{ "name": "venafi", "version": "1.12.1", "description": "A Pulumi package for creating and managing venafi cloud resources.", "keywords": [ "pulumi", "venafi" ], "homepage": "https://pulumi.io", "license": "Apache-2.0", "attribution": "This Pulumi package is based on the [`venafi` Terraform Provider](https://github.com/Venafi/terraform-provider-venafi).", "repository": "https://github.com/pulumi/pulumi-venafi", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "packageReferences": { "Pulumi": "3.*" }, "compatibility": "tfbridge20", "respectSchemaVersion": true }, "go": { "importBasePath": "github.com/pulumi/pulumi-venafi/sdk/go/venafi", "generateResourceContainerTypes": true, "generateExtraInputTypes": true, "respectSchemaVersion": true }, "nodejs": { "packageDescription": "A Pulumi package for creating and managing venafi cloud resources.", "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/Venafi/terraform-provider-venafi)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-venafi` repo](https://github.com/pulumi/pulumi-venafi/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-venafi` repo](https://github.com/Venafi/terraform-provider-venafi/issues).", "devDependencies": { "@types/mime": "^2.0.0", "@types/node": "^10.0.0" }, "compatibility": "tfbridge20", "disableUnionOutputTypes": true, "respectSchemaVersion": true }, "python": { "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/Venafi/terraform-provider-venafi)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-venafi` repo](https://github.com/pulumi/pulumi-venafi/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-venafi` repo](https://github.com/Venafi/terraform-provider-venafi/issues).", "compatibility": "tfbridge20", "respectSchemaVersion": true, "pyproject": { "enabled": true } } }, "config": { "variables": { "accessToken": { "type": "string", "description": "Access token for Venafi TLSPDC, user should use this for authentication", "secret": true }, "apiKey": { "type": "string", "description": "API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d", "secret": true }, "clientId": { "type": "string", "description": "application that will be using the token" }, "devMode": { "type": "boolean", "description": "When set to true, the resulting certificate will be issued by an ephemeral, no trust CA rather than enrolling using Venafi as a Service or Trust Protection Platform. Useful for development and testing" }, "externalJwt": { "type": "string", "description": "JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token", "secret": true }, "p12CertData": { "type": "string", "description": "Base64 encoded PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to TLSPDC" }, "p12CertFilename": { "type": "string", "description": "Filename of PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to TLSPDC" }, "p12CertPassword": { "type": "string", "description": "Password for the PKCS#12 keystore declared in p12_cert / p12_cert_data", "secret": true }, "skipRetirement": { "type": "boolean" }, "tokenUrl": { "type": "string", "description": "Endpoint URL to request new Venafi Control Plane access tokens", "secret": true }, "tppPassword": { "type": "string", "description": "Password for WebSDK user. Example: password", "deprecationMessage": ", please use access_token instead", "secret": true }, "tppUsername": { "type": "string", "description": "WebSDK user for Venafi TLSPDC. Example: admin", "deprecationMessage": ", please use access_token instead" }, "trustBundle": { "type": "string", "description": "Use to specify a PEM-formatted file that contains certificates to be trust anchors for all communications with the Venafi Web Service.\nExample:\n trust_bundle = \"${file(\"chain.pem\")}\"" }, "url": { "type": "string", "description": "The Venafi Platform URL. Example: https://tpp.venafi.example/vedsdk" }, "zone": { "type": "string", "description": "DN of the Venafi TLSPDC policy folder or name of the Venafi as a Service application plus issuing template alias. \nExample for Platform: testPolicy\\\\vault\nExample for Venafi as a Service: myApp\\\\Default" } } }, "provider": { "description": "The provider type for the venafi package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "accessToken": { "type": "string", "description": "Access token for Venafi TLSPDC, user should use this for authentication", "secret": true }, "apiKey": { "type": "string", "description": "API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d", "secret": true }, "clientId": { "type": "string", "description": "application that will be using the token" }, "externalJwt": { "type": "string", "description": "JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token", "secret": true }, "p12CertData": { "type": "string", "description": "Base64 encoded PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to TLSPDC" }, "p12CertFilename": { "type": "string", "description": "Filename of PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to TLSPDC" }, "p12CertPassword": { "type": "string", "description": "Password for the PKCS#12 keystore declared in p12_cert / p12_cert_data", "secret": true }, "tokenUrl": { "type": "string", "description": "Endpoint URL to request new Venafi Control Plane access tokens", "secret": true }, "tppPassword": { "type": "string", "description": "Password for WebSDK user. Example: password", "deprecationMessage": ", please use access_token instead", "secret": true }, "tppUsername": { "type": "string", "description": "WebSDK user for Venafi TLSPDC. Example: admin", "deprecationMessage": ", please use access_token instead" }, "trustBundle": { "type": "string", "description": "Use to specify a PEM-formatted file that contains certificates to be trust anchors for all communications with the Venafi Web Service.\nExample:\n trust_bundle = \"${file(\"chain.pem\")}\"" }, "url": { "type": "string", "description": "The Venafi Platform URL. Example: https://tpp.venafi.example/vedsdk" }, "zone": { "type": "string", "description": "DN of the Venafi TLSPDC policy folder or name of the Venafi as a Service application plus issuing template alias. \nExample for Platform: testPolicy\\\\vault\nExample for Venafi as a Service: myApp\\\\Default" } }, "type": "object", "inputProperties": { "accessToken": { "type": "string", "description": "Access token for Venafi TLSPDC, user should use this for authentication", "secret": true }, "apiKey": { "type": "string", "description": "API key for Venafi Control Plane. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d", "secret": true }, "clientId": { "type": "string", "description": "application that will be using the token" }, "devMode": { "type": "boolean", "description": "When set to true, the resulting certificate will be issued by an ephemeral, no trust CA rather than enrolling using Venafi as a Service or Trust Protection Platform. Useful for development and testing" }, "externalJwt": { "type": "string", "description": "JWT of the identity provider associated to the Venafi Control Plane service account that is granting the access token", "secret": true }, "p12CertData": { "type": "string", "description": "Base64 encoded PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to TLSPDC" }, "p12CertFilename": { "type": "string", "description": "Filename of PKCS#12 keystore containing a client certificate, private key, and chain certificates to authenticate to TLSPDC" }, "p12CertPassword": { "type": "string", "description": "Password for the PKCS#12 keystore declared in p12_cert / p12_cert_data", "secret": true }, "skipRetirement": { "type": "boolean" }, "tokenUrl": { "type": "string", "description": "Endpoint URL to request new Venafi Control Plane access tokens", "secret": true }, "tppPassword": { "type": "string", "description": "Password for WebSDK user. Example: password", "deprecationMessage": ", please use access_token instead", "secret": true }, "tppUsername": { "type": "string", "description": "WebSDK user for Venafi TLSPDC. Example: admin", "deprecationMessage": ", please use access_token instead" }, "trustBundle": { "type": "string", "description": "Use to specify a PEM-formatted file that contains certificates to be trust anchors for all communications with the Venafi Web Service.\nExample:\n trust_bundle = \"${file(\"chain.pem\")}\"" }, "url": { "type": "string", "description": "The Venafi Platform URL. Example: https://tpp.venafi.example/vedsdk" }, "zone": { "type": "string", "description": "DN of the Venafi TLSPDC policy folder or name of the Venafi as a Service application plus issuing template alias. \nExample for Platform: testPolicy\\\\vault\nExample for Venafi as a Service: myApp\\\\Default" } }, "methods": { "terraformConfig": "pulumi:providers:venafi/terraformConfig" } }, "resources": { "venafi:index/certificate:Certificate": { "properties": { "algorithm": { "type": "string", "description": "Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.\n" }, "certificate": { "type": "string", "description": "The X509 certificate in PEM format.\n", "language": { "csharp": { "name": "CertificateDetails" } } }, "certificateDn": { "type": "string" }, "certificateId": { "type": "string", "description": "ID of the issued certificate" }, "chain": { "type": "string", "description": "The trust chain of X509 certificate authority certificates in PEM format concatenated together.\n" }, "commonName": { "type": "string", "description": "The common name of the certificate.\n" }, "country": { "type": "string", "description": "Country of the certificate (C)" }, "csrOrigin": { "type": "string", "description": "Whether key-pair generation will be `local` or `service` generated. Default is \n`local`.\n" }, "csrPem": { "type": "string" }, "customFields": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Collection of Custom Field name-value pairs to assign to the certificate.\n" }, "ecdsaCurve": { "type": "string", "description": "ECDSA curve to use when generating a key" }, "expirationWindow": { "type": "integer", "description": "Number of hours before certificate expiry to request a new certificate. \nDefaults to `168`.\n" }, "issuerHint": { "type": "string", "description": "Used with `valid_days` to indicate the target issuer when using Trust Protection \nPlatform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.\n" }, "keyPassword": { "type": "string", "description": "The password used to encrypt the private key.\n", "secret": true }, "locality": { "type": "string", "description": "Locality/City of the certificate (L)" }, "nickname": { "type": "string", "description": "Use to specify a name for the new certificate object that will be created and placed \nin a policy. Only valid for Trust Protection Platform.\n" }, "organization": { "type": "string", "description": "Organization of the certificate (O)" }, "organizationalUnits": { "type": "array", "items": { "type": "string" }, "description": "List of Organizational Units of the certificate (OU)" }, "pkcs12": { "type": "string", "description": "A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like \nazure key_vault_certificate.\n" }, "privateKeyPem": { "type": "string", "description": "The private key in PEM format.\n", "secret": true }, "renewRequired": { "type": "boolean", "description": "Indicates the certificate should be reissued. This means the resource will destroyed and recreated" }, "rsaBits": { "type": "integer", "description": "Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`. \nDefaults to `2048`.\n" }, "sanDns": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names to use as alternative subjects of the certificate.\n" }, "sanEmails": { "type": "array", "items": { "type": "string" }, "description": "List of email addresses to use as alternative subjects of the certificate.\n" }, "sanIps": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses to use as alternative subjects of the certificate.\n" }, "sanUris": { "type": "array", "items": { "type": "string" }, "description": "List of Uniform Resource Identifiers (URIs) to use as alternative subjects of \nthe certificate.\n" }, "state": { "type": "string", "description": "State of the certificate (S)" }, "tags": { "type": "array", "items": { "type": "string" }, "description": "List of Certificate Tags defined in Venafi Control Plane.\n" }, "validDays": { "type": "integer", "description": "Desired number of days for which the new certificate will be valid.\n" } }, "type": "object", "required": [ "certificate", "certificateDn", "certificateId", "chain", "commonName", "csrPem", "pkcs12", "privateKeyPem" ], "inputProperties": { "algorithm": { "type": "string", "description": "Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.\n", "willReplaceOnChanges": true }, "certificateDn": { "type": "string" }, "commonName": { "type": "string", "description": "The common name of the certificate.\n", "willReplaceOnChanges": true }, "country": { "type": "string", "description": "Country of the certificate (C)", "willReplaceOnChanges": true }, "csrOrigin": { "type": "string", "description": "Whether key-pair generation will be `local` or `service` generated. Default is \n`local`.\n", "willReplaceOnChanges": true }, "csrPem": { "type": "string" }, "customFields": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Collection of Custom Field name-value pairs to assign to the certificate.\n", "willReplaceOnChanges": true }, "ecdsaCurve": { "type": "string", "description": "ECDSA curve to use when generating a key", "willReplaceOnChanges": true }, "expirationWindow": { "type": "integer", "description": "Number of hours before certificate expiry to request a new certificate. \nDefaults to `168`.\n" }, "issuerHint": { "type": "string", "description": "Used with `valid_days` to indicate the target issuer when using Trust Protection \nPlatform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.\n", "willReplaceOnChanges": true }, "keyPassword": { "type": "string", "description": "The password used to encrypt the private key.\n", "secret": true, "willReplaceOnChanges": true }, "locality": { "type": "string", "description": "Locality/City of the certificate (L)", "willReplaceOnChanges": true }, "nickname": { "type": "string", "description": "Use to specify a name for the new certificate object that will be created and placed \nin a policy. Only valid for Trust Protection Platform.\n", "willReplaceOnChanges": true }, "organization": { "type": "string", "description": "Organization of the certificate (O)", "willReplaceOnChanges": true }, "organizationalUnits": { "type": "array", "items": { "type": "string" }, "description": "List of Organizational Units of the certificate (OU)", "willReplaceOnChanges": true }, "pkcs12": { "type": "string", "description": "A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like \nazure key_vault_certificate.\n" }, "privateKeyPem": { "type": "string", "description": "The private key in PEM format.\n", "secret": true }, "renewRequired": { "type": "boolean", "description": "Indicates the certificate should be reissued. This means the resource will destroyed and recreated", "willReplaceOnChanges": true }, "rsaBits": { "type": "integer", "description": "Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`. \nDefaults to `2048`.\n", "willReplaceOnChanges": true }, "sanDns": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names to use as alternative subjects of the certificate.\n", "willReplaceOnChanges": true }, "sanEmails": { "type": "array", "items": { "type": "string" }, "description": "List of email addresses to use as alternative subjects of the certificate.\n", "willReplaceOnChanges": true }, "sanIps": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses to use as alternative subjects of the certificate.\n", "willReplaceOnChanges": true }, "sanUris": { "type": "array", "items": { "type": "string" }, "description": "List of Uniform Resource Identifiers (URIs) to use as alternative subjects of \nthe certificate.\n", "willReplaceOnChanges": true }, "state": { "type": "string", "description": "State of the certificate (S)", "willReplaceOnChanges": true }, "tags": { "type": "array", "items": { "type": "string" }, "description": "List of Certificate Tags defined in Venafi Control Plane.\n" }, "validDays": { "type": "integer", "description": "Desired number of days for which the new certificate will be valid.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "commonName" ], "stateInputs": { "description": "Input properties used for looking up and filtering Certificate resources.\n", "properties": { "algorithm": { "type": "string", "description": "Key encryption algorithm, either RSA or ECDSA. Defaults to `RSA`.\n", "willReplaceOnChanges": true }, "certificate": { "type": "string", "description": "The X509 certificate in PEM format.\n", "language": { "csharp": { "name": "CertificateDetails" } } }, "certificateDn": { "type": "string" }, "certificateId": { "type": "string", "description": "ID of the issued certificate" }, "chain": { "type": "string", "description": "The trust chain of X509 certificate authority certificates in PEM format concatenated together.\n" }, "commonName": { "type": "string", "description": "The common name of the certificate.\n", "willReplaceOnChanges": true }, "country": { "type": "string", "description": "Country of the certificate (C)", "willReplaceOnChanges": true }, "csrOrigin": { "type": "string", "description": "Whether key-pair generation will be `local` or `service` generated. Default is \n`local`.\n", "willReplaceOnChanges": true }, "csrPem": { "type": "string" }, "customFields": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Collection of Custom Field name-value pairs to assign to the certificate.\n", "willReplaceOnChanges": true }, "ecdsaCurve": { "type": "string", "description": "ECDSA curve to use when generating a key", "willReplaceOnChanges": true }, "expirationWindow": { "type": "integer", "description": "Number of hours before certificate expiry to request a new certificate. \nDefaults to `168`.\n" }, "issuerHint": { "type": "string", "description": "Used with `valid_days` to indicate the target issuer when using Trust Protection \nPlatform. Relevant values are: `DigiCert`, `Entrust`, and `Microsoft`.\n", "willReplaceOnChanges": true }, "keyPassword": { "type": "string", "description": "The password used to encrypt the private key.\n", "secret": true, "willReplaceOnChanges": true }, "locality": { "type": "string", "description": "Locality/City of the certificate (L)", "willReplaceOnChanges": true }, "nickname": { "type": "string", "description": "Use to specify a name for the new certificate object that will be created and placed \nin a policy. Only valid for Trust Protection Platform.\n", "willReplaceOnChanges": true }, "organization": { "type": "string", "description": "Organization of the certificate (O)", "willReplaceOnChanges": true }, "organizationalUnits": { "type": "array", "items": { "type": "string" }, "description": "List of Organizational Units of the certificate (OU)", "willReplaceOnChanges": true }, "pkcs12": { "type": "string", "description": "A base64-encoded PKCS#12 keystore secured by the `key_password`. Useful when working with resources like \nazure key_vault_certificate.\n" }, "privateKeyPem": { "type": "string", "description": "The private key in PEM format.\n", "secret": true }, "renewRequired": { "type": "boolean", "description": "Indicates the certificate should be reissued. This means the resource will destroyed and recreated", "willReplaceOnChanges": true }, "rsaBits": { "type": "integer", "description": "Number of bits to use when generating an RSA key. Applies when algorithm is `RSA`. \nDefaults to `2048`.\n", "willReplaceOnChanges": true }, "sanDns": { "type": "array", "items": { "type": "string" }, "description": "List of DNS names to use as alternative subjects of the certificate.\n", "willReplaceOnChanges": true }, "sanEmails": { "type": "array", "items": { "type": "string" }, "description": "List of email addresses to use as alternative subjects of the certificate.\n", "willReplaceOnChanges": true }, "sanIps": { "type": "array", "items": { "type": "string" }, "description": "List of IP addresses to use as alternative subjects of the certificate.\n", "willReplaceOnChanges": true }, "sanUris": { "type": "array", "items": { "type": "string" }, "description": "List of Uniform Resource Identifiers (URIs) to use as alternative subjects of \nthe certificate.\n", "willReplaceOnChanges": true }, "state": { "type": "string", "description": "State of the certificate (S)", "willReplaceOnChanges": true }, "tags": { "type": "array", "items": { "type": "string" }, "description": "List of Certificate Tags defined in Venafi Control Plane.\n" }, "validDays": { "type": "integer", "description": "Desired number of days for which the new certificate will be valid.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "venafi:index/cloudKeystoreInstallation:CloudKeystoreInstallation": { "description": "Provisions a certificate from Venafi Control Plane's inventory to any of the supported Cloud Providers: Amazon \nCertificate Manager, Azure KeyVault or Google Certificate Manager. Exports the ID of the provisioned certificate: \ncertificate name for AKV and GCM or ARN for ACM.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as venafi from \"@pulumi/venafi\";\n\n// Provision a certificate to cloud keystore with static values\nconst ckInstallationExampleById = new venafi.CloudKeystoreInstallation(\"ck_installation_example_by_id\", {\n cloudKeystoreId: \"e48897d0-2762-11ef-198k-79ac590dd358\",\n certificateId: \"1877af16-2762-11ef-8fab-cc123456ff7\",\n cloudCertificateName: \"com-terraform-example-com\",\n});\n// Provision a certificate to cloud keystore\nconst ckInstallationExample = new venafi.CloudKeystoreInstallation(\"ck_installation_example\", {\n cloudKeystoreId: ckExample.id,\n certificateId: certificateExample.certificateId,\n cloudCertificateName: certificateExample.commonName,\n});\n```\n```python\nimport pulumi\nimport pulumi_venafi as venafi\n\n# Provision a certificate to cloud keystore with static values\nck_installation_example_by_id = venafi.CloudKeystoreInstallation(\"ck_installation_example_by_id\",\n cloud_keystore_id=\"e48897d0-2762-11ef-198k-79ac590dd358\",\n certificate_id=\"1877af16-2762-11ef-8fab-cc123456ff7\",\n cloud_certificate_name=\"com-terraform-example-com\")\n# Provision a certificate to cloud keystore\nck_installation_example = venafi.CloudKeystoreInstallation(\"ck_installation_example\",\n cloud_keystore_id=ck_example[\"id\"],\n certificate_id=certificate_example[\"certificateId\"],\n cloud_certificate_name=certificate_example[\"commonName\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Venafi = Pulumi.Venafi;\n\nreturn await Deployment.RunAsync(() => \n{\n // Provision a certificate to cloud keystore with static values\n var ckInstallationExampleById = new Venafi.CloudKeystoreInstallation(\"ck_installation_example_by_id\", new()\n {\n CloudKeystoreId = \"e48897d0-2762-11ef-198k-79ac590dd358\",\n CertificateId = \"1877af16-2762-11ef-8fab-cc123456ff7\",\n CloudCertificateName = \"com-terraform-example-com\",\n });\n\n // Provision a certificate to cloud keystore\n var ckInstallationExample = new Venafi.CloudKeystoreInstallation(\"ck_installation_example\", new()\n {\n CloudKeystoreId = ckExample.Id,\n CertificateId = certificateExample.CertificateId,\n CloudCertificateName = certificateExample.CommonName,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-venafi/sdk/go/venafi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Provision a certificate to cloud keystore with static values\n\t\t_, err := venafi.NewCloudKeystoreInstallation(ctx, \"ck_installation_example_by_id\", &venafi.CloudKeystoreInstallationArgs{\n\t\t\tCloudKeystoreId: pulumi.String(\"e48897d0-2762-11ef-198k-79ac590dd358\"),\n\t\t\tCertificateId: pulumi.String(\"1877af16-2762-11ef-8fab-cc123456ff7\"),\n\t\t\tCloudCertificateName: pulumi.String(\"com-terraform-example-com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Provision a certificate to cloud keystore\n\t\t_, err = venafi.NewCloudKeystoreInstallation(ctx, \"ck_installation_example\", &venafi.CloudKeystoreInstallationArgs{\n\t\t\tCloudKeystoreId: pulumi.Any(ckExample.Id),\n\t\t\tCertificateId: pulumi.Any(certificateExample.CertificateId),\n\t\t\tCloudCertificateName: pulumi.Any(certificateExample.CommonName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.venafi.CloudKeystoreInstallation;\nimport com.pulumi.venafi.CloudKeystoreInstallationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Provision a certificate to cloud keystore with static values\n var ckInstallationExampleById = new CloudKeystoreInstallation(\"ckInstallationExampleById\", CloudKeystoreInstallationArgs.builder()\n .cloudKeystoreId(\"e48897d0-2762-11ef-198k-79ac590dd358\")\n .certificateId(\"1877af16-2762-11ef-8fab-cc123456ff7\")\n .cloudCertificateName(\"com-terraform-example-com\")\n .build());\n\n // Provision a certificate to cloud keystore\n var ckInstallationExample = new CloudKeystoreInstallation(\"ckInstallationExample\", CloudKeystoreInstallationArgs.builder()\n .cloudKeystoreId(ckExample.id())\n .certificateId(certificateExample.certificateId())\n .cloudCertificateName(certificateExample.commonName())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Provision a certificate to cloud keystore with static values\n ckInstallationExampleById:\n type: venafi:CloudKeystoreInstallation\n name: ck_installation_example_by_id\n properties:\n cloudKeystoreId: e48897d0-2762-11ef-198k-79ac590dd358\n certificateId: 1877af16-2762-11ef-8fab-cc123456ff7\n cloudCertificateName: com-terraform-example-com\n # Provision a certificate to cloud keystore\n ckInstallationExample:\n type: venafi:CloudKeystoreInstallation\n name: ck_installation_example\n properties:\n cloudKeystoreId: ${ckExample.id}\n certificateId: ${certificateExample.certificateId}\n cloudCertificateName: ${certificateExample.commonName}\n```\n\n\n## Import\n\nUsing `pulumi import`, import a Machine Identity from Venafi Control Plane using their ID. For example:\n\nconsole\n\n```sh\n$ pulumi import venafi:index/cloudKeystoreInstallation:CloudKeystoreInstallation example 2155bd32-2234-22ac-7cfd-ff1198845aa2\n```\n\n", "properties": { "arn": { "type": "string", "description": "ARN of the AWS certificate. Use it to provision the VCP certificate to an existing ACM certificate, instead of a new one. Only valid for ACM keystores.\n" }, "certificateId": { "type": "string", "description": "ID of the certificate to be provisioned to the given `keystore_id`.\n" }, "cloudCertificateId": { "type": "string", "description": "The ID of the provisioned certificate within the Cloud Keystore\n" }, "cloudCertificateMetadata": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Metadata of the provisioned certificate from the Cloud Keystore\n" }, "cloudCertificateName": { "type": "string", "description": "Name for the provisioned certificate in the keystore. If the name already exists, the provisioning will replace the previous certificate with the one from `certificate_id`. Only valid for AKV and GCM keystores.\n" }, "cloudKeystoreId": { "type": "string", "description": "ID of the cloud keystore where the certificate will be provisioned.\n" }, "gcmCertScope": { "type": "string", "description": "The GCM certificate scope of the certificate. Only valid for GCM keystores. Supported values from GCM API documentation: DEFAULT, EDGE_CACHE, ALL_REGIONS.\n" } }, "type": "object", "required": [ "certificateId", "cloudCertificateId", "cloudCertificateMetadata", "cloudKeystoreId" ], "inputProperties": { "arn": { "type": "string", "description": "ARN of the AWS certificate. Use it to provision the VCP certificate to an existing ACM certificate, instead of a new one. Only valid for ACM keystores.\n", "willReplaceOnChanges": true }, "certificateId": { "type": "string", "description": "ID of the certificate to be provisioned to the given `keystore_id`.\n" }, "cloudCertificateName": { "type": "string", "description": "Name for the provisioned certificate in the keystore. If the name already exists, the provisioning will replace the previous certificate with the one from `certificate_id`. Only valid for AKV and GCM keystores.\n", "willReplaceOnChanges": true }, "cloudKeystoreId": { "type": "string", "description": "ID of the cloud keystore where the certificate will be provisioned.\n", "willReplaceOnChanges": true }, "gcmCertScope": { "type": "string", "description": "The GCM certificate scope of the certificate. Only valid for GCM keystores. Supported values from GCM API documentation: DEFAULT, EDGE_CACHE, ALL_REGIONS.\n" } }, "requiredInputs": [ "certificateId", "cloudKeystoreId" ], "stateInputs": { "description": "Input properties used for looking up and filtering CloudKeystoreInstallation resources.\n", "properties": { "arn": { "type": "string", "description": "ARN of the AWS certificate. Use it to provision the VCP certificate to an existing ACM certificate, instead of a new one. Only valid for ACM keystores.\n", "willReplaceOnChanges": true }, "certificateId": { "type": "string", "description": "ID of the certificate to be provisioned to the given `keystore_id`.\n" }, "cloudCertificateId": { "type": "string", "description": "The ID of the provisioned certificate within the Cloud Keystore\n" }, "cloudCertificateMetadata": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Metadata of the provisioned certificate from the Cloud Keystore\n" }, "cloudCertificateName": { "type": "string", "description": "Name for the provisioned certificate in the keystore. If the name already exists, the provisioning will replace the previous certificate with the one from `certificate_id`. Only valid for AKV and GCM keystores.\n", "willReplaceOnChanges": true }, "cloudKeystoreId": { "type": "string", "description": "ID of the cloud keystore where the certificate will be provisioned.\n", "willReplaceOnChanges": true }, "gcmCertScope": { "type": "string", "description": "The GCM certificate scope of the certificate. Only valid for GCM keystores. Supported values from GCM API documentation: DEFAULT, EDGE_CACHE, ALL_REGIONS.\n" } }, "type": "object" } }, "venafi:index/policy:Policy": { "description": "Provides access to read and write certificate policy in Venafi. This can be used to define a new policy (folder in \n*Trust Protection Platform*; application and issuing template in *Venafi Control Plane*).\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as std from \"@pulumi/std\";\nimport * as venafi from \"@pulumi/venafi\";\n\nconst internalPolicy = new venafi.Policy(\"internal_policy\", {\n zone: \"My Business App\\\\Enterprise Trusted Certs\",\n policySpecification: std.file({\n input: \"/path-to/internal-policy.json\",\n }).then(invoke => invoke.result),\n});\n```\n```python\nimport pulumi\nimport pulumi_std as std\nimport pulumi_venafi as venafi\n\ninternal_policy = venafi.Policy(\"internal_policy\",\n zone=\"My Business App\\\\Enterprise Trusted Certs\",\n policy_specification=std.file(input=\"/path-to/internal-policy.json\").result)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Std = Pulumi.Std;\nusing Venafi = Pulumi.Venafi;\n\nreturn await Deployment.RunAsync(() => \n{\n var internalPolicy = new Venafi.Policy(\"internal_policy\", new()\n {\n Zone = \"My Business App\\\\Enterprise Trusted Certs\",\n PolicySpecification = Std.File.Invoke(new()\n {\n Input = \"/path-to/internal-policy.json\",\n }).Apply(invoke => invoke.Result),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi-venafi/sdk/go/venafi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinvokeFile, err := std.File(ctx, &std.FileArgs{\n\t\t\tInput: \"/path-to/internal-policy.json\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = venafi.NewPolicy(ctx, \"internal_policy\", &venafi.PolicyArgs{\n\t\t\tZone: pulumi.String(\"My Business App\\\\Enterprise Trusted Certs\"),\n\t\t\tPolicySpecification: pulumi.String(invokeFile.Result),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.venafi.Policy;\nimport com.pulumi.venafi.PolicyArgs;\nimport com.pulumi.std.StdFunctions;\nimport com.pulumi.std.inputs.FileArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var internalPolicy = new Policy(\"internalPolicy\", PolicyArgs.builder()\n .zone(\"My Business App\\\\Enterprise Trusted Certs\")\n .policySpecification(StdFunctions.file(FileArgs.builder()\n .input(\"/path-to/internal-policy.json\")\n .build()).result())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n internalPolicy:\n type: venafi:Policy\n name: internal_policy\n properties:\n zone: My Business App\\Enterprise Trusted Certs\n policySpecification:\n fn::invoke:\n function: std:file\n arguments:\n input: /path-to/internal-policy.json\n return: result\n```\n\n\n## Import\n\nThe `venafi_policy` resource supports the Terraform import method. \n\nWhen used, the `zone` and `policy_specification` resource arguments are not required since the zone is a required \n\nparameter of the import method and the policy specification is populated from the existing infrastructure. Policy that \n\nis successfully imported is also output to a file named after the zone that was specified.\n\nhcl\n\nresource \"venafi_policy\" \"existing_policy\" {}\n\n```sh\n$ pulumi import venafi:index/policy:Policy existing_policy\" \"My Business App\\\\Enterprise Trusted Certs\"\n```\n\n", "properties": { "policySpecification": { "type": "string", "description": "The JSON-formatted certificate policy specification as documented \n[here](https://github.com/Venafi/vcert/blob/master/README-POLICY-SPEC.md). Typically read from a file using the `file`\nfunction.\n" }, "zone": { "type": "string", "description": "The *Trust Protection Plaform* policy folder or *Venafi Control Plane* application and \nissuing template.\n" } }, "type": "object", "inputProperties": { "policySpecification": { "type": "string", "description": "The JSON-formatted certificate policy specification as documented \n[here](https://github.com/Venafi/vcert/blob/master/README-POLICY-SPEC.md). Typically read from a file using the `file`\nfunction.\n", "willReplaceOnChanges": true }, "zone": { "type": "string", "description": "The *Trust Protection Plaform* policy folder or *Venafi Control Plane* application and \nissuing template.\n", "willReplaceOnChanges": true } }, "stateInputs": { "description": "Input properties used for looking up and filtering Policy resources.\n", "properties": { "policySpecification": { "type": "string", "description": "The JSON-formatted certificate policy specification as documented \n[here](https://github.com/Venafi/vcert/blob/master/README-POLICY-SPEC.md). Typically read from a file using the `file`\nfunction.\n", "willReplaceOnChanges": true }, "zone": { "type": "string", "description": "The *Trust Protection Plaform* policy folder or *Venafi Control Plane* application and \nissuing template.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "venafi:index/sshCertificate:SshCertificate": { "description": "Provides access to request and retrieve SSH certificates from *Venafi Trust Protection Platform*.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as venafi from \"@pulumi/venafi\";\n\nconst sshCert = new venafi.SshCertificate(\"ssh_cert\", {\n keyId: \"my-first-ssh-certificate\",\n template: \"Sample SSH CA\",\n publicKeyMethod: \"local\",\n keyPassphrase: \"passw0rd\",\n keySize: 3072,\n principals: [\"seamus\"],\n validHours: 24,\n});\n```\n```python\nimport pulumi\nimport pulumi_venafi as venafi\n\nssh_cert = venafi.SshCertificate(\"ssh_cert\",\n key_id=\"my-first-ssh-certificate\",\n template=\"Sample SSH CA\",\n public_key_method=\"local\",\n key_passphrase=\"passw0rd\",\n key_size=3072,\n principals=[\"seamus\"],\n valid_hours=24)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Venafi = Pulumi.Venafi;\n\nreturn await Deployment.RunAsync(() => \n{\n var sshCert = new Venafi.SshCertificate(\"ssh_cert\", new()\n {\n KeyId = \"my-first-ssh-certificate\",\n Template = \"Sample SSH CA\",\n PublicKeyMethod = \"local\",\n KeyPassphrase = \"passw0rd\",\n KeySize = 3072,\n Principals = new[]\n {\n \"seamus\",\n },\n ValidHours = 24,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-venafi/sdk/go/venafi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := venafi.NewSshCertificate(ctx, \"ssh_cert\", &venafi.SshCertificateArgs{\n\t\t\tKeyId: pulumi.String(\"my-first-ssh-certificate\"),\n\t\t\tTemplate: pulumi.String(\"Sample SSH CA\"),\n\t\t\tPublicKeyMethod: pulumi.String(\"local\"),\n\t\t\tKeyPassphrase: pulumi.String(\"passw0rd\"),\n\t\t\tKeySize: pulumi.Int(3072),\n\t\t\tPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"seamus\"),\n\t\t\t},\n\t\t\tValidHours: pulumi.Int(24),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.venafi.SshCertificate;\nimport com.pulumi.venafi.SshCertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sshCert = new SshCertificate(\"sshCert\", SshCertificateArgs.builder()\n .keyId(\"my-first-ssh-certificate\")\n .template(\"Sample SSH CA\")\n .publicKeyMethod(\"local\")\n .keyPassphrase(\"passw0rd\")\n .keySize(3072)\n .principals(\"seamus\")\n .validHours(24)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sshCert:\n type: venafi:SshCertificate\n name: ssh_cert\n properties:\n keyId: my-first-ssh-certificate\n template: Sample SSH CA\n publicKeyMethod: local\n keyPassphrase: passw0rd\n keySize: 3072\n principals:\n - seamus\n validHours: 24\n```\n\n", "properties": { "certificate": { "type": "string", "description": "The issued SSH certificate.\n" }, "certificateType": { "type": "string", "description": "Indicates whether the SSH certificate is for client or server authentication.\n" }, "destinationAddresses": { "type": "array", "items": { "type": "string" }, "description": "A list of one or more valid IP or CIDR destination hosts where the \ncertificate will authenticate.\n" }, "extensions": { "type": "array", "items": { "type": "string" }, "description": "A list of key-value pairs that contain certificate extensions from the CA \ntemplate for client certificates. Allowed values (case-sensitive): `permit-X11-forwarding`, `permit-agent-forwarding`,\n`permit-port-forwarding`, `permit-pty`, `permit-user-rc`.\n" }, "folder": { "type": "string", "description": "The DN of the policy folder where the SSH certificate object will be created.\n" }, "forceCommand": { "type": "string", "description": "A command to run after successful login.\n" }, "keyId": { "type": "string", "description": "The identifier of the requested SSH certificate.\n" }, "keyPassphrase": { "type": "string", "description": "Passphrase for encrypting the private key.\n", "secret": true }, "keySize": { "type": "integer", "description": "Number of bits to use when creating a key pair. (e.g. `3072`).\n" }, "objectName": { "type": "string", "description": "The friendly name of the SSH certificate object. When not specified the `key_id` \nis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new\ncertificate.\n" }, "principal": { "type": "array", "items": { "type": "string" }, "description": "[DEPRECATED] - (Optional, set of strings) Use \"principals\" instead. A list of usernames for whom the \nrequested certificate will be valid.\n", "deprecationMessage": "This will be removed in the future. Use \"principals\" instead" }, "principals": { "type": "array", "items": { "type": "string" }, "description": "A list of usernames for whom the requested certificate will be valid.\n" }, "privateKey": { "type": "string", "description": "The private key for the SSH certificate if generated by Venafi.\n" }, "publicKey": { "type": "string", "description": "The OpenSSH formatted public key that will be used to generate the SSH certificate.\n" }, "publicKeyFingerprint": { "type": "string", "description": "The SHA256 fingerprint of the SSH certificate's public key.\n" }, "publicKeyMethod": { "type": "string", "description": "Specifies whether the public key will be `local` (default), `file` or \n`service` generated.\n" }, "serial": { "type": "string", "description": "The serial number of the SSH certificate.\n" }, "signingCa": { "type": "string", "description": "The SHA256 fingerprint of the CA that signed the SSH certificate.\n" }, "sourceAddresses": { "type": "array", "items": { "type": "string" }, "description": "A list of one or more valid IP or CIDR addresses that can use the SSH \ncertificate.\n" }, "template": { "type": "string", "description": "The SSH certificate issuing template.\n" }, "validFrom": { "type": "string", "description": "The date the SSH certificate was issued.\n" }, "validHours": { "type": "integer", "description": "Desired number of hours for which the certificate will be valid.\n" }, "validTo": { "type": "string", "description": "The date the SSH certificate will expire.\n" }, "windows": { "type": "boolean", "description": "Specifies whether the private key will use Windows/DOS style line breaks.\n" } }, "type": "object", "required": [ "certificate", "certificateType", "keyId", "privateKey", "publicKeyFingerprint", "serial", "signingCa", "template", "validFrom", "validTo" ], "inputProperties": { "destinationAddresses": { "type": "array", "items": { "type": "string" }, "description": "A list of one or more valid IP or CIDR destination hosts where the \ncertificate will authenticate.\n", "willReplaceOnChanges": true }, "extensions": { "type": "array", "items": { "type": "string" }, "description": "A list of key-value pairs that contain certificate extensions from the CA \ntemplate for client certificates. Allowed values (case-sensitive): `permit-X11-forwarding`, `permit-agent-forwarding`,\n`permit-port-forwarding`, `permit-pty`, `permit-user-rc`.\n", "willReplaceOnChanges": true }, "folder": { "type": "string", "description": "The DN of the policy folder where the SSH certificate object will be created.\n", "willReplaceOnChanges": true }, "forceCommand": { "type": "string", "description": "A command to run after successful login.\n", "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The identifier of the requested SSH certificate.\n", "willReplaceOnChanges": true }, "keyPassphrase": { "type": "string", "description": "Passphrase for encrypting the private key.\n", "secret": true, "willReplaceOnChanges": true }, "keySize": { "type": "integer", "description": "Number of bits to use when creating a key pair. (e.g. `3072`).\n", "willReplaceOnChanges": true }, "objectName": { "type": "string", "description": "The friendly name of the SSH certificate object. When not specified the `key_id` \nis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new\ncertificate.\n", "willReplaceOnChanges": true }, "principal": { "type": "array", "items": { "type": "string" }, "description": "[DEPRECATED] - (Optional, set of strings) Use \"principals\" instead. A list of usernames for whom the \nrequested certificate will be valid.\n", "deprecationMessage": "This will be removed in the future. Use \"principals\" instead", "willReplaceOnChanges": true }, "principals": { "type": "array", "items": { "type": "string" }, "description": "A list of usernames for whom the requested certificate will be valid.\n", "willReplaceOnChanges": true }, "publicKey": { "type": "string", "description": "The OpenSSH formatted public key that will be used to generate the SSH certificate.\n", "willReplaceOnChanges": true }, "publicKeyMethod": { "type": "string", "description": "Specifies whether the public key will be `local` (default), `file` or \n`service` generated.\n", "willReplaceOnChanges": true }, "sourceAddresses": { "type": "array", "items": { "type": "string" }, "description": "A list of one or more valid IP or CIDR addresses that can use the SSH \ncertificate.\n", "willReplaceOnChanges": true }, "template": { "type": "string", "description": "The SSH certificate issuing template.\n", "willReplaceOnChanges": true }, "validHours": { "type": "integer", "description": "Desired number of hours for which the certificate will be valid.\n", "willReplaceOnChanges": true }, "windows": { "type": "boolean", "description": "Specifies whether the private key will use Windows/DOS style line breaks.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "keyId", "template" ], "stateInputs": { "description": "Input properties used for looking up and filtering SshCertificate resources.\n", "properties": { "certificate": { "type": "string", "description": "The issued SSH certificate.\n" }, "certificateType": { "type": "string", "description": "Indicates whether the SSH certificate is for client or server authentication.\n" }, "destinationAddresses": { "type": "array", "items": { "type": "string" }, "description": "A list of one or more valid IP or CIDR destination hosts where the \ncertificate will authenticate.\n", "willReplaceOnChanges": true }, "extensions": { "type": "array", "items": { "type": "string" }, "description": "A list of key-value pairs that contain certificate extensions from the CA \ntemplate for client certificates. Allowed values (case-sensitive): `permit-X11-forwarding`, `permit-agent-forwarding`,\n`permit-port-forwarding`, `permit-pty`, `permit-user-rc`.\n", "willReplaceOnChanges": true }, "folder": { "type": "string", "description": "The DN of the policy folder where the SSH certificate object will be created.\n", "willReplaceOnChanges": true }, "forceCommand": { "type": "string", "description": "A command to run after successful login.\n", "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The identifier of the requested SSH certificate.\n", "willReplaceOnChanges": true }, "keyPassphrase": { "type": "string", "description": "Passphrase for encrypting the private key.\n", "secret": true, "willReplaceOnChanges": true }, "keySize": { "type": "integer", "description": "Number of bits to use when creating a key pair. (e.g. `3072`).\n", "willReplaceOnChanges": true }, "objectName": { "type": "string", "description": "The friendly name of the SSH certificate object. When not specified the `key_id` \nis used for the friendly name. If the object already exists the old certificate is archived and the CA issues a new\ncertificate.\n", "willReplaceOnChanges": true }, "principal": { "type": "array", "items": { "type": "string" }, "description": "[DEPRECATED] - (Optional, set of strings) Use \"principals\" instead. A list of usernames for whom the \nrequested certificate will be valid.\n", "deprecationMessage": "This will be removed in the future. Use \"principals\" instead", "willReplaceOnChanges": true }, "principals": { "type": "array", "items": { "type": "string" }, "description": "A list of usernames for whom the requested certificate will be valid.\n", "willReplaceOnChanges": true }, "privateKey": { "type": "string", "description": "The private key for the SSH certificate if generated by Venafi.\n" }, "publicKey": { "type": "string", "description": "The OpenSSH formatted public key that will be used to generate the SSH certificate.\n", "willReplaceOnChanges": true }, "publicKeyFingerprint": { "type": "string", "description": "The SHA256 fingerprint of the SSH certificate's public key.\n" }, "publicKeyMethod": { "type": "string", "description": "Specifies whether the public key will be `local` (default), `file` or \n`service` generated.\n", "willReplaceOnChanges": true }, "serial": { "type": "string", "description": "The serial number of the SSH certificate.\n" }, "signingCa": { "type": "string", "description": "The SHA256 fingerprint of the CA that signed the SSH certificate.\n" }, "sourceAddresses": { "type": "array", "items": { "type": "string" }, "description": "A list of one or more valid IP or CIDR addresses that can use the SSH \ncertificate.\n", "willReplaceOnChanges": true }, "template": { "type": "string", "description": "The SSH certificate issuing template.\n", "willReplaceOnChanges": true }, "validFrom": { "type": "string", "description": "The date the SSH certificate was issued.\n" }, "validHours": { "type": "integer", "description": "Desired number of hours for which the certificate will be valid.\n", "willReplaceOnChanges": true }, "validTo": { "type": "string", "description": "The date the SSH certificate will expire.\n" }, "windows": { "type": "boolean", "description": "Specifies whether the private key will use Windows/DOS style line breaks.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "venafi:index/sshConfig:SshConfig": { "description": "Provides access to retrieve configuration from SSH certificate issuance template from *Venafi Trust Protection Platform*.\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as venafi from \"@pulumi/venafi\";\n\nconst cit = new venafi.SshConfig(\"cit\", {template: \"devops-terraform-cit\"});\n```\n```python\nimport pulumi\nimport pulumi_venafi as venafi\n\ncit = venafi.SshConfig(\"cit\", template=\"devops-terraform-cit\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Venafi = Pulumi.Venafi;\n\nreturn await Deployment.RunAsync(() => \n{\n var cit = new Venafi.SshConfig(\"cit\", new()\n {\n Template = \"devops-terraform-cit\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-venafi/sdk/go/venafi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := venafi.NewSshConfig(ctx, \"cit\", &venafi.SshConfigArgs{\n\t\t\tTemplate: pulumi.String(\"devops-terraform-cit\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.venafi.SshConfig;\nimport com.pulumi.venafi.SshConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cit = new SshConfig(\"cit\", SshConfigArgs.builder()\n .template(\"devops-terraform-cit\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cit:\n type: venafi:SshConfig\n properties:\n template: devops-terraform-cit\n```\n\n", "properties": { "caPublicKey": { "type": "string", "description": "(Optional, string) The template's CA public key.\n" }, "principals": { "type": "array", "items": { "type": "string" }, "description": "(Optional, set of strings) A list of user names exported from the template.\n" }, "template": { "type": "string", "description": "The SSH certificate issuing template.\n" } }, "type": "object", "required": [ "caPublicKey", "principals", "template" ], "inputProperties": { "template": { "type": "string", "description": "The SSH certificate issuing template.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "template" ], "stateInputs": { "description": "Input properties used for looking up and filtering SshConfig resources.\n", "properties": { "caPublicKey": { "type": "string", "description": "(Optional, string) The template's CA public key.\n" }, "principals": { "type": "array", "items": { "type": "string" }, "description": "(Optional, set of strings) A list of user names exported from the template.\n" }, "template": { "type": "string", "description": "The SSH certificate issuing template.\n", "willReplaceOnChanges": true } }, "type": "object" } } }, "functions": { "pulumi:providers:venafi/terraformConfig": { "description": "This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.", "inputs": { "properties": { "__self__": { "$ref": "#/resources/pulumi:providers:venafi" } }, "type": "object", "required": [ "__self__" ] }, "outputs": { "properties": { "result": { "additionalProperties": { "$ref": "pulumi.json#/Any" }, "type": "object" } }, "required": [ "result" ], "type": "object" } }, "venafi:index/getCloudKeystore:getCloudKeystore": { "description": "Use this data source to get the `ID` of a cloud keystore in Venafi Control Plane, referenced by its name and parent \ncloud provider ID. You can use `venafi.getCloudProvider` data source to obtain the ID of the parent cloud provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as venafi from \"@pulumi/venafi\";\n\n// Find a cloud keystore with a static cloud provider id\nconst ckExampleById = venafi.getCloudKeystore({\n cloudProviderId: \"e48897d0-2762-11ef-8fab-79ac590dd358\",\n name: \"Cloud Keystore Example\",\n});\n// Find a cloud keystore by using venafi_cloud_provider data source as input\nconst ckExample = venafi.getCloudKeystore({\n cloudProviderId: cpExample.id,\n name: \"Cloud Keystore example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_venafi as venafi\n\n# Find a cloud keystore with a static cloud provider id\nck_example_by_id = venafi.get_cloud_keystore(cloud_provider_id=\"e48897d0-2762-11ef-8fab-79ac590dd358\",\n name=\"Cloud Keystore Example\")\n# Find a cloud keystore by using venafi_cloud_provider data source as input\nck_example = venafi.get_cloud_keystore(cloud_provider_id=cp_example[\"id\"],\n name=\"Cloud Keystore example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Venafi = Pulumi.Venafi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Find a cloud keystore with a static cloud provider id\n var ckExampleById = Venafi.GetCloudKeystore.Invoke(new()\n {\n CloudProviderId = \"e48897d0-2762-11ef-8fab-79ac590dd358\",\n Name = \"Cloud Keystore Example\",\n });\n\n // Find a cloud keystore by using venafi_cloud_provider data source as input\n var ckExample = Venafi.GetCloudKeystore.Invoke(new()\n {\n CloudProviderId = cpExample.Id,\n Name = \"Cloud Keystore example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-venafi/sdk/go/venafi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Find a cloud keystore with a static cloud provider id\n\t\t_, err := venafi.GetCloudKeystore(ctx, \u0026venafi.GetCloudKeystoreArgs{\n\t\t\tCloudProviderId: \"e48897d0-2762-11ef-8fab-79ac590dd358\",\n\t\t\tName: \"Cloud Keystore Example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Find a cloud keystore by using venafi_cloud_provider data source as input\n\t\t_, err = venafi.GetCloudKeystore(ctx, \u0026venafi.GetCloudKeystoreArgs{\n\t\t\tCloudProviderId: cpExample.Id,\n\t\t\tName: \"Cloud Keystore example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.venafi.VenafiFunctions;\nimport com.pulumi.venafi.inputs.GetCloudKeystoreArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Find a cloud keystore with a static cloud provider id\n final var ckExampleById = VenafiFunctions.getCloudKeystore(GetCloudKeystoreArgs.builder()\n .cloudProviderId(\"e48897d0-2762-11ef-8fab-79ac590dd358\")\n .name(\"Cloud Keystore Example\")\n .build());\n\n // Find a cloud keystore by using venafi_cloud_provider data source as input\n final var ckExample = VenafiFunctions.getCloudKeystore(GetCloudKeystoreArgs.builder()\n .cloudProviderId(cpExample.id())\n .name(\"Cloud Keystore example\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Find a cloud keystore with a static cloud provider id\n ckExampleById:\n fn::invoke:\n function: venafi:getCloudKeystore\n arguments:\n cloudProviderId: e48897d0-2762-11ef-8fab-79ac590dd358\n name: Cloud Keystore Example\n # Find a cloud keystore by using venafi_cloud_provider data source as input\n ckExample:\n fn::invoke:\n function: venafi:getCloudKeystore\n arguments:\n cloudProviderId: ${cpExample.id}\n name: Cloud Keystore example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCloudKeystore.\n", "properties": { "cloudProviderId": { "type": "string", "description": "ID of the cloud provider whom the cloud keystore to look up belongs to.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "Name of the cloud keystore to look up.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "cloudProviderId", "name" ] }, "outputs": { "description": "A collection of values returned by getCloudKeystore.\n", "properties": { "cloudProviderId": { "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.", "type": "string" }, "machineIdentitiesCount": { "description": "Number of machine identities provisioned to the cloud keystore.\n", "type": "integer" }, "name": { "type": "string" }, "type": { "description": "The cloud keystore type. Either `ACM`, `AKV` or `GCM`.\n", "type": "string" } }, "required": [ "cloudProviderId", "id", "machineIdentitiesCount", "name", "type" ], "type": "object" } }, "venafi:index/getCloudProvider:getCloudProvider": { "description": "Use this data source to get the `ID` of a cloud provider in Venafi Control Plane, referenced by its name.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as venafi from \"@pulumi/venafi\";\n\n// Find a cloud provider\nconst cpExample = venafi.getCloudProvider({\n name: \"Cloud Provider Example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_venafi as venafi\n\n# Find a cloud provider\ncp_example = venafi.get_cloud_provider(name=\"Cloud Provider Example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Venafi = Pulumi.Venafi;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Find a cloud provider\n var cpExample = Venafi.GetCloudProvider.Invoke(new()\n {\n Name = \"Cloud Provider Example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-venafi/sdk/go/venafi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Find a cloud provider\n\t\t_, err := venafi.GetCloudProvider(ctx, \u0026venafi.GetCloudProviderArgs{\n\t\t\tName: \"Cloud Provider Example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.venafi.VenafiFunctions;\nimport com.pulumi.venafi.inputs.GetCloudProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Find a cloud provider\n final var cpExample = VenafiFunctions.getCloudProvider(GetCloudProviderArgs.builder()\n .name(\"Cloud Provider Example\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n # Find a cloud provider\n cpExample:\n fn::invoke:\n function: venafi:getCloudProvider\n arguments:\n name: Cloud Provider Example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCloudProvider.\n", "properties": { "name": { "type": "string", "description": "Name of the Cloud Provider to look up.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getCloudProvider.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.", "type": "string" }, "keystoresCount": { "description": "Number of Cloud Keystores configured with the Cloud Provider\n", "type": "integer" }, "name": { "type": "string" }, "status": { "description": "The status of the Cloud Provider. Either `VALIDATED` or `NOT_VALIDATED`.\n", "type": "string" }, "statusDetails": { "description": "The details of the Cloud Provider status. If the status is `VALIDATED`, this value will be empty.\n", "type": "string" }, "type": { "description": "The Cloud Provider type. Either `AWS`, `AZURE` or `GCP`\n", "type": "string" } }, "required": [ "id", "keystoresCount", "name", "status", "statusDetails", "type" ], "type": "object" } } } }