builder
*
*/
public Builder allowedOtherSans(String... allowedOtherSans) {
return allowedOtherSans(List.of(allowedOtherSans));
}
/**
* @param allowedSerialNumbers An array of allowed serial numbers to put in Subject
*
* @return builder
*
*/
public Builder allowedSerialNumbers(@Nullable Output> allowedSerialNumbers) {
$.allowedSerialNumbers = allowedSerialNumbers;
return this;
}
/**
* @param allowedSerialNumbers An array of allowed serial numbers to put in Subject
*
* @return builder
*
*/
public Builder allowedSerialNumbers(List allowedSerialNumbers) {
return allowedSerialNumbers(Output.of(allowedSerialNumbers));
}
/**
* @param allowedSerialNumbers An array of allowed serial numbers to put in Subject
*
* @return builder
*
*/
public Builder allowedSerialNumbers(String... allowedSerialNumbers) {
return allowedSerialNumbers(List.of(allowedSerialNumbers));
}
/**
* @param allowedUriSans Defines allowed URI SANs
*
* @return builder
*
*/
public Builder allowedUriSans(@Nullable Output> allowedUriSans) {
$.allowedUriSans = allowedUriSans;
return this;
}
/**
* @param allowedUriSans Defines allowed URI SANs
*
* @return builder
*
*/
public Builder allowedUriSans(List allowedUriSans) {
return allowedUriSans(Output.of(allowedUriSans));
}
/**
* @param allowedUriSans Defines allowed URI SANs
*
* @return builder
*
*/
public Builder allowedUriSans(String... allowedUriSans) {
return allowedUriSans(List.of(allowedUriSans));
}
/**
* @param allowedUriSansTemplate Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
* @return builder
*
*/
public Builder allowedUriSansTemplate(@Nullable Output allowedUriSansTemplate) {
$.allowedUriSansTemplate = allowedUriSansTemplate;
return this;
}
/**
* @param allowedUriSansTemplate Flag, if set, `allowed_uri_sans` can be specified using identity template expressions such as `{{identity.entity.aliases.<mount accessor>.name}}`.
*
* @return builder
*
*/
public Builder allowedUriSansTemplate(Boolean allowedUriSansTemplate) {
return allowedUriSansTemplate(Output.of(allowedUriSansTemplate));
}
/**
* @param allowedUserIds Defines allowed User IDs
*
* @return builder
*
*/
public Builder allowedUserIds(@Nullable Output> allowedUserIds) {
$.allowedUserIds = allowedUserIds;
return this;
}
/**
* @param allowedUserIds Defines allowed User IDs
*
* @return builder
*
*/
public Builder allowedUserIds(List allowedUserIds) {
return allowedUserIds(Output.of(allowedUserIds));
}
/**
* @param allowedUserIds Defines allowed User IDs
*
* @return builder
*
*/
public Builder allowedUserIds(String... allowedUserIds) {
return allowedUserIds(List.of(allowedUserIds));
}
/**
* @param backend The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
*
* @return builder
*
*/
public Builder backend(@Nullable Output backend) {
$.backend = backend;
return this;
}
/**
* @param backend The path the PKI secret backend is mounted at, with no leading or trailing `/`s.
*
* @return builder
*
*/
public Builder backend(String backend) {
return backend(Output.of(backend));
}
/**
* @param basicConstraintsValidForNonCa Flag to mark basic constraints valid when issuing non-CA certificates
*
* @return builder
*
*/
public Builder basicConstraintsValidForNonCa(@Nullable Output basicConstraintsValidForNonCa) {
$.basicConstraintsValidForNonCa = basicConstraintsValidForNonCa;
return this;
}
/**
* @param basicConstraintsValidForNonCa Flag to mark basic constraints valid when issuing non-CA certificates
*
* @return builder
*
*/
public Builder basicConstraintsValidForNonCa(Boolean basicConstraintsValidForNonCa) {
return basicConstraintsValidForNonCa(Output.of(basicConstraintsValidForNonCa));
}
/**
* @param clientFlag Flag to specify certificates for client use
*
* @return builder
*
*/
public Builder clientFlag(@Nullable Output clientFlag) {
$.clientFlag = clientFlag;
return this;
}
/**
* @param clientFlag Flag to specify certificates for client use
*
* @return builder
*
*/
public Builder clientFlag(Boolean clientFlag) {
return clientFlag(Output.of(clientFlag));
}
/**
* @param codeSigningFlag Flag to specify certificates for code signing use
*
* @return builder
*
*/
public Builder codeSigningFlag(@Nullable Output codeSigningFlag) {
$.codeSigningFlag = codeSigningFlag;
return this;
}
/**
* @param codeSigningFlag Flag to specify certificates for code signing use
*
* @return builder
*
*/
public Builder codeSigningFlag(Boolean codeSigningFlag) {
return codeSigningFlag(Output.of(codeSigningFlag));
}
/**
* @param countries The country of generated certificates
*
* @return builder
*
*/
public Builder countries(@Nullable Output> countries) {
$.countries = countries;
return this;
}
/**
* @param countries The country of generated certificates
*
* @return builder
*
*/
public Builder countries(List countries) {
return countries(Output.of(countries));
}
/**
* @param countries The country of generated certificates
*
* @return builder
*
*/
public Builder countries(String... countries) {
return countries(List.of(countries));
}
/**
* @param emailProtectionFlag Flag to specify certificates for email protection use
*
* @return builder
*
*/
public Builder emailProtectionFlag(@Nullable Output emailProtectionFlag) {
$.emailProtectionFlag = emailProtectionFlag;
return this;
}
/**
* @param emailProtectionFlag Flag to specify certificates for email protection use
*
* @return builder
*
*/
public Builder emailProtectionFlag(Boolean emailProtectionFlag) {
return emailProtectionFlag(Output.of(emailProtectionFlag));
}
/**
* @param enforceHostnames Flag to allow only valid host names
*
* @return builder
*
*/
public Builder enforceHostnames(@Nullable Output enforceHostnames) {
$.enforceHostnames = enforceHostnames;
return this;
}
/**
* @param enforceHostnames Flag to allow only valid host names
*
* @return builder
*
*/
public Builder enforceHostnames(Boolean enforceHostnames) {
return enforceHostnames(Output.of(enforceHostnames));
}
/**
* @param extKeyUsageOids Specify the allowed extended key usage OIDs constraint on issued certificates
*
* @return builder
*
*/
public Builder extKeyUsageOids(@Nullable Output> extKeyUsageOids) {
$.extKeyUsageOids = extKeyUsageOids;
return this;
}
/**
* @param extKeyUsageOids Specify the allowed extended key usage OIDs constraint on issued certificates
*
* @return builder
*
*/
public Builder extKeyUsageOids(List extKeyUsageOids) {
return extKeyUsageOids(Output.of(extKeyUsageOids));
}
/**
* @param extKeyUsageOids Specify the allowed extended key usage OIDs constraint on issued certificates
*
* @return builder
*
*/
public Builder extKeyUsageOids(String... extKeyUsageOids) {
return extKeyUsageOids(List.of(extKeyUsageOids));
}
/**
* @param extKeyUsages Specify the allowed extended key usage constraint on issued certificates
*
* @return builder
*
*/
public Builder extKeyUsages(@Nullable Output> extKeyUsages) {
$.extKeyUsages = extKeyUsages;
return this;
}
/**
* @param extKeyUsages Specify the allowed extended key usage constraint on issued certificates
*
* @return builder
*
*/
public Builder extKeyUsages(List extKeyUsages) {
return extKeyUsages(Output.of(extKeyUsages));
}
/**
* @param extKeyUsages Specify the allowed extended key usage constraint on issued certificates
*
* @return builder
*
*/
public Builder extKeyUsages(String... extKeyUsages) {
return extKeyUsages(List.of(extKeyUsages));
}
/**
* @param generateLease Flag to generate leases with certificates
*
* @return builder
*
*/
public Builder generateLease(@Nullable Output generateLease) {
$.generateLease = generateLease;
return this;
}
/**
* @param generateLease Flag to generate leases with certificates
*
* @return builder
*
*/
public Builder generateLease(Boolean generateLease) {
return generateLease(Output.of(generateLease));
}
/**
* @param issuerRef Specifies the default issuer of this request. May
* be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
* the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
* overriding the role's `issuer_ref` value.
*
* @return builder
*
*/
public Builder issuerRef(@Nullable Output issuerRef) {
$.issuerRef = issuerRef;
return this;
}
/**
* @param issuerRef Specifies the default issuer of this request. May
* be the value `default`, a name, or an issuer ID. Use ACLs to prevent access to
* the `/pki/issuer/:issuer_ref/{issue,sign}/:name` paths to prevent users
* overriding the role's `issuer_ref` value.
*
* @return builder
*
*/
public Builder issuerRef(String issuerRef) {
return issuerRef(Output.of(issuerRef));
}
/**
* @param keyBits The number of bits of generated keys
*
* @return builder
*
*/
public Builder keyBits(@Nullable Output keyBits) {
$.keyBits = keyBits;
return this;
}
/**
* @param keyBits The number of bits of generated keys
*
* @return builder
*
*/
public Builder keyBits(Integer keyBits) {
return keyBits(Output.of(keyBits));
}
/**
* @param keyType The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
* Defaults to `rsa`
*
* @return builder
*
*/
public Builder keyType(@Nullable Output keyType) {
$.keyType = keyType;
return this;
}
/**
* @param keyType The generated key type, choices: `rsa`, `ec`, `ed25519`, `any`
* Defaults to `rsa`
*
* @return builder
*
*/
public Builder keyType(String keyType) {
return keyType(Output.of(keyType));
}
/**
* @param keyUsages Specify the allowed key usage constraint on issued
* certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
* To specify no default key usage constraints, set this to an empty list `[]`.
*
* @return builder
*
*/
public Builder keyUsages(@Nullable Output> keyUsages) {
$.keyUsages = keyUsages;
return this;
}
/**
* @param keyUsages Specify the allowed key usage constraint on issued
* certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
* To specify no default key usage constraints, set this to an empty list `[]`.
*
* @return builder
*
*/
public Builder keyUsages(List keyUsages) {
return keyUsages(Output.of(keyUsages));
}
/**
* @param keyUsages Specify the allowed key usage constraint on issued
* certificates. Defaults to `["DigitalSignature", "KeyAgreement", "KeyEncipherment"])`.
* To specify no default key usage constraints, set this to an empty list `[]`.
*
* @return builder
*
*/
public Builder keyUsages(String... keyUsages) {
return keyUsages(List.of(keyUsages));
}
/**
* @param localities The locality of generated certificates
*
* @return builder
*
*/
public Builder localities(@Nullable Output> localities) {
$.localities = localities;
return this;
}
/**
* @param localities The locality of generated certificates
*
* @return builder
*
*/
public Builder localities(List localities) {
return localities(Output.of(localities));
}
/**
* @param localities The locality of generated certificates
*
* @return builder
*
*/
public Builder localities(String... localities) {
return localities(List.of(localities));
}
/**
* @param maxTtl The maximum lease TTL, in seconds, for the role.
*
* @return builder
*
*/
public Builder maxTtl(@Nullable Output maxTtl) {
$.maxTtl = maxTtl;
return this;
}
/**
* @param maxTtl The maximum lease TTL, in seconds, for the role.
*
* @return builder
*
*/
public Builder maxTtl(String maxTtl) {
return maxTtl(Output.of(maxTtl));
}
/**
* @param name The name to identify this role within the backend. Must be unique within the backend.
*
* @return builder
*
*/
public Builder name(@Nullable Output name) {
$.name = name;
return this;
}
/**
* @param name The name to identify this role within the backend. Must be unique within the backend.
*
* @return builder
*
*/
public Builder name(String name) {
return name(Output.of(name));
}
/**
* @param namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
* @return builder
*
*/
public Builder namespace(@Nullable Output namespace) {
$.namespace = namespace;
return this;
}
/**
* @param namespace The namespace to provision the resource in.
* The value should not contain leading or trailing forward slashes.
* The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
* *Available only for Vault Enterprise*.
*
* @return builder
*
*/
public Builder namespace(String namespace) {
return namespace(Output.of(namespace));
}
/**
* @param noStore Flag to not store certificates in the storage backend
*
* @return builder
*
*/
public Builder noStore(@Nullable Output noStore) {
$.noStore = noStore;
return this;
}
/**
* @param noStore Flag to not store certificates in the storage backend
*
* @return builder
*
*/
public Builder noStore(Boolean noStore) {
return noStore(Output.of(noStore));
}
/**
* @param notBeforeDuration Specifies the duration by which to backdate the NotBefore property.
*
* @return builder
*
*/
public Builder notBeforeDuration(@Nullable Output notBeforeDuration) {
$.notBeforeDuration = notBeforeDuration;
return this;
}
/**
* @param notBeforeDuration Specifies the duration by which to backdate the NotBefore property.
*
* @return builder
*
*/
public Builder notBeforeDuration(String notBeforeDuration) {
return notBeforeDuration(Output.of(notBeforeDuration));
}
/**
* @param organizationUnit The organization unit of generated certificates
*
* @return builder
*
*/
public Builder organizationUnit(@Nullable Output> organizationUnit) {
$.organizationUnit = organizationUnit;
return this;
}
/**
* @param organizationUnit The organization unit of generated certificates
*
* @return builder
*
*/
public Builder organizationUnit(List organizationUnit) {
return organizationUnit(Output.of(organizationUnit));
}
/**
* @param organizationUnit The organization unit of generated certificates
*
* @return builder
*
*/
public Builder organizationUnit(String... organizationUnit) {
return organizationUnit(List.of(organizationUnit));
}
/**
* @param organizations The organization of generated certificates
*
* @return builder
*
*/
public Builder organizations(@Nullable Output> organizations) {
$.organizations = organizations;
return this;
}
/**
* @param organizations The organization of generated certificates
*
* @return builder
*
*/
public Builder organizations(List organizations) {
return organizations(Output.of(organizations));
}
/**
* @param organizations The organization of generated certificates
*
* @return builder
*
*/
public Builder organizations(String... organizations) {
return organizations(List.of(organizations));
}
/**
* @param policyIdentifier (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
*
* @return builder
*
*/
public Builder policyIdentifier(@Nullable Output> policyIdentifier) {
$.policyIdentifier = policyIdentifier;
return this;
}
/**
* @param policyIdentifier (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
*
* @return builder
*
*/
public Builder policyIdentifier(List policyIdentifier) {
return policyIdentifier(Output.of(policyIdentifier));
}
/**
* @param policyIdentifier (Vault 1.11+ only) A block for specifying policy identifers. The `policy_identifier` block can be repeated, and supports the following arguments:
*
* @return builder
*
*/
public Builder policyIdentifier(SecretBackendRolePolicyIdentifierArgs... policyIdentifier) {
return policyIdentifier(List.of(policyIdentifier));
}
/**
* @param policyIdentifiers Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
*
* @return builder
*
*/
public Builder policyIdentifiers(@Nullable Output> policyIdentifiers) {
$.policyIdentifiers = policyIdentifiers;
return this;
}
/**
* @param policyIdentifiers Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
*
* @return builder
*
*/
public Builder policyIdentifiers(List policyIdentifiers) {
return policyIdentifiers(Output.of(policyIdentifiers));
}
/**
* @param policyIdentifiers Specify the list of allowed policies OIDs. Use with Vault 1.10 or before. For Vault 1.11+, use `policy_identifier` blocks instead
*
* @return builder
*
*/
public Builder policyIdentifiers(String... policyIdentifiers) {
return policyIdentifiers(List.of(policyIdentifiers));
}
/**
* @param postalCodes The postal code of generated certificates
*
* @return builder
*
*/
public Builder postalCodes(@Nullable Output> postalCodes) {
$.postalCodes = postalCodes;
return this;
}
/**
* @param postalCodes The postal code of generated certificates
*
* @return builder
*
*/
public Builder postalCodes(List postalCodes) {
return postalCodes(Output.of(postalCodes));
}
/**
* @param postalCodes The postal code of generated certificates
*
* @return builder
*
*/
public Builder postalCodes(String... postalCodes) {
return postalCodes(List.of(postalCodes));
}
/**
* @param provinces The province of generated certificates
*
* @return builder
*
*/
public Builder provinces(@Nullable Output> provinces) {
$.provinces = provinces;
return this;
}
/**
* @param provinces The province of generated certificates
*
* @return builder
*
*/
public Builder provinces(List provinces) {
return provinces(Output.of(provinces));
}
/**
* @param provinces The province of generated certificates
*
* @return builder
*
*/
public Builder provinces(String... provinces) {
return provinces(List.of(provinces));
}
/**
* @param requireCn Flag to force CN usage
*
* @return builder
*
*/
public Builder requireCn(@Nullable Output requireCn) {
$.requireCn = requireCn;
return this;
}
/**
* @param requireCn Flag to force CN usage
*
* @return builder
*
*/
public Builder requireCn(Boolean requireCn) {
return requireCn(Output.of(requireCn));
}
/**
* @param serverFlag Flag to specify certificates for server use
*
* @return builder
*
*/
public Builder serverFlag(@Nullable Output serverFlag) {
$.serverFlag = serverFlag;
return this;
}
/**
* @param serverFlag Flag to specify certificates for server use
*
* @return builder
*
*/
public Builder serverFlag(Boolean serverFlag) {
return serverFlag(Output.of(serverFlag));
}
/**
* @param streetAddresses The street address of generated certificates
*
* @return builder
*
*/
public Builder streetAddresses(@Nullable Output> streetAddresses) {
$.streetAddresses = streetAddresses;
return this;
}
/**
* @param streetAddresses The street address of generated certificates
*
* @return builder
*
*/
public Builder streetAddresses(List streetAddresses) {
return streetAddresses(Output.of(streetAddresses));
}
/**
* @param streetAddresses The street address of generated certificates
*
* @return builder
*
*/
public Builder streetAddresses(String... streetAddresses) {
return streetAddresses(List.of(streetAddresses));
}
/**
* @param ttl The TTL, in seconds, for any certificate issued against this role.
*
* @return builder
*
*/
public Builder ttl(@Nullable Output ttl) {
$.ttl = ttl;
return this;
}
/**
* @param ttl The TTL, in seconds, for any certificate issued against this role.
*
* @return builder
*
*/
public Builder ttl(String ttl) {
return ttl(Output.of(ttl));
}
/**
* @param useCsrCommonName Flag to use the CN in the CSR
*
* @return builder
*
*/
public Builder useCsrCommonName(@Nullable Output useCsrCommonName) {
$.useCsrCommonName = useCsrCommonName;
return this;
}
/**
* @param useCsrCommonName Flag to use the CN in the CSR
*
* @return builder
*
*/
public Builder useCsrCommonName(Boolean useCsrCommonName) {
return useCsrCommonName(Output.of(useCsrCommonName));
}
/**
* @param useCsrSans Flag to use the SANs in the CSR
*
* @return builder
*
*/
public Builder useCsrSans(@Nullable Output useCsrSans) {
$.useCsrSans = useCsrSans;
return this;
}
/**
* @param useCsrSans Flag to use the SANs in the CSR
*
* @return builder
*
*/
public Builder useCsrSans(Boolean useCsrSans) {
return useCsrSans(Output.of(useCsrSans));
}
public SecretBackendRoleState build() {
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy