com.pulumi.gcp.certificateauthority.kotlin.Authority.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.certificateauthority.kotlin
import com.pulumi.core.Output
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityAccessUrl
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityConfig
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityKeySpec
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthoritySubordinateConfig
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityAccessUrl.Companion.toKotlin as authorityAccessUrlToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityConfig.Companion.toKotlin as authorityConfigToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthorityKeySpec.Companion.toKotlin as authorityKeySpecToKotlin
import com.pulumi.gcp.certificateauthority.kotlin.outputs.AuthoritySubordinateConfig.Companion.toKotlin as authoritySubordinateConfigToKotlin
/**
* Builder for [Authority].
*/
@PulumiTagMarker
public class AuthorityResourceBuilder internal constructor() {
public var name: String? = null
public var args: AuthorityArgs = AuthorityArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AuthorityArgsBuilder.() -> Unit) {
val builder = AuthorityArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): Authority {
val builtJavaResource = com.pulumi.gcp.certificateauthority.Authority(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return Authority(builtJavaResource)
}
}
/**
* A CertificateAuthority represents an individual Certificate Authority. A
* CertificateAuthority can be used to create Certificates.
* To get more information about CertificateAuthority, see:
* * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/certificate-authority-service)
* > **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`
* (and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.
* It is recommended to not set this field (or set it to true) until you're ready to destroy.
* ## Example Usage
* ### Privateca Certificate Authority Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: true,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority",
* location="us-central1",
* deletion_protection=True,
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=10,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* content_commitment=True,
* key_encipherment=False,
* data_encipherment=True,
* key_agreement=True,
* cert_sign=True,
* crl_sign=True,
* decipher_only=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* client_auth=False,
* email_protection=True,
* code_signing=True,
* time_stamping=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority",
* Location = "us-central1",
* DeletionProtection = true,
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = true,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority")
* .location("us-central1")
* .deletionProtection("true")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(true)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority
* location: us-central1
* deletionProtection: 'true'
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: true
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* lifetime: 86400s
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* ```
*
* ### Privateca Certificate Authority Subordinate
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const root_ca = new gcp.certificateauthority.Authority("root-ca", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority-root",
* location: "us-central1",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority-sub",
* location: "us-central1",
* deletionProtection: true,
* subordinateConfig: {
* certificateAuthority: root_ca.name,
* },
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-subordinate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 0,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: true,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* type: "SUBORDINATE",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* root_ca = gcp.certificateauthority.Authority("root-ca",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority-root",
* location="us-central1",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority-sub",
* location="us-central1",
* deletion_protection=True,
* subordinate_config=gcp.certificateauthority.AuthoritySubordinateConfigArgs(
* certificate_authority=root_ca.name,
* ),
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-subordinate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=0,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* content_commitment=True,
* key_encipherment=False,
* data_encipherment=True,
* key_agreement=True,
* cert_sign=True,
* crl_sign=True,
* decipher_only=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* client_auth=False,
* email_protection=True,
* code_signing=True,
* time_stamping=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* type="SUBORDINATE")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var root_ca = new Gcp.CertificateAuthority.Authority("root-ca", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority-root",
* Location = "us-central1",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority-sub",
* Location = "us-central1",
* DeletionProtection = true,
* SubordinateConfig = new Gcp.CertificateAuthority.Inputs.AuthoritySubordinateConfigArgs
* {
* CertificateAuthority = root_ca.Name,
* },
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-subordinate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 0,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = true,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* Type = "SUBORDINATE",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewAuthority(ctx, "root-ca", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority-root"),
* Location: pulumi.String("us-central1"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority-sub"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* SubordinateConfig: &certificateauthority.AuthoritySubordinateConfigArgs{
* CertificateAuthority: root_ca.Name,
* },
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-subordinate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(0),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* Type: pulumi.String("SUBORDINATE"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthoritySubordinateConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var root_ca = new Authority("root-ca", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority-root")
* .location("us-central1")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority-sub")
* .location("us-central1")
* .deletionProtection("true")
* .subordinateConfig(AuthoritySubordinateConfigArgs.builder()
* .certificateAuthority(root_ca.name())
* .build())
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-subordinate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(0)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(true)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .type("SUBORDINATE")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* root-ca:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority-root
* location: us-central1
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority-sub
* location: us-central1
* deletionProtection: 'true'
* subordinateConfig:
* certificateAuthority: ${["root-ca"].name}
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-subordinate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 0
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: true
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* lifetime: 86400s
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* type: SUBORDINATE
* ```
*
* ### Privateca Certificate Authority Byo Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const privatecaSa = new gcp.projects.ServiceIdentity("privateca_sa", {service: "privateca.googleapis.com"});
* const privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", {
* cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role: "roles/cloudkms.signerVerifier",
* member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
* });
* const privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", {
* cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role: "roles/viewer",
* member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
* });
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* keySpec: {
* cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* config: {
* subjectConfig: {
* subject: {
* organization: "Example, Org.",
* commonName: "Example Authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* nameConstraints: {
* critical: true,
* permittedDnsNames: ["*.example.com"],
* excludedDnsNames: ["*.deny.example.com"],
* permittedIpRanges: ["10.0.0.0/8"],
* excludedIpRanges: ["10.1.1.0/24"],
* permittedEmailAddresses: [".example.com"],
* excludedEmailAddresses: [".deny.example.com"],
* permittedUris: [".example.com"],
* excludedUris: [".deny.example.com"],
* },
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* privateca_sa = gcp.projects.ServiceIdentity("privateca_sa", service="privateca.googleapis.com")
* privateca_sa_keyuser_signerverifier = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier",
* crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role="roles/cloudkms.signerVerifier",
* member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
* privateca_sa_keyuser_viewer = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer",
* crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role="roles/viewer",
* member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority",
* location="us-central1",
* deletion_protection=True,
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* ),
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="Example, Org.",
* common_name="Example Authority",
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=10,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* name_constraints=gcp.certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs(
* critical=True,
* permitted_dns_names=["*.example.com"],
* excluded_dns_names=["*.deny.example.com"],
* permitted_ip_ranges=["10.0.0.0/8"],
* excluded_ip_ranges=["10.1.1.0/24"],
* permitted_email_addresses=[".example.com"],
* excluded_email_addresses=[".deny.example.com"],
* permitted_uris=[".example.com"],
* excluded_uris=[".deny.example.com"],
* ),
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var privatecaSa = new Gcp.Projects.ServiceIdentity("privateca_sa", new()
* {
* Service = "privateca.googleapis.com",
* });
* var privatecaSaKeyuserSignerverifier = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", new()
* {
* CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* Role = "roles/cloudkms.signerVerifier",
* Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
* });
* var privatecaSaKeyuserViewer = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", new()
* {
* CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* Role = "roles/viewer",
* Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
* });
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority",
* Location = "us-central1",
* DeletionProtection = true,
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "Example, Org.",
* CommonName = "Example Authority",
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* NameConstraints = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigNameConstraintsArgs
* {
* Critical = true,
* PermittedDnsNames = new[]
* {
* "*.example.com",
* },
* ExcludedDnsNames = new[]
* {
* "*.deny.example.com",
* },
* PermittedIpRanges = new[]
* {
* "10.0.0.0/8",
* },
* ExcludedIpRanges = new[]
* {
* "10.1.1.0/24",
* },
* PermittedEmailAddresses = new[]
* {
* ".example.com",
* },
* ExcludedEmailAddresses = new[]
* {
* ".deny.example.com",
* },
* PermittedUris = new[]
* {
* ".example.com",
* },
* ExcludedUris = new[]
* {
* ".deny.example.com",
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* privatecaSa, err := projects.NewServiceIdentity(ctx, "privateca_sa", &projects.ServiceIdentityArgs{
* Service: pulumi.String("privateca.googleapis.com"),
* })
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_signerverifier", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
* Role: pulumi.String("roles/cloudkms.signerVerifier"),
* Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
* return fmt.Sprintf("serviceAccount:%v", email), nil
* }).(pulumi.StringOutput),
* })
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_viewer", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
* Role: pulumi.String("roles/viewer"),
* Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
* return fmt.Sprintf("serviceAccount:%v", email), nil
* }).(pulumi.StringOutput),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
* },
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("Example, Org."),
* CommonName: pulumi.String("Example Authority"),
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* NameConstraints: &certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs{
* Critical: pulumi.Bool(true),
* PermittedDnsNames: pulumi.StringArray{
* pulumi.String("*.example.com"),
* },
* ExcludedDnsNames: pulumi.StringArray{
* pulumi.String("*.deny.example.com"),
* },
* PermittedIpRanges: pulumi.StringArray{
* pulumi.String("10.0.0.0/8"),
* },
* ExcludedIpRanges: pulumi.StringArray{
* pulumi.String("10.1.1.0/24"),
* },
* PermittedEmailAddresses: pulumi.StringArray{
* pulumi.String(".example.com"),
* },
* ExcludedEmailAddresses: pulumi.StringArray{
* pulumi.String(".deny.example.com"),
* },
* PermittedUris: pulumi.StringArray{
* pulumi.String(".example.com"),
* },
* ExcludedUris: pulumi.StringArray{
* pulumi.String(".deny.example.com"),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.projects.ServiceIdentity;
* import com.pulumi.gcp.projects.ServiceIdentityArgs;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigNameConstraintsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var privatecaSa = new ServiceIdentity("privatecaSa", ServiceIdentityArgs.builder()
* .service("privateca.googleapis.com")
* .build());
* var privatecaSaKeyuserSignerverifier = new CryptoKeyIAMMember("privatecaSaKeyuserSignerverifier", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
* .role("roles/cloudkms.signerVerifier")
* .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
* .build());
* var privatecaSaKeyuserViewer = new CryptoKeyIAMMember("privatecaSaKeyuserViewer", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
* .role("roles/viewer")
* .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
* .build());
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority")
* .location("us-central1")
* .deletionProtection("true")
* .keySpec(AuthorityKeySpecArgs.builder()
* .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
* .build())
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("Example, Org.")
* .commonName("Example Authority")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .nameConstraints(AuthorityConfigX509ConfigNameConstraintsArgs.builder()
* .critical(true)
* .permittedDnsNames("*.example.com")
* .excludedDnsNames("*.deny.example.com")
* .permittedIpRanges("10.0.0.0/8")
* .excludedIpRanges("10.1.1.0/24")
* .permittedEmailAddresses(".example.com")
* .excludedEmailAddresses(".deny.example.com")
* .permittedUris(".example.com")
* .excludedUris(".deny.example.com")
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* privatecaSa:
* type: gcp:projects:ServiceIdentity
* name: privateca_sa
* properties:
* service: privateca.googleapis.com
* privatecaSaKeyuserSignerverifier:
* type: gcp:kms:CryptoKeyIAMMember
* name: privateca_sa_keyuser_signerverifier
* properties:
* cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
* role: roles/cloudkms.signerVerifier
* member: serviceAccount:${privatecaSa.email}
* privatecaSaKeyuserViewer:
* type: gcp:kms:CryptoKeyIAMMember
* name: privateca_sa_keyuser_viewer
* properties:
* cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
* role: roles/viewer
* member: serviceAccount:${privatecaSa.email}
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority
* location: us-central1
* deletionProtection: 'true'
* keySpec:
* cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
* config:
* subjectConfig:
* subject:
* organization: Example, Org.
* commonName: Example Authority
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* nameConstraints:
* critical: true
* permittedDnsNames:
* - '*.example.com'
* excludedDnsNames:
* - '*.deny.example.com'
* permittedIpRanges:
* - 10.0.0.0/8
* excludedIpRanges:
* - 10.1.1.0/24
* permittedEmailAddresses:
* - .example.com
* excludedEmailAddresses:
* - .deny.example.com
* permittedUris:
* - .example.com
* excludedUris:
* - .deny.example.com
* ```
*
* ### Privateca Certificate Authority Custom Ski
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* subjectKeyId: {
* keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: true,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority",
* location="us-central1",
* deletion_protection=True,
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
* key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=10,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* content_commitment=True,
* key_encipherment=False,
* data_encipherment=True,
* key_agreement=True,
* cert_sign=True,
* crl_sign=True,
* decipher_only=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* client_auth=False,
* email_protection=True,
* code_signing=True,
* time_stamping=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority",
* Location = "us-central1",
* DeletionProtection = true,
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* SubjectKeyId = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectKeyIdArgs
* {
* KeyId = "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = true,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* SubjectKeyId: &certificateauthority.AuthorityConfigSubjectKeyIdArgs{
* KeyId: pulumi.String("4cf3372289b1d411b999dbb9ebcd44744b6b2fca"),
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectKeyIdArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority")
* .location("us-central1")
* .deletionProtection("true")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .subjectKeyId(AuthorityConfigSubjectKeyIdArgs.builder()
* .keyId("4cf3372289b1d411b999dbb9ebcd44744b6b2fca")
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(true)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority
* location: us-central1
* deletionProtection: 'true'
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* subjectKeyId:
* keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: true
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* lifetime: 86400s
* keySpec:
* cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
* ```
*
* ## Import
* CertificateAuthority can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`
* * `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`
* * `{{location}}/{{pool}}/{{certificate_authority_id}}`
* When using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}
* ```
*/
public class Authority internal constructor(
override val javaResource: com.pulumi.gcp.certificateauthority.Authority,
) : KotlinCustomResource(javaResource, AuthorityMapper) {
/**
* URLs for accessing content published by this CA, such as the CA certificate and CRLs.
* Structure is documented below.
*/
public val accessUrls: Output>
get() = javaResource.accessUrls().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
authorityAccessUrlToKotlin(args0)
})
})
})
/**
* The user provided Resource ID for this Certificate Authority.
*/
public val certificateAuthorityId: Output
get() = javaResource.certificateAuthorityId().applyValue({ args0 -> args0 })
/**
* The config used to create a self-signed X.509 certificate or CSR.
* Structure is documented below.
*/
public val config: Output
get() = javaResource.config().applyValue({ args0 ->
args0.let({ args0 ->
authorityConfigToKotlin(args0)
})
})
/**
* The time at which this CertificateAuthority was created.
* A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
* fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
*/
public val createTime: Output
get() = javaResource.createTime().applyValue({ args0 -> args0 })
public val deletionProtection: Output?
get() = javaResource.deletionProtection().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
*/
public val desiredState: Output?
get() = javaResource.desiredState().applyValue({ args0 ->
args0.map({ args0 ->
args0
}).orElse(null)
})
/**
* All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
*/
public val effectiveLabels: Output
© 2015 - 2024 Weber Informatics LLC | Privacy Policy