/** * HashiCorp Vault API * HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`. * * The version of the OpenAPI document: 1.20.0 * * * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). * https://openapi-generator.tech * Do not edit the class manually. */ /** * * @export * @interface PkiWriteRoleRequest */ export interface PkiWriteRoleRequest { /** * If set, clients can request certificates for any domain, regardless of allowed_domains restrictions. See the documentation for more information. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowAnyName?: boolean; /** * If set, clients can request certificates for the base domains themselves, e.g. "example.com" of domains listed in allowed_domains. This is a separate option as in some cases this can be considered a security threat. See the documentation for more information. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowBareDomains?: boolean; /** * If set, domains specified in allowed_domains can include shell-style glob patterns, e.g. "ftp*.example.com". See the documentation for more information. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowGlobDomains?: boolean; /** * If set, IP Subject Alternative Names are allowed. Any valid IP is accepted and No authorization checking is performed. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowIpSans?: boolean; /** * Whether to allow "localhost" and "localdomain" as a valid common name in a request, independent of allowed_domains value. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowLocalhost?: boolean; /** * If set, clients can request certificates for subdomains of domains listed in allowed_domains, including wildcard subdomains. See the documentation for more information. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowSubdomains?: boolean; /** * If set, allows certificates with wildcards in the common name to be issued, conforming to RFC 6125's Section 6.4.3; e.g., "*.example.net" or "b*z.example.net". See the documentation for more information. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowWildcardCertificates?: boolean; /** * Specifies the domains this role is allowed to issue certificates for. This is used with the allow_bare_domains, allow_subdomains, and allow_glob_domains to determine matches for the common name, DNS-typed SAN entries, and Email-typed SAN entries of certificates. See the documentation for more information. This parameter accepts a comma-separated string or list of domains. * @type {Array} * @memberof PkiWriteRoleRequest */ allowedDomains?: Array; /** * If set, Allowed domains can be specified using identity template policies. Non-templated domains are also permitted. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowedDomainsTemplate?: boolean; /** * If set, an array of allowed other names to put in SANs. These values support globbing and must be in the format ;:. Currently only "utf8" is a valid type. All values, including globbing values, must use this syntax, with the exception being a single "*" which allows any OID and any value (but type must still be utf8). * @type {Array} * @memberof PkiWriteRoleRequest */ allowedOtherSans?: Array; /** * If set, an array of allowed serial numbers to put in Subject. These values support globbing. * @type {Array} * @memberof PkiWriteRoleRequest */ allowedSerialNumbers?: Array; /** * If set, an array of allowed URIs for URI Subject Alternative Names. Any valid URI is accepted, these values support globbing. * @type {Array} * @memberof PkiWriteRoleRequest */ allowedUriSans?: Array; /** * If set, Allowed URI SANs can be specified using identity template policies. Non-templated URI SANs are also permitted. * @type {boolean} * @memberof PkiWriteRoleRequest */ allowedUriSansTemplate?: boolean; /** * If set, an array of allowed user-ids to put in user system login name specified here: https://www.rfc-editor.org/rfc/rfc1274#section-9.3.1 * @type {Array} * @memberof PkiWriteRoleRequest */ allowedUserIds?: Array; /** * Backend Type * @type {string} * @memberof PkiWriteRoleRequest */ backend?: string; /** * Mark Basic Constraints valid when issuing non-CA certificates. * @type {boolean} * @memberof PkiWriteRoleRequest */ basicConstraintsValidForNonCa?: boolean; /** * If set, certificates are flagged for client auth use. Defaults to true. See also RFC 5280 Section 4.2.1.12. * @type {boolean} * @memberof PkiWriteRoleRequest */ clientFlag?: boolean; /** * List of allowed validations to run against the Common Name field. Values can include 'email' to validate the CN is a email address, 'hostname' to validate the CN is a valid hostname (potentially including wildcards). When multiple validations are specified, these take OR semantics (either email OR hostname are allowed). The special value 'disabled' allows disabling all CN name validations, allowing for arbitrary non-Hostname, non-Email address CNs. * @type {Array} * @memberof PkiWriteRoleRequest */ cnValidations?: Array; /** * If set, certificates are flagged for code signing use. Defaults to false. See also RFC 5280 Section 4.2.1.12. * @type {boolean} * @memberof PkiWriteRoleRequest */ codeSigningFlag?: boolean; /** * If set, Country will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ country?: Array; /** * If set, certificates are flagged for email protection use. Defaults to false. See also RFC 5280 Section 4.2.1.12. * @type {boolean} * @memberof PkiWriteRoleRequest */ emailProtectionFlag?: boolean; /** * If set, only valid host names are allowed for CN and DNS SANs, and the host part of email addresses. Defaults to true. * @type {boolean} * @memberof PkiWriteRoleRequest */ enforceHostnames?: boolean; /** * A comma-separated string or list of extended key usages. Valid values can be found at https://golang.org/pkg/crypto/x509/#ExtKeyUsage -- simply drop the "ExtKeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list. See also RFC 5280 Section 4.2.1.12. * @type {Array} * @memberof PkiWriteRoleRequest */ extKeyUsage?: Array; /** * A comma-separated string or list of extended key usage oids. * @type {Array} * @memberof PkiWriteRoleRequest */ extKeyUsageOids?: Array; /** * If set, certificates issued/signed against this role will have Vault leases attached to them. Defaults to "false". Certificates can be added to the CRL by "vault revoke " when certificates are associated with leases. It can also be done using the "pki/revoke" endpoint. However, when lease generation is disabled, invoking "pki/revoke" would be the only way to add the certificates to the CRL. When large number of certificates are generated with long lifetimes, it is recommended that lease generation be disabled, as large amount of leases adversely affect the startup time of Vault. * @type {boolean} * @memberof PkiWriteRoleRequest */ generateLease?: boolean; /** * Reference to the issuer used to sign requests serviced by this role. * @type {string} * @memberof PkiWriteRoleRequest */ issuerRef?: string; /** * The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519. * @type {number} * @memberof PkiWriteRoleRequest */ keyBits?: number; /** * The type of key to use; defaults to RSA. "rsa" "ec", "ed25519" and "any" are the only valid values. * @type {string} * @memberof PkiWriteRoleRequest */ keyType?: PkiWriteRoleRequestKeyTypeEnum; /** * A comma-separated string or list of key usages (not extended key usages). Valid values can be found at https://golang.org/pkg/crypto/x509/#KeyUsage -- simply drop the "KeyUsage" part of the name. To remove all key usages from being set, set this value to an empty list. See also RFC 5280 Section 4.2.1.3. * @type {Array} * @memberof PkiWriteRoleRequest */ keyUsage?: Array; /** * If set, Locality will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ locality?: Array; /** * The maximum allowed lease duration. If not set, defaults to the system maximum lease TTL. * @type {string} * @memberof PkiWriteRoleRequest */ maxTtl?: string; /** * If set, certificates issued/signed against this role will not be stored in the storage backend. This can improve performance when issuing large numbers of certificates. However, certificates issued in this way cannot be enumerated or revoked, so this option is recommended only for certificates that are non-sensitive, or extremely short-lived. This option implies a value of "false" for "generate_lease". * @type {boolean} * @memberof PkiWriteRoleRequest */ noStore?: boolean; /** * If set, if a client attempts to issue or sign a certificate with attached cert_metadata to store, the issuance / signing instead fails. * @type {boolean} * @memberof PkiWriteRoleRequest */ noStoreMetadata?: boolean; /** * Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ. * @type {string} * @memberof PkiWriteRoleRequest */ notAfter?: string; /** * The duration before now which the certificate needs to be backdated by. * @type {string} * @memberof PkiWriteRoleRequest */ notBeforeDuration?: string; /** * If set, O (Organization) will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ organization?: Array; /** * If set, OU (OrganizationalUnit) will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ ou?: Array; /** * A comma-separated string or list of policy OIDs, or a JSON list of qualified policy information, which must include an oid, and may include a notice and/or cps url, using the form [{"oid"="1.3.6.1.4.1.7.8","notice"="I am a user Notice"}, {"oid"="1.3.6.1.4.1.44947.1.2.4 ","cps"="https://example.com"}]. * @type {Array} * @memberof PkiWriteRoleRequest */ policyIdentifiers?: Array; /** * If set, Postal Code will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ postalCode?: Array; /** * If set, Province will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ province?: Array; /** * If set to false, makes the 'common_name' field optional while generating a certificate. * @type {boolean} * @memberof PkiWriteRoleRequest */ requireCn?: boolean; /** * Source for the certificate subject serial number. If "json-csr" (default), the value from the JSON serial_number field is used, falling back to the value in the CSR if empty. If "json", the value from the serial_number JSON field is used, ignoring the value in the CSR. * @type {string} * @memberof PkiWriteRoleRequest */ serialNumberSource?: string; /** * If set, certificates are flagged for server auth use. Defaults to true. See also RFC 5280 Section 4.2.1.12. * @type {boolean} * @memberof PkiWriteRoleRequest */ serverFlag?: boolean; /** * The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. Defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves). * @type {number} * @memberof PkiWriteRoleRequest */ signatureBits?: number; /** * If set, Street Address will be set to this value in certificates issued by this role. * @type {Array} * @memberof PkiWriteRoleRequest */ streetAddress?: Array; /** * The lease duration (validity period of the certificate) if no specific lease duration is requested. The lease duration controls the expiration of certificates issued by this backend. Defaults to the system default value or the value of max_ttl, whichever is shorter. * @type {string} * @memberof PkiWriteRoleRequest */ ttl?: string; /** * If set, when used with a signing profile, the common name in the CSR will be used. This does *not* include any requested Subject Alternative Names; use use_csr_sans for that. Defaults to true. * @type {boolean} * @memberof PkiWriteRoleRequest */ useCsrCommonName?: boolean; /** * If set, when used with a signing profile, the SANs in the CSR will be used. This does *not* include the Common Name (cn); use use_csr_common_name for that. Defaults to true. * @type {boolean} * @memberof PkiWriteRoleRequest */ useCsrSans?: boolean; /** * Whether or not to use PSS signatures when using a RSA key-type issuer. Defaults to false. * @type {boolean} * @memberof PkiWriteRoleRequest */ usePss?: boolean; } /** * @export * @enum {string} */ export declare enum PkiWriteRoleRequestKeyTypeEnum { RSA = "rsa", EC = "ec", ED25519 = "ed25519", ANY = "any" } /** * Check if a given object implements the PkiWriteRoleRequest interface. */ export declare function instanceOfPkiWriteRoleRequest(value: object): value is PkiWriteRoleRequest; export declare function PkiWriteRoleRequestFromJSON(json: any): PkiWriteRoleRequest; export declare function PkiWriteRoleRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): PkiWriteRoleRequest; export declare function PkiWriteRoleRequestToJSON(json: any): PkiWriteRoleRequest; export declare function PkiWriteRoleRequestToJSONTyped(value?: PkiWriteRoleRequest | null, ignoreDiscriminator?: boolean): any;