All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.certificateauthority.kotlin.Authority.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.certificateauthority.kotlin

import com.pulumi.core.Output
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityAccessUrl
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityConfig
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityKeySpec
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthoritySubordinateConfig
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityAccessUrl.Companion.toKotlin as authorityAccessUrlToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityConfig.Companion.toKotlin as authorityConfigToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityKeySpec.Companion.toKotlin as authorityKeySpecToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthoritySubordinateConfig.Companion.toKotlin as authoritySubordinateConfigToKotlin

/**
 * Builder for [Authority].
 */
@PulumiTagMarker
public class AuthorityResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: AuthorityArgs = AuthorityArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend AuthorityArgsBuilder.() -> Unit) {
        val builder = AuthorityArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): Authority {
        val builtJavaResource = com.pulumi.gcp.certificateauthority.Authority(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return Authority(builtJavaResource)
    }
}

/**
 * A CertificateAuthority represents an individual Certificate Authority. A
 * CertificateAuthority can be used to create Certificates.
 * To get more information about CertificateAuthority, see:
 * * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
 * * How-to Guides
 *     * [Official Documentation](https://cloud.google.com/certificate-authority-service)
 * > **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`
 * (and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.
 * It is recommended to not set this field (or set it to true) until you're ready to destroy.
 * ## Example Usage
 * ### Privateca Certificate Authority Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-certificate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 10,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     digitalSignature: true,
 *                     contentCommitment: true,
 *                     keyEncipherment: false,
 *                     dataEncipherment: true,
 *                     keyAgreement: true,
 *                     certSign: true,
 *                     crlSign: true,
 *                     decipherOnly: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                     clientAuth: false,
 *                     emailProtection: true,
 *                     codeSigning: true,
 *                     timeStamping: true,
 *                 },
 *             },
 *         },
 *     },
 *     lifetime: "86400s",
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority",
 *     location="us-central1",
 *     deletion_protection=True,
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-certificate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=10,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     digital_signature=True,
 *                     content_commitment=True,
 *                     key_encipherment=False,
 *                     data_encipherment=True,
 *                     key_agreement=True,
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                     decipher_only=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                     client_auth=False,
 *                     email_protection=True,
 *                     code_signing=True,
 *                     time_stamping=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     lifetime="86400s",
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 10,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         DigitalSignature = true,
 *                         ContentCommitment = true,
 *                         KeyEncipherment = false,
 *                         DataEncipherment = true,
 *                         KeyAgreement = true,
 *                         CertSign = true,
 *                         CrlSign = true,
 *                         DecipherOnly = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                         ClientAuth = false,
 *                         EmailProtection = true,
 *                         CodeSigning = true,
 *                         TimeStamping = true,
 *                     },
 *                 },
 *             },
 *         },
 *         Lifetime = "86400s",
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(10),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							DigitalSignature:  pulumi.Bool(true),
 * 							ContentCommitment: pulumi.Bool(true),
 * 							KeyEncipherment:   pulumi.Bool(false),
 * 							DataEncipherment:  pulumi.Bool(true),
 * 							KeyAgreement:      pulumi.Bool(true),
 * 							CertSign:          pulumi.Bool(true),
 * 							CrlSign:           pulumi.Bool(true),
 * 							DecipherOnly:      pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth:      pulumi.Bool(true),
 * 							ClientAuth:      pulumi.Bool(false),
 * 							EmailProtection: pulumi.Bool(true),
 * 							CodeSigning:     pulumi.Bool(true),
 * 							TimeStamping:    pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Lifetime: pulumi.String("86400s"),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(10)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .digitalSignature(true)
 *                             .contentCommitment(true)
 *                             .keyEncipherment(false)
 *                             .dataEncipherment(true)
 *                             .keyAgreement(true)
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .decipherOnly(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .clientAuth(false)
 *                             .emailProtection(true)
 *                             .codeSigning(true)
 *                             .timeStamping(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .lifetime("86400s")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority
 *       location: us-central1
 *       deletionProtection: 'true'
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-certificate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 10
 *           keyUsage:
 *             baseKeyUsage:
 *               digitalSignature: true
 *               contentCommitment: true
 *               keyEncipherment: false
 *               dataEncipherment: true
 *               keyAgreement: true
 *               certSign: true
 *               crlSign: true
 *               decipherOnly: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *               clientAuth: false
 *               emailProtection: true
 *               codeSigning: true
 *               timeStamping: true
 *       lifetime: 86400s
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 * ```
 * 
 * ### Privateca Certificate Authority Subordinate
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const root_ca = new gcp.certificateauthority.Authority("root-ca", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority-root",
 *     location: "us-central1",
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-certificate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     certSign: true,
 *                     crlSign: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: false,
 *                 },
 *             },
 *         },
 *     },
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 *     deletionProtection: false,
 *     skipGracePeriod: true,
 *     ignoreActiveCertificatesOnDeletion: true,
 * });
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority-sub",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     subordinateConfig: {
 *         certificateAuthority: root_ca.name,
 *     },
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-subordinate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 0,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     digitalSignature: true,
 *                     contentCommitment: true,
 *                     keyEncipherment: false,
 *                     dataEncipherment: true,
 *                     keyAgreement: true,
 *                     certSign: true,
 *                     crlSign: true,
 *                     decipherOnly: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                     clientAuth: false,
 *                     emailProtection: true,
 *                     codeSigning: true,
 *                     timeStamping: true,
 *                 },
 *             },
 *         },
 *     },
 *     lifetime: "86400s",
 *     keySpec: {
 *         algorithm: "RSA_PKCS1_4096_SHA256",
 *     },
 *     type: "SUBORDINATE",
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * root_ca = gcp.certificateauthority.Authority("root-ca",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority-root",
 *     location="us-central1",
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-certificate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=False,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ),
 *     deletion_protection=False,
 *     skip_grace_period=True,
 *     ignore_active_certificates_on_deletion=True)
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority-sub",
 *     location="us-central1",
 *     deletion_protection=True,
 *     subordinate_config=gcp.certificateauthority.AuthoritySubordinateConfigArgs(
 *         certificate_authority=root_ca.name,
 *     ),
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-subordinate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=0,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     digital_signature=True,
 *                     content_commitment=True,
 *                     key_encipherment=False,
 *                     data_encipherment=True,
 *                     key_agreement=True,
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                     decipher_only=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                     client_auth=False,
 *                     email_protection=True,
 *                     code_signing=True,
 *                     time_stamping=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     lifetime="86400s",
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         algorithm="RSA_PKCS1_4096_SHA256",
 *     ),
 *     type="SUBORDINATE")
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var root_ca = new Gcp.CertificateAuthority.Authority("root-ca", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority-root",
 *         Location = "us-central1",
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         CertSign = true,
 *                         CrlSign = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = false,
 *                     },
 *                 },
 *             },
 *         },
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *         DeletionProtection = false,
 *         SkipGracePeriod = true,
 *         IgnoreActiveCertificatesOnDeletion = true,
 *     });
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority-sub",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         SubordinateConfig = new Gcp.CertificateAuthority.Inputs.AuthoritySubordinateConfigArgs
 *         {
 *             CertificateAuthority = root_ca.Name,
 *         },
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-subordinate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 0,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         DigitalSignature = true,
 *                         ContentCommitment = true,
 *                         KeyEncipherment = false,
 *                         DataEncipherment = true,
 *                         KeyAgreement = true,
 *                         CertSign = true,
 *                         CrlSign = true,
 *                         DecipherOnly = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                         ClientAuth = false,
 *                         EmailProtection = true,
 *                         CodeSigning = true,
 *                         TimeStamping = true,
 *                     },
 *                 },
 *             },
 *         },
 *         Lifetime = "86400s",
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             Algorithm = "RSA_PKCS1_4096_SHA256",
 *         },
 *         Type = "SUBORDINATE",
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := certificateauthority.NewAuthority(ctx, "root-ca", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority-root"),
 * 			Location:               pulumi.String("us-central1"),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa: pulumi.Bool(true),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							CertSign: pulumi.Bool(true),
 * 							CrlSign:  pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth: pulumi.Bool(false),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 			DeletionProtection:                 pulumi.Bool(false),
 * 			SkipGracePeriod:                    pulumi.Bool(true),
 * 			IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority-sub"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			SubordinateConfig: &certificateauthority.AuthoritySubordinateConfigArgs{
 * 				CertificateAuthority: root_ca.Name,
 * 			},
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-subordinate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(0),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							DigitalSignature:  pulumi.Bool(true),
 * 							ContentCommitment: pulumi.Bool(true),
 * 							KeyEncipherment:   pulumi.Bool(false),
 * 							DataEncipherment:  pulumi.Bool(true),
 * 							KeyAgreement:      pulumi.Bool(true),
 * 							CertSign:          pulumi.Bool(true),
 * 							CrlSign:           pulumi.Bool(true),
 * 							DecipherOnly:      pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth:      pulumi.Bool(true),
 * 							ClientAuth:      pulumi.Bool(false),
 * 							EmailProtection: pulumi.Bool(true),
 * 							CodeSigning:     pulumi.Bool(true),
 * 							TimeStamping:    pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Lifetime: pulumi.String("86400s"),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
 * 			},
 * 			Type: pulumi.String("SUBORDINATE"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthoritySubordinateConfigArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var root_ca = new Authority("root-ca", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority-root")
 *             .location("us-central1")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(false)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .deletionProtection(false)
 *             .skipGracePeriod(true)
 *             .ignoreActiveCertificatesOnDeletion(true)
 *             .build());
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority-sub")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .subordinateConfig(AuthoritySubordinateConfigArgs.builder()
 *                 .certificateAuthority(root_ca.name())
 *                 .build())
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-subordinate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(0)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .digitalSignature(true)
 *                             .contentCommitment(true)
 *                             .keyEncipherment(false)
 *                             .dataEncipherment(true)
 *                             .keyAgreement(true)
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .decipherOnly(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .clientAuth(false)
 *                             .emailProtection(true)
 *                             .codeSigning(true)
 *                             .timeStamping(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .lifetime("86400s")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .algorithm("RSA_PKCS1_4096_SHA256")
 *                 .build())
 *             .type("SUBORDINATE")
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   root-ca:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority-root
 *       location: us-central1
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-certificate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *           keyUsage:
 *             baseKeyUsage:
 *               certSign: true
 *               crlSign: true
 *             extendedKeyUsage:
 *               serverAuth: false
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 *       deletionProtection: false
 *       skipGracePeriod: true
 *       ignoreActiveCertificatesOnDeletion: true
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority-sub
 *       location: us-central1
 *       deletionProtection: 'true'
 *       subordinateConfig:
 *         certificateAuthority: ${["root-ca"].name}
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-subordinate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 0
 *           keyUsage:
 *             baseKeyUsage:
 *               digitalSignature: true
 *               contentCommitment: true
 *               keyEncipherment: false
 *               dataEncipherment: true
 *               keyAgreement: true
 *               certSign: true
 *               crlSign: true
 *               decipherOnly: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *               clientAuth: false
 *               emailProtection: true
 *               codeSigning: true
 *               timeStamping: true
 *       lifetime: 86400s
 *       keySpec:
 *         algorithm: RSA_PKCS1_4096_SHA256
 *       type: SUBORDINATE
 * ```
 * 
 * ### Privateca Certificate Authority Byo Key
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const privatecaSa = new gcp.projects.ServiceIdentity("privateca_sa", {service: "privateca.googleapis.com"});
 * const privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", {
 *     cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role: "roles/cloudkms.signerVerifier",
 *     member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
 * });
 * const privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", {
 *     cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role: "roles/viewer",
 *     member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
 * });
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     keySpec: {
 *         cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     },
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "Example, Org.",
 *                 commonName: "Example Authority",
 *             },
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 10,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     certSign: true,
 *                     crlSign: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: false,
 *                 },
 *             },
 *             nameConstraints: {
 *                 critical: true,
 *                 permittedDnsNames: ["*.example.com"],
 *                 excludedDnsNames: ["*.deny.example.com"],
 *                 permittedIpRanges: ["10.0.0.0/8"],
 *                 excludedIpRanges: ["10.1.1.0/24"],
 *                 permittedEmailAddresses: [".example.com"],
 *                 excludedEmailAddresses: [".deny.example.com"],
 *                 permittedUris: [".example.com"],
 *                 excludedUris: [".deny.example.com"],
 *             },
 *         },
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * privateca_sa = gcp.projects.ServiceIdentity("privateca_sa", service="privateca.googleapis.com")
 * privateca_sa_keyuser_signerverifier = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier",
 *     crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role="roles/cloudkms.signerVerifier",
 *     member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
 * privateca_sa_keyuser_viewer = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer",
 *     crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *     role="roles/viewer",
 *     member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority",
 *     location="us-central1",
 *     deletion_protection=True,
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     ),
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="Example, Org.",
 *                 common_name="Example Authority",
 *             ),
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=10,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=False,
 *                 ),
 *             ),
 *             name_constraints=gcp.certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs(
 *                 critical=True,
 *                 permitted_dns_names=["*.example.com"],
 *                 excluded_dns_names=["*.deny.example.com"],
 *                 permitted_ip_ranges=["10.0.0.0/8"],
 *                 excluded_ip_ranges=["10.1.1.0/24"],
 *                 permitted_email_addresses=[".example.com"],
 *                 excluded_email_addresses=[".deny.example.com"],
 *                 permitted_uris=[".example.com"],
 *                 excluded_uris=[".deny.example.com"],
 *             ),
 *         ),
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var privatecaSa = new Gcp.Projects.ServiceIdentity("privateca_sa", new()
 *     {
 *         Service = "privateca.googleapis.com",
 *     });
 *     var privatecaSaKeyuserSignerverifier = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", new()
 *     {
 *         CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *         Role = "roles/cloudkms.signerVerifier",
 *         Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
 *     });
 *     var privatecaSaKeyuserViewer = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", new()
 *     {
 *         CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
 *         Role = "roles/viewer",
 *         Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
 *     });
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *         },
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "Example, Org.",
 *                     CommonName = "Example Authority",
 *                 },
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 10,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         CertSign = true,
 *                         CrlSign = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = false,
 *                     },
 *                 },
 *                 NameConstraints = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigNameConstraintsArgs
 *                 {
 *                     Critical = true,
 *                     PermittedDnsNames = new[]
 *                     {
 *                         "*.example.com",
 *                     },
 *                     ExcludedDnsNames = new[]
 *                     {
 *                         "*.deny.example.com",
 *                     },
 *                     PermittedIpRanges = new[]
 *                     {
 *                         "10.0.0.0/8",
 *                     },
 *                     ExcludedIpRanges = new[]
 *                     {
 *                         "10.1.1.0/24",
 *                     },
 *                     PermittedEmailAddresses = new[]
 *                     {
 *                         ".example.com",
 *                     },
 *                     ExcludedEmailAddresses = new[]
 *                     {
 *                         ".deny.example.com",
 *                     },
 *                     PermittedUris = new[]
 *                     {
 *                         ".example.com",
 *                     },
 *                     ExcludedUris = new[]
 *                     {
 *                         ".deny.example.com",
 *                     },
 *                 },
 *             },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"fmt"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		privatecaSa, err := projects.NewServiceIdentity(ctx, "privateca_sa", &projects.ServiceIdentityArgs{
 * 			Service: pulumi.String("privateca.googleapis.com"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_signerverifier", &kms.CryptoKeyIAMMemberArgs{
 * 			CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
 * 			Role:        pulumi.String("roles/cloudkms.signerVerifier"),
 * 			Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
 * 				return fmt.Sprintf("serviceAccount:%v", email), nil
 * 			}).(pulumi.StringOutput),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_viewer", &kms.CryptoKeyIAMMemberArgs{
 * 			CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
 * 			Role:        pulumi.String("roles/viewer"),
 * 			Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
 * 				return fmt.Sprintf("serviceAccount:%v", email), nil
 * 			}).(pulumi.StringOutput),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
 * 			},
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("Example, Org."),
 * 						CommonName:   pulumi.String("Example Authority"),
 * 					},
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(10),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							CertSign: pulumi.Bool(true),
 * 							CrlSign:  pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth: pulumi.Bool(false),
 * 						},
 * 					},
 * 					NameConstraints: &certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs{
 * 						Critical: pulumi.Bool(true),
 * 						PermittedDnsNames: pulumi.StringArray{
 * 							pulumi.String("*.example.com"),
 * 						},
 * 						ExcludedDnsNames: pulumi.StringArray{
 * 							pulumi.String("*.deny.example.com"),
 * 						},
 * 						PermittedIpRanges: pulumi.StringArray{
 * 							pulumi.String("10.0.0.0/8"),
 * 						},
 * 						ExcludedIpRanges: pulumi.StringArray{
 * 							pulumi.String("10.1.1.0/24"),
 * 						},
 * 						PermittedEmailAddresses: pulumi.StringArray{
 * 							pulumi.String(".example.com"),
 * 						},
 * 						ExcludedEmailAddresses: pulumi.StringArray{
 * 							pulumi.String(".deny.example.com"),
 * 						},
 * 						PermittedUris: pulumi.StringArray{
 * 							pulumi.String(".example.com"),
 * 						},
 * 						ExcludedUris: pulumi.StringArray{
 * 							pulumi.String(".deny.example.com"),
 * 						},
 * 					},
 * 				},
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.projects.ServiceIdentity;
 * import com.pulumi.gcp.projects.ServiceIdentityArgs;
 * import com.pulumi.gcp.kms.CryptoKeyIAMMember;
 * import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigNameConstraintsArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var privatecaSa = new ServiceIdentity("privatecaSa", ServiceIdentityArgs.builder()
 *             .service("privateca.googleapis.com")
 *             .build());
 *         var privatecaSaKeyuserSignerverifier = new CryptoKeyIAMMember("privatecaSaKeyuserSignerverifier", CryptoKeyIAMMemberArgs.builder()
 *             .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
 *             .role("roles/cloudkms.signerVerifier")
 *             .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
 *             .build());
 *         var privatecaSaKeyuserViewer = new CryptoKeyIAMMember("privatecaSaKeyuserViewer", CryptoKeyIAMMemberArgs.builder()
 *             .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
 *             .role("roles/viewer")
 *             .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
 *             .build());
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
 *                 .build())
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("Example, Org.")
 *                         .commonName("Example Authority")
 *                         .build())
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(10)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(false)
 *                             .build())
 *                         .build())
 *                     .nameConstraints(AuthorityConfigX509ConfigNameConstraintsArgs.builder()
 *                         .critical(true)
 *                         .permittedDnsNames("*.example.com")
 *                         .excludedDnsNames("*.deny.example.com")
 *                         .permittedIpRanges("10.0.0.0/8")
 *                         .excludedIpRanges("10.1.1.0/24")
 *                         .permittedEmailAddresses(".example.com")
 *                         .excludedEmailAddresses(".deny.example.com")
 *                         .permittedUris(".example.com")
 *                         .excludedUris(".deny.example.com")
 *                         .build())
 *                     .build())
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   privatecaSa:
 *     type: gcp:projects:ServiceIdentity
 *     name: privateca_sa
 *     properties:
 *       service: privateca.googleapis.com
 *   privatecaSaKeyuserSignerverifier:
 *     type: gcp:kms:CryptoKeyIAMMember
 *     name: privateca_sa_keyuser_signerverifier
 *     properties:
 *       cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
 *       role: roles/cloudkms.signerVerifier
 *       member: serviceAccount:${privatecaSa.email}
 *   privatecaSaKeyuserViewer:
 *     type: gcp:kms:CryptoKeyIAMMember
 *     name: privateca_sa_keyuser_viewer
 *     properties:
 *       cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
 *       role: roles/viewer
 *       member: serviceAccount:${privatecaSa.email}
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority
 *       location: us-central1
 *       deletionProtection: 'true'
 *       keySpec:
 *         cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: Example, Org.
 *             commonName: Example Authority
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 10
 *           keyUsage:
 *             baseKeyUsage:
 *               certSign: true
 *               crlSign: true
 *             extendedKeyUsage:
 *               serverAuth: false
 *           nameConstraints:
 *             critical: true
 *             permittedDnsNames:
 *               - '*.example.com'
 *             excludedDnsNames:
 *               - '*.deny.example.com'
 *             permittedIpRanges:
 *               - 10.0.0.0/8
 *             excludedIpRanges:
 *               - 10.1.1.0/24
 *             permittedEmailAddresses:
 *               - .example.com
 *             excludedEmailAddresses:
 *               - .deny.example.com
 *             permittedUris:
 *               - .example.com
 *             excludedUris:
 *               - .deny.example.com
 * ```
 * 
 * ### Privateca Certificate Authority Custom Ski
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const _default = new gcp.certificateauthority.Authority("default", {
 *     pool: "ca-pool",
 *     certificateAuthorityId: "my-certificate-authority",
 *     location: "us-central1",
 *     deletionProtection: true,
 *     config: {
 *         subjectConfig: {
 *             subject: {
 *                 organization: "HashiCorp",
 *                 commonName: "my-certificate-authority",
 *             },
 *             subjectAltName: {
 *                 dnsNames: ["hashicorp.com"],
 *             },
 *         },
 *         subjectKeyId: {
 *             keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
 *         },
 *         x509Config: {
 *             caOptions: {
 *                 isCa: true,
 *                 maxIssuerPathLength: 10,
 *             },
 *             keyUsage: {
 *                 baseKeyUsage: {
 *                     digitalSignature: true,
 *                     contentCommitment: true,
 *                     keyEncipherment: false,
 *                     dataEncipherment: true,
 *                     keyAgreement: true,
 *                     certSign: true,
 *                     crlSign: true,
 *                     decipherOnly: true,
 *                 },
 *                 extendedKeyUsage: {
 *                     serverAuth: true,
 *                     clientAuth: false,
 *                     emailProtection: true,
 *                     codeSigning: true,
 *                     timeStamping: true,
 *                 },
 *             },
 *         },
 *     },
 *     lifetime: "86400s",
 *     keySpec: {
 *         cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * default = gcp.certificateauthority.Authority("default",
 *     pool="ca-pool",
 *     certificate_authority_id="my-certificate-authority",
 *     location="us-central1",
 *     deletion_protection=True,
 *     config=gcp.certificateauthority.AuthorityConfigArgs(
 *         subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
 *             subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
 *                 organization="HashiCorp",
 *                 common_name="my-certificate-authority",
 *             ),
 *             subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
 *                 dns_names=["hashicorp.com"],
 *             ),
 *         ),
 *         subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
 *             key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
 *         ),
 *         x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
 *             ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
 *                 is_ca=True,
 *                 max_issuer_path_length=10,
 *             ),
 *             key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
 *                 base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
 *                     digital_signature=True,
 *                     content_commitment=True,
 *                     key_encipherment=False,
 *                     data_encipherment=True,
 *                     key_agreement=True,
 *                     cert_sign=True,
 *                     crl_sign=True,
 *                     decipher_only=True,
 *                 ),
 *                 extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
 *                     server_auth=True,
 *                     client_auth=False,
 *                     email_protection=True,
 *                     code_signing=True,
 *                     time_stamping=True,
 *                 ),
 *             ),
 *         ),
 *     ),
 *     lifetime="86400s",
 *     key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
 *         cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *     ))
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var @default = new Gcp.CertificateAuthority.Authority("default", new()
 *     {
 *         Pool = "ca-pool",
 *         CertificateAuthorityId = "my-certificate-authority",
 *         Location = "us-central1",
 *         DeletionProtection = true,
 *         Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
 *         {
 *             SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
 *             {
 *                 Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
 *                 {
 *                     Organization = "HashiCorp",
 *                     CommonName = "my-certificate-authority",
 *                 },
 *                 SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
 *                 {
 *                     DnsNames = new[]
 *                     {
 *                         "hashicorp.com",
 *                     },
 *                 },
 *             },
 *             SubjectKeyId = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectKeyIdArgs
 *             {
 *                 KeyId = "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
 *             },
 *             X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
 *             {
 *                 CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
 *                 {
 *                     IsCa = true,
 *                     MaxIssuerPathLength = 10,
 *                 },
 *                 KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
 *                 {
 *                     BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
 *                     {
 *                         DigitalSignature = true,
 *                         ContentCommitment = true,
 *                         KeyEncipherment = false,
 *                         DataEncipherment = true,
 *                         KeyAgreement = true,
 *                         CertSign = true,
 *                         CrlSign = true,
 *                         DecipherOnly = true,
 *                     },
 *                     ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
 *                     {
 *                         ServerAuth = true,
 *                         ClientAuth = false,
 *                         EmailProtection = true,
 *                         CodeSigning = true,
 *                         TimeStamping = true,
 *                     },
 *                 },
 *             },
 *         },
 *         Lifetime = "86400s",
 *         KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
 *         {
 *             CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
 * 			Pool:                   pulumi.String("ca-pool"),
 * 			CertificateAuthorityId: pulumi.String("my-certificate-authority"),
 * 			Location:               pulumi.String("us-central1"),
 * 			DeletionProtection:     pulumi.Bool(true),
 * 			Config: &certificateauthority.AuthorityConfigArgs{
 * 				SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
 * 					Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
 * 						Organization: pulumi.String("HashiCorp"),
 * 						CommonName:   pulumi.String("my-certificate-authority"),
 * 					},
 * 					SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
 * 						DnsNames: pulumi.StringArray{
 * 							pulumi.String("hashicorp.com"),
 * 						},
 * 					},
 * 				},
 * 				SubjectKeyId: &certificateauthority.AuthorityConfigSubjectKeyIdArgs{
 * 					KeyId: pulumi.String("4cf3372289b1d411b999dbb9ebcd44744b6b2fca"),
 * 				},
 * 				X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
 * 					CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
 * 						IsCa:                pulumi.Bool(true),
 * 						MaxIssuerPathLength: pulumi.Int(10),
 * 					},
 * 					KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
 * 						BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
 * 							DigitalSignature:  pulumi.Bool(true),
 * 							ContentCommitment: pulumi.Bool(true),
 * 							KeyEncipherment:   pulumi.Bool(false),
 * 							DataEncipherment:  pulumi.Bool(true),
 * 							KeyAgreement:      pulumi.Bool(true),
 * 							CertSign:          pulumi.Bool(true),
 * 							CrlSign:           pulumi.Bool(true),
 * 							DecipherOnly:      pulumi.Bool(true),
 * 						},
 * 						ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
 * 							ServerAuth:      pulumi.Bool(true),
 * 							ClientAuth:      pulumi.Bool(false),
 * 							EmailProtection: pulumi.Bool(true),
 * 							CodeSigning:     pulumi.Bool(true),
 * 							TimeStamping:    pulumi.Bool(true),
 * 						},
 * 					},
 * 				},
 * 			},
 * 			Lifetime: pulumi.String("86400s"),
 * 			KeySpec: &certificateauthority.AuthorityKeySpecArgs{
 * 				CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.certificateauthority.Authority;
 * import com.pulumi.gcp.certificateauthority.AuthorityArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectKeyIdArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
 * import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var default_ = new Authority("default", AuthorityArgs.builder()
 *             .pool("ca-pool")
 *             .certificateAuthorityId("my-certificate-authority")
 *             .location("us-central1")
 *             .deletionProtection("true")
 *             .config(AuthorityConfigArgs.builder()
 *                 .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
 *                     .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
 *                         .organization("HashiCorp")
 *                         .commonName("my-certificate-authority")
 *                         .build())
 *                     .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
 *                         .dnsNames("hashicorp.com")
 *                         .build())
 *                     .build())
 *                 .subjectKeyId(AuthorityConfigSubjectKeyIdArgs.builder()
 *                     .keyId("4cf3372289b1d411b999dbb9ebcd44744b6b2fca")
 *                     .build())
 *                 .x509Config(AuthorityConfigX509ConfigArgs.builder()
 *                     .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
 *                         .isCa(true)
 *                         .maxIssuerPathLength(10)
 *                         .build())
 *                     .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
 *                         .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
 *                             .digitalSignature(true)
 *                             .contentCommitment(true)
 *                             .keyEncipherment(false)
 *                             .dataEncipherment(true)
 *                             .keyAgreement(true)
 *                             .certSign(true)
 *                             .crlSign(true)
 *                             .decipherOnly(true)
 *                             .build())
 *                         .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
 *                             .serverAuth(true)
 *                             .clientAuth(false)
 *                             .emailProtection(true)
 *                             .codeSigning(true)
 *                             .timeStamping(true)
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .build())
 *             .lifetime("86400s")
 *             .keySpec(AuthorityKeySpecArgs.builder()
 *                 .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   default:
 *     type: gcp:certificateauthority:Authority
 *     properties:
 *       pool: ca-pool
 *       certificateAuthorityId: my-certificate-authority
 *       location: us-central1
 *       deletionProtection: 'true'
 *       config:
 *         subjectConfig:
 *           subject:
 *             organization: HashiCorp
 *             commonName: my-certificate-authority
 *           subjectAltName:
 *             dnsNames:
 *               - hashicorp.com
 *         subjectKeyId:
 *           keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca
 *         x509Config:
 *           caOptions:
 *             isCa: true
 *             maxIssuerPathLength: 10
 *           keyUsage:
 *             baseKeyUsage:
 *               digitalSignature: true
 *               contentCommitment: true
 *               keyEncipherment: false
 *               dataEncipherment: true
 *               keyAgreement: true
 *               certSign: true
 *               crlSign: true
 *               decipherOnly: true
 *             extendedKeyUsage:
 *               serverAuth: true
 *               clientAuth: false
 *               emailProtection: true
 *               codeSigning: true
 *               timeStamping: true
 *       lifetime: 86400s
 *       keySpec:
 *         cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
 * ```
 * 
 * ## Import
 * CertificateAuthority can be imported using any of these accepted formats:
 * * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`
 * * `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`
 * * `{{location}}/{{pool}}/{{certificate_authority_id}}`
 * When using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:
 * ```sh
 * $ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}
 * ```
 * ```sh
 * $ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}
 * ```
 */
public class Authority internal constructor(
    override val javaResource: com.pulumi.gcp.certificateauthority.Authority,
) : KotlinCustomResource(javaResource, AuthorityMapper) {
    /**
     * URLs for accessing content published by this CA, such as the CA certificate and CRLs.
     * Structure is documented below.
     */
    public val accessUrls: Output>
        get() = javaResource.accessUrls().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 ->
                    authorityAccessUrlToKotlin(args0)
                })
            })
        })

    /**
     * The user provided Resource ID for this Certificate Authority.
     */
    public val certificateAuthorityId: Output
        get() = javaResource.certificateAuthorityId().applyValue({ args0 -> args0 })

    /**
     * The config used to create a self-signed X.509 certificate or CSR.
     * Structure is documented below.
     */
    public val config: Output
        get() = javaResource.config().applyValue({ args0 ->
            args0.let({ args0 ->
                authorityConfigToKotlin(args0)
            })
        })

    /**
     * The time at which this CertificateAuthority was created.
     * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
     * fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
     */
    public val createTime: Output
        get() = javaResource.createTime().applyValue({ args0 -> args0 })

    public val deletionProtection: Output?
        get() = javaResource.deletionProtection().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
     */
    public val desiredState: Output?
        get() = javaResource.desiredState().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
     */
    public val effectiveLabels: Output>
        get() = javaResource.effectiveLabels().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.key.to(args0.value)
            }).toMap()
        })

    /**
     * The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
     * CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
     * example, to use a bucket named my-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will
     * be created.
     */
    public val gcsBucket: Output?
        get() = javaResource.gcsBucket().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and
     * unexpired certs. Use with care. Defaults to 'false'.
     */
    public val ignoreActiveCertificatesOnDeletion: Output?
        get() = javaResource.ignoreActiveCertificatesOnDeletion().applyValue({ args0 ->
            args0.map({ args0 -> args0 }).orElse(null)
        })

    /**
     * Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority
     * is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA
     * certificate. Otherwise, it is used to sign a CSR.
     * Structure is documented below.
     */
    public val keySpec: Output
        get() = javaResource.keySpec().applyValue({ args0 ->
            args0.let({ args0 ->
                authorityKeySpecToKotlin(args0)
            })
        })

    /**
     * Labels with user-defined metadata. An object containing a list of "key": value pairs. Example: { "name": "wrench",
     * "mass": "1.3kg", "count": "3" }. **Note**: This field is non-authoritative, and will only manage the labels present in
     * your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
     */
    public val labels: Output>?
        get() = javaResource.labels().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 ->
                    args0.key.to(args0.value)
                }).toMap()
            }).orElse(null)
        })

    /**
     * The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509
     * certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
     */
    public val lifetime: Output?
        get() = javaResource.lifetime().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * Location of the CertificateAuthority. A full list of valid locations can be found by
     * running `gcloud privateca locations list`.
     */
    public val location: Output
        get() = javaResource.location().applyValue({ args0 -> args0 })

    /**
     * The resource name for this CertificateAuthority in the format
     * projects/*/locations/*/certificateAuthorities/*.
     * */*/*/
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with
     * a third party issuer.
     */
    public val pemCaCertificate: Output?
        get() = javaResource.pemCaCertificate().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * This CertificateAuthority's certificate chain, including the current
     * CertificateAuthority's certificate. Ordered such that the root issuer is the final
     * element (consistent with RFC 5246). For a self-signed CA, this will only list the current
     * CertificateAuthority's certificate.
     */
    public val pemCaCertificates: Output>
        get() = javaResource.pemCaCertificates().applyValue({ args0 -> args0.map({ args0 -> args0 }) })

    /**
     * The name of the CaPool this Certificate Authority belongs to.
     */
    public val pool: Output
        get() = javaResource.pool().applyValue({ args0 -> args0 })

    public val project: Output
        get() = javaResource.project().applyValue({ args0 -> args0 })

    /**
     * The combination of labels configured directly on the resource
     * and default labels configured on the provider.
     */
    public val pulumiLabels: Output>
        get() = javaResource.pulumiLabels().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.key.to(args0.value)
            }).toMap()
        })

    /**
     * If this flag is set, the Certificate Authority will be deleted as soon as possible without a 30-day grace period where
     * undeletion would have been allowed. If you proceed, there will be no way to recover this CA. Use with care. Defaults to
     * 'false'.
     */
    public val skipGracePeriod: Output?
        get() = javaResource.skipGracePeriod().applyValue({ args0 ->
            args0.map({ args0 ->
                args0
            }).orElse(null)
        })

    /**
     * The State for this CertificateAuthority.
     */
    public val state: Output
        get() = javaResource.state().applyValue({ args0 -> args0 })

    /**
     * If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
     * describes its issuers.
     */
    public val subordinateConfig: Output?
        get() = javaResource.subordinateConfig().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.let({ args0 -> authoritySubordinateConfigToKotlin(args0) })
            }).orElse(null)
        })

    /**
     * The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
     * before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
     */
    public val type: Output?
        get() = javaResource.type().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * The time at which this CertificateAuthority was updated.
     * A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
     * fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
     */
    public val updateTime: Output
        get() = javaResource.updateTime().applyValue({ args0 -> args0 })
}

public object AuthorityMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.gcp.certificateauthority.Authority::class == javaResource::class

    override fun map(javaResource: Resource): Authority = Authority(
        javaResource as
            com.pulumi.gcp.certificateauthority.Authority,
    )
}

/**
 * @see [Authority].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [Authority].
 */
public suspend fun authority(name: String, block: suspend AuthorityResourceBuilder.() -> Unit): Authority {
    val builder = AuthorityResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [Authority].
 * @param name The _unique_ name of the resulting resource.
 */
public fun authority(name: String): Authority {
    val builder = AuthorityResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy