com.pulumi.gcp.certificateauthority.kotlin.AuthorityArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.certificateauthority.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.certificateauthority.AuthorityArgs.builder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityConfigArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityConfigArgsBuilder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityKeySpecArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthorityKeySpecArgsBuilder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthoritySubordinateConfigArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.AuthoritySubordinateConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* A CertificateAuthority represents an individual Certificate Authority. A
* CertificateAuthority can be used to create Certificates.
* To get more information about CertificateAuthority, see:
* * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/certificate-authority-service)
* > **Warning:** On newer versions of the provider, you must explicitly set `deletion_protection=false`
* (and run `pulumi up` to write the field to state) in order to destroy a CertificateAuthority.
* It is recommended to not set this field (or set it to true) until you're ready to destroy.
* ## Example Usage
* ### Privateca Certificate Authority Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: true,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority",
* location="us-central1",
* deletion_protection=True,
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=10,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* content_commitment=True,
* key_encipherment=False,
* data_encipherment=True,
* key_agreement=True,
* cert_sign=True,
* crl_sign=True,
* decipher_only=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* client_auth=False,
* email_protection=True,
* code_signing=True,
* time_stamping=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority",
* Location = "us-central1",
* DeletionProtection = true,
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = true,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority")
* .location("us-central1")
* .deletionProtection("true")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(true)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority
* location: us-central1
* deletionProtection: 'true'
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: true
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* lifetime: 86400s
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* ```
*
* ### Privateca Certificate Authority Subordinate
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const root_ca = new gcp.certificateauthority.Authority("root-ca", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority-root",
* location: "us-central1",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority-sub",
* location: "us-central1",
* deletionProtection: true,
* subordinateConfig: {
* certificateAuthority: root_ca.name,
* },
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-subordinate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 0,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: true,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* type: "SUBORDINATE",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* root_ca = gcp.certificateauthority.Authority("root-ca",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority-root",
* location="us-central1",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority-sub",
* location="us-central1",
* deletion_protection=True,
* subordinate_config=gcp.certificateauthority.AuthoritySubordinateConfigArgs(
* certificate_authority=root_ca.name,
* ),
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-subordinate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=0,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* content_commitment=True,
* key_encipherment=False,
* data_encipherment=True,
* key_agreement=True,
* cert_sign=True,
* crl_sign=True,
* decipher_only=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* client_auth=False,
* email_protection=True,
* code_signing=True,
* time_stamping=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* type="SUBORDINATE")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var root_ca = new Gcp.CertificateAuthority.Authority("root-ca", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority-root",
* Location = "us-central1",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority-sub",
* Location = "us-central1",
* DeletionProtection = true,
* SubordinateConfig = new Gcp.CertificateAuthority.Inputs.AuthoritySubordinateConfigArgs
* {
* CertificateAuthority = root_ca.Name,
* },
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-subordinate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 0,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = true,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* Type = "SUBORDINATE",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewAuthority(ctx, "root-ca", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority-root"),
* Location: pulumi.String("us-central1"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority-sub"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* SubordinateConfig: &certificateauthority.AuthoritySubordinateConfigArgs{
* CertificateAuthority: root_ca.Name,
* },
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-subordinate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(0),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* Type: pulumi.String("SUBORDINATE"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthoritySubordinateConfigArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var root_ca = new Authority("root-ca", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority-root")
* .location("us-central1")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority-sub")
* .location("us-central1")
* .deletionProtection("true")
* .subordinateConfig(AuthoritySubordinateConfigArgs.builder()
* .certificateAuthority(root_ca.name())
* .build())
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-subordinate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(0)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(true)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .type("SUBORDINATE")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* root-ca:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority-root
* location: us-central1
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority-sub
* location: us-central1
* deletionProtection: 'true'
* subordinateConfig:
* certificateAuthority: ${["root-ca"].name}
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-subordinate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 0
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: true
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* lifetime: 86400s
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* type: SUBORDINATE
* ```
*
* ### Privateca Certificate Authority Byo Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const privatecaSa = new gcp.projects.ServiceIdentity("privateca_sa", {service: "privateca.googleapis.com"});
* const privatecaSaKeyuserSignerverifier = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", {
* cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role: "roles/cloudkms.signerVerifier",
* member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
* });
* const privatecaSaKeyuserViewer = new gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", {
* cryptoKeyId: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role: "roles/viewer",
* member: pulumi.interpolate`serviceAccount:${privatecaSa.email}`,
* });
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* keySpec: {
* cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* config: {
* subjectConfig: {
* subject: {
* organization: "Example, Org.",
* commonName: "Example Authority",
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* nameConstraints: {
* critical: true,
* permittedDnsNames: ["*.example.com"],
* excludedDnsNames: ["*.deny.example.com"],
* permittedIpRanges: ["10.0.0.0/8"],
* excludedIpRanges: ["10.1.1.0/24"],
* permittedEmailAddresses: [".example.com"],
* excludedEmailAddresses: [".deny.example.com"],
* permittedUris: [".example.com"],
* excludedUris: [".deny.example.com"],
* },
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* privateca_sa = gcp.projects.ServiceIdentity("privateca_sa", service="privateca.googleapis.com")
* privateca_sa_keyuser_signerverifier = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier",
* crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role="roles/cloudkms.signerVerifier",
* member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
* privateca_sa_keyuser_viewer = gcp.kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer",
* crypto_key_id="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* role="roles/viewer",
* member=privateca_sa.email.apply(lambda email: f"serviceAccount:{email}"))
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority",
* location="us-central1",
* deletion_protection=True,
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* ),
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="Example, Org.",
* common_name="Example Authority",
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=10,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* name_constraints=gcp.certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs(
* critical=True,
* permitted_dns_names=["*.example.com"],
* excluded_dns_names=["*.deny.example.com"],
* permitted_ip_ranges=["10.0.0.0/8"],
* excluded_ip_ranges=["10.1.1.0/24"],
* permitted_email_addresses=[".example.com"],
* excluded_email_addresses=[".deny.example.com"],
* permitted_uris=[".example.com"],
* excluded_uris=[".deny.example.com"],
* ),
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var privatecaSa = new Gcp.Projects.ServiceIdentity("privateca_sa", new()
* {
* Service = "privateca.googleapis.com",
* });
* var privatecaSaKeyuserSignerverifier = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_signerverifier", new()
* {
* CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* Role = "roles/cloudkms.signerVerifier",
* Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
* });
* var privatecaSaKeyuserViewer = new Gcp.Kms.CryptoKeyIAMMember("privateca_sa_keyuser_viewer", new()
* {
* CryptoKeyId = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key",
* Role = "roles/viewer",
* Member = privatecaSa.Email.Apply(email => $"serviceAccount:{email}"),
* });
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority",
* Location = "us-central1",
* DeletionProtection = true,
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "Example, Org.",
* CommonName = "Example Authority",
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* NameConstraints = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigNameConstraintsArgs
* {
* Critical = true,
* PermittedDnsNames = new[]
* {
* "*.example.com",
* },
* ExcludedDnsNames = new[]
* {
* "*.deny.example.com",
* },
* PermittedIpRanges = new[]
* {
* "10.0.0.0/8",
* },
* ExcludedIpRanges = new[]
* {
* "10.1.1.0/24",
* },
* PermittedEmailAddresses = new[]
* {
* ".example.com",
* },
* ExcludedEmailAddresses = new[]
* {
* ".deny.example.com",
* },
* PermittedUris = new[]
* {
* ".example.com",
* },
* ExcludedUris = new[]
* {
* ".deny.example.com",
* },
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* privatecaSa, err := projects.NewServiceIdentity(ctx, "privateca_sa", &projects.ServiceIdentityArgs{
* Service: pulumi.String("privateca.googleapis.com"),
* })
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_signerverifier", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
* Role: pulumi.String("roles/cloudkms.signerVerifier"),
* Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
* return fmt.Sprintf("serviceAccount:%v", email), nil
* }).(pulumi.StringOutput),
* })
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKeyIAMMember(ctx, "privateca_sa_keyuser_viewer", &kms.CryptoKeyIAMMemberArgs{
* CryptoKeyId: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key"),
* Role: pulumi.String("roles/viewer"),
* Member: privatecaSa.Email.ApplyT(func(email string) (string, error) {
* return fmt.Sprintf("serviceAccount:%v", email), nil
* }).(pulumi.StringOutput),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
* },
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("Example, Org."),
* CommonName: pulumi.String("Example Authority"),
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* NameConstraints: &certificateauthority.AuthorityConfigX509ConfigNameConstraintsArgs{
* Critical: pulumi.Bool(true),
* PermittedDnsNames: pulumi.StringArray{
* pulumi.String("*.example.com"),
* },
* ExcludedDnsNames: pulumi.StringArray{
* pulumi.String("*.deny.example.com"),
* },
* PermittedIpRanges: pulumi.StringArray{
* pulumi.String("10.0.0.0/8"),
* },
* ExcludedIpRanges: pulumi.StringArray{
* pulumi.String("10.1.1.0/24"),
* },
* PermittedEmailAddresses: pulumi.StringArray{
* pulumi.String(".example.com"),
* },
* ExcludedEmailAddresses: pulumi.StringArray{
* pulumi.String(".deny.example.com"),
* },
* PermittedUris: pulumi.StringArray{
* pulumi.String(".example.com"),
* },
* ExcludedUris: pulumi.StringArray{
* pulumi.String(".deny.example.com"),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.projects.ServiceIdentity;
* import com.pulumi.gcp.projects.ServiceIdentityArgs;
* import com.pulumi.gcp.kms.CryptoKeyIAMMember;
* import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigNameConstraintsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var privatecaSa = new ServiceIdentity("privatecaSa", ServiceIdentityArgs.builder()
* .service("privateca.googleapis.com")
* .build());
* var privatecaSaKeyuserSignerverifier = new CryptoKeyIAMMember("privatecaSaKeyuserSignerverifier", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
* .role("roles/cloudkms.signerVerifier")
* .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
* .build());
* var privatecaSaKeyuserViewer = new CryptoKeyIAMMember("privatecaSaKeyuserViewer", CryptoKeyIAMMemberArgs.builder()
* .cryptoKeyId("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key")
* .role("roles/viewer")
* .member(privatecaSa.email().applyValue(email -> String.format("serviceAccount:%s", email)))
* .build());
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority")
* .location("us-central1")
* .deletionProtection("true")
* .keySpec(AuthorityKeySpecArgs.builder()
* .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
* .build())
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("Example, Org.")
* .commonName("Example Authority")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .nameConstraints(AuthorityConfigX509ConfigNameConstraintsArgs.builder()
* .critical(true)
* .permittedDnsNames("*.example.com")
* .excludedDnsNames("*.deny.example.com")
* .permittedIpRanges("10.0.0.0/8")
* .excludedIpRanges("10.1.1.0/24")
* .permittedEmailAddresses(".example.com")
* .excludedEmailAddresses(".deny.example.com")
* .permittedUris(".example.com")
* .excludedUris(".deny.example.com")
* .build())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* privatecaSa:
* type: gcp:projects:ServiceIdentity
* name: privateca_sa
* properties:
* service: privateca.googleapis.com
* privatecaSaKeyuserSignerverifier:
* type: gcp:kms:CryptoKeyIAMMember
* name: privateca_sa_keyuser_signerverifier
* properties:
* cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
* role: roles/cloudkms.signerVerifier
* member: serviceAccount:${privatecaSa.email}
* privatecaSaKeyuserViewer:
* type: gcp:kms:CryptoKeyIAMMember
* name: privateca_sa_keyuser_viewer
* properties:
* cryptoKeyId: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key
* role: roles/viewer
* member: serviceAccount:${privatecaSa.email}
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority
* location: us-central1
* deletionProtection: 'true'
* keySpec:
* cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
* config:
* subjectConfig:
* subject:
* organization: Example, Org.
* commonName: Example Authority
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* nameConstraints:
* critical: true
* permittedDnsNames:
* - '*.example.com'
* excludedDnsNames:
* - '*.deny.example.com'
* permittedIpRanges:
* - 10.0.0.0/8
* excludedIpRanges:
* - 10.1.1.0/24
* permittedEmailAddresses:
* - .example.com
* excludedEmailAddresses:
* - .deny.example.com
* permittedUris:
* - .example.com
* excludedUris:
* - .deny.example.com
* ```
*
* ### Privateca Certificate Authority Custom Ski
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const _default = new gcp.certificateauthority.Authority("default", {
* pool: "ca-pool",
* certificateAuthorityId: "my-certificate-authority",
* location: "us-central1",
* deletionProtection: true,
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* subjectKeyId: {
* keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* x509Config: {
* caOptions: {
* isCa: true,
* maxIssuerPathLength: 10,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* contentCommitment: true,
* keyEncipherment: false,
* dataEncipherment: true,
* keyAgreement: true,
* certSign: true,
* crlSign: true,
* decipherOnly: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* clientAuth: false,
* emailProtection: true,
* codeSigning: true,
* timeStamping: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* cloudKmsKeyVersion: "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* default = gcp.certificateauthority.Authority("default",
* pool="ca-pool",
* certificate_authority_id="my-certificate-authority",
* location="us-central1",
* deletion_protection=True,
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
* key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* max_issuer_path_length=10,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* content_commitment=True,
* key_encipherment=False,
* data_encipherment=True,
* key_agreement=True,
* cert_sign=True,
* crl_sign=True,
* decipher_only=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* client_auth=False,
* email_protection=True,
* code_signing=True,
* time_stamping=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Pool = "ca-pool",
* CertificateAuthorityId = "my-certificate-authority",
* Location = "us-central1",
* DeletionProtection = true,
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* SubjectKeyId = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectKeyIdArgs
* {
* KeyId = "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* MaxIssuerPathLength = 10,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* ContentCommitment = true,
* KeyEncipherment = false,
* DataEncipherment = true,
* KeyAgreement = true,
* CertSign = true,
* CrlSign = true,
* DecipherOnly = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* ClientAuth = false,
* EmailProtection = true,
* CodeSigning = true,
* TimeStamping = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* CloudKmsKeyVersion = "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Pool: pulumi.String("ca-pool"),
* CertificateAuthorityId: pulumi.String("my-certificate-authority"),
* Location: pulumi.String("us-central1"),
* DeletionProtection: pulumi.Bool(true),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* SubjectKeyId: &certificateauthority.AuthorityConfigSubjectKeyIdArgs{
* KeyId: pulumi.String("4cf3372289b1d411b999dbb9ebcd44744b6b2fca"),
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* MaxIssuerPathLength: pulumi.Int(10),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* ContentCommitment: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* ClientAuth: pulumi.Bool(false),
* EmailProtection: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* CloudKmsKeyVersion: pulumi.String("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectKeyIdArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new Authority("default", AuthorityArgs.builder()
* .pool("ca-pool")
* .certificateAuthorityId("my-certificate-authority")
* .location("us-central1")
* .deletionProtection("true")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .subjectKeyId(AuthorityConfigSubjectKeyIdArgs.builder()
* .keyId("4cf3372289b1d411b999dbb9ebcd44744b6b2fca")
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .maxIssuerPathLength(10)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .contentCommitment(true)
* .keyEncipherment(false)
* .dataEncipherment(true)
* .keyAgreement(true)
* .certSign(true)
* .crlSign(true)
* .decipherOnly(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .clientAuth(false)
* .emailProtection(true)
* .codeSigning(true)
* .timeStamping(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .cloudKmsKeyVersion("projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:Authority
* properties:
* pool: ca-pool
* certificateAuthorityId: my-certificate-authority
* location: us-central1
* deletionProtection: 'true'
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* subjectKeyId:
* keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca
* x509Config:
* caOptions:
* isCa: true
* maxIssuerPathLength: 10
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* contentCommitment: true
* keyEncipherment: false
* dataEncipherment: true
* keyAgreement: true
* certSign: true
* crlSign: true
* decipherOnly: true
* extendedKeyUsage:
* serverAuth: true
* clientAuth: false
* emailProtection: true
* codeSigning: true
* timeStamping: true
* lifetime: 86400s
* keySpec:
* cloudKmsKeyVersion: projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1
* ```
*
* ## Import
* CertificateAuthority can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}`
* * `{{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}`
* * `{{location}}/{{pool}}/{{certificate_authority_id}}`
* When using the `pulumi import` command, CertificateAuthority can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificateAuthorities/{{certificate_authority_id}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default {{project}}/{{location}}/{{pool}}/{{certificate_authority_id}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/authority:Authority default {{location}}/{{pool}}/{{certificate_authority_id}}
* ```
* @property certificateAuthorityId The user provided Resource ID for this Certificate Authority.
* @property config The config used to create a self-signed X.509 certificate or CSR.
* Structure is documented below.
* @property deletionProtection
* @property desiredState Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
* @property gcsBucket The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
* CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
* example, to use a bucket named my-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will
* be created.
* @property ignoreActiveCertificatesOnDeletion This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and
* unexpired certs. Use with care. Defaults to 'false'.
* @property keySpec Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority
* is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA
* certificate. Otherwise, it is used to sign a CSR.
* Structure is documented below.
* @property labels Labels with user-defined metadata. An object containing a list of "key": value pairs. Example: { "name": "wrench",
* "mass": "1.3kg", "count": "3" }. **Note**: This field is non-authoritative, and will only manage the labels present in
* your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.
* @property lifetime The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and "notAfterTime" fields inside an X.509
* certificate. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
* @property location Location of the CertificateAuthority. A full list of valid locations can be found by
* running `gcloud privateca locations list`.
* @property pemCaCertificate The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with
* a third party issuer.
* @property pool The name of the CaPool this Certificate Authority belongs to.
* @property project
* @property skipGracePeriod If this flag is set, the Certificate Authority will be deleted as soon as possible without a 30-day grace period where
* undeletion would have been allowed. If you proceed, there will be no way to recover this CA. Use with care. Defaults to
* 'false'.
* @property subordinateConfig If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
* describes its issuers.
* @property type The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
* before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
*/
public data class AuthorityArgs(
public val certificateAuthorityId: Output? = null,
public val config: Output? = null,
public val deletionProtection: Output? = null,
public val desiredState: Output? = null,
public val gcsBucket: Output? = null,
public val ignoreActiveCertificatesOnDeletion: Output? = null,
public val keySpec: Output? = null,
public val labels: Output
© 2015 - 2024 Weber Informatics LLC | Privacy Policy