com.pulumi.gcp.certificateauthority.kotlin.CertificateArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.certificateauthority.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.certificateauthority.CertificateArgs.builder
import com.pulumi.gcp.certificateauthority.kotlin.inputs.CertificateConfigArgs
import com.pulumi.gcp.certificateauthority.kotlin.inputs.CertificateConfigArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* A Certificate corresponds to a signed X.509 certificate issued by a Certificate.
* > **Note:** The Certificate Authority that is referenced by this resource **must** be
* `tier = "ENTERPRISE"`
* ## Example Usage
* ### Privateca Certificate Generated Key
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* import * as tls from "@pulumi/tls";
* const _default = new gcp.certificateauthority.CaPool("default", {
* location: "us-central1",
* name: "default",
* tier: "ENTERPRISE",
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthorityId: "my-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const certKey = new tls.PrivateKey("cert_key", {algorithm: "RSA"});
* const defaultCertificate = new gcp.certificateauthority.Certificate("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthority: defaultAuthority.certificateAuthorityId,
* lifetime: "86000s",
* name: "cert-1",
* config: {
* subjectConfig: {
* subject: {
* commonName: "san1.example.com",
* countryCode: "us",
* organization: "google",
* organizationalUnit: "enterprise",
* locality: "mountain view",
* province: "california",
* streetAddress: "1600 amphitheatre parkway",
* },
* subjectAltName: {
* emailAddresses: ["email@example.com"],
* ipAddresses: ["127.0.0.1"],
* uris: ["http://www.ietf.org/rfc/rfc3986.txt"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* nameConstraints: {
* critical: true,
* permittedDnsNames: ["*.example.com"],
* excludedDnsNames: ["*.deny.example.com"],
* permittedIpRanges: ["10.0.0.0/8"],
* excludedIpRanges: ["10.1.1.0/24"],
* permittedEmailAddresses: [".example.com"],
* excludedEmailAddresses: [".deny.example.com"],
* permittedUris: [".example.com"],
* excludedUris: [".deny.example.com"],
* },
* },
* publicKey: {
* format: "PEM",
* key: std.base64encodeOutput({
* input: certKey.publicKeyPem,
* }).apply(invoke => invoke.result),
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* import pulumi_tls as tls
* default = gcp.certificateauthority.CaPool("default",
* location="us-central1",
* name="default",
* tier="ENTERPRISE")
* default_authority = gcp.certificateauthority.Authority("default",
* location="us-central1",
* pool=default.name,
* certificate_authority_id="my-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* cert_key = tls.PrivateKey("cert_key", algorithm="RSA")
* default_certificate = gcp.certificateauthority.Certificate("default",
* location="us-central1",
* pool=default.name,
* certificate_authority=default_authority.certificate_authority_id,
* lifetime="86000s",
* name="cert-1",
* config=gcp.certificateauthority.CertificateConfigArgs(
* subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
* common_name="san1.example.com",
* country_code="us",
* organization="google",
* organizational_unit="enterprise",
* locality="mountain view",
* province="california",
* street_address="1600 amphitheatre parkway",
* ),
* subject_alt_name=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectAltNameArgs(
* email_addresses=["email@example.com"],
* ip_addresses=["127.0.0.1"],
* uris=["http://www.ietf.org/rfc/rfc3986.txt"],
* ),
* ),
* x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* name_constraints=gcp.certificateauthority.CertificateConfigX509ConfigNameConstraintsArgs(
* critical=True,
* permitted_dns_names=["*.example.com"],
* excluded_dns_names=["*.deny.example.com"],
* permitted_ip_ranges=["10.0.0.0/8"],
* excluded_ip_ranges=["10.1.1.0/24"],
* permitted_email_addresses=[".example.com"],
* excluded_email_addresses=[".deny.example.com"],
* permitted_uris=[".example.com"],
* excluded_uris=[".deny.example.com"],
* ),
* ),
* public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
* format="PEM",
* key=std.base64encode_output(input=cert_key.public_key_pem).apply(lambda invoke: invoke.result),
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* using Tls = Pulumi.Tls;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Location = "us-central1",
* Name = "default",
* Tier = "ENTERPRISE",
* });
* var defaultAuthority = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthorityId = "my-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var certKey = new Tls.PrivateKey("cert_key", new()
* {
* Algorithm = "RSA",
* });
* var defaultCertificate = new Gcp.CertificateAuthority.Certificate("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthority = defaultAuthority.CertificateAuthorityId,
* Lifetime = "86000s",
* Name = "cert-1",
* Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs
* {
* CommonName = "san1.example.com",
* CountryCode = "us",
* Organization = "google",
* OrganizationalUnit = "enterprise",
* Locality = "mountain view",
* Province = "california",
* StreetAddress = "1600 amphitheatre parkway",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectAltNameArgs
* {
* EmailAddresses = new[]
* {
* "[email protected]",
* },
* IpAddresses = new[]
* {
* "127.0.0.1",
* },
* Uris = new[]
* {
* "http://www.ietf.org/rfc/rfc3986.txt",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* NameConstraints = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigNameConstraintsArgs
* {
* Critical = true,
* PermittedDnsNames = new[]
* {
* "*.example.com",
* },
* ExcludedDnsNames = new[]
* {
* "*.deny.example.com",
* },
* PermittedIpRanges = new[]
* {
* "10.0.0.0/8",
* },
* ExcludedIpRanges = new[]
* {
* "10.1.1.0/24",
* },
* PermittedEmailAddresses = new[]
* {
* ".example.com",
* },
* ExcludedEmailAddresses = new[]
* {
* ".deny.example.com",
* },
* PermittedUris = new[]
* {
* ".example.com",
* },
* ExcludedUris = new[]
* {
* ".deny.example.com",
* },
* },
* },
* PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs
* {
* Format = "PEM",
* Key = Std.Base64encode.Invoke(new()
* {
* Input = certKey.PublicKeyPem,
* }).Apply(invoke => invoke.Result),
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi-tls/sdk/v5/go/tls"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Location: pulumi.String("us-central1"),
* Name: pulumi.String("default"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* defaultAuthority, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthorityId: pulumi.String("my-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* certKey, err := tls.NewPrivateKey(ctx, "cert_key", &tls.PrivateKeyArgs{
* Algorithm: pulumi.String("RSA"),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthority: defaultAuthority.CertificateAuthorityId,
* Lifetime: pulumi.String("86000s"),
* Name: pulumi.String("cert-1"),
* Config: &certificateauthority.CertificateConfigArgs{
* SubjectConfig: &certificateauthority.CertificateConfigSubjectConfigArgs{
* Subject: &certificateauthority.CertificateConfigSubjectConfigSubjectArgs{
* CommonName: pulumi.String("san1.example.com"),
* CountryCode: pulumi.String("us"),
* Organization: pulumi.String("google"),
* OrganizationalUnit: pulumi.String("enterprise"),
* Locality: pulumi.String("mountain view"),
* Province: pulumi.String("california"),
* StreetAddress: pulumi.String("1600 amphitheatre parkway"),
* },
* SubjectAltName: &certificateauthority.CertificateConfigSubjectConfigSubjectAltNameArgs{
* EmailAddresses: pulumi.StringArray{
* pulumi.String("[email protected]"),
* },
* IpAddresses: pulumi.StringArray{
* pulumi.String("127.0.0.1"),
* },
* Uris: pulumi.StringArray{
* pulumi.String("http://www.ietf.org/rfc/rfc3986.txt"),
* },
* },
* },
* X509Config: &certificateauthority.CertificateConfigX509ConfigArgs{
* CaOptions: &certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* NameConstraints: &certificateauthority.CertificateConfigX509ConfigNameConstraintsArgs{
* Critical: pulumi.Bool(true),
* PermittedDnsNames: pulumi.StringArray{
* pulumi.String("*.example.com"),
* },
* ExcludedDnsNames: pulumi.StringArray{
* pulumi.String("*.deny.example.com"),
* },
* PermittedIpRanges: pulumi.StringArray{
* pulumi.String("10.0.0.0/8"),
* },
* ExcludedIpRanges: pulumi.StringArray{
* pulumi.String("10.1.1.0/24"),
* },
* PermittedEmailAddresses: pulumi.StringArray{
* pulumi.String(".example.com"),
* },
* ExcludedEmailAddresses: pulumi.StringArray{
* pulumi.String(".deny.example.com"),
* },
* PermittedUris: pulumi.StringArray{
* pulumi.String(".example.com"),
* },
* ExcludedUris: pulumi.StringArray{
* pulumi.String(".deny.example.com"),
* },
* },
* },
* PublicKey: &certificateauthority.CertificateConfigPublicKeyArgs{
* Format: pulumi.String("PEM"),
* Key: std.Base64encodeOutput(ctx, std.Base64encodeOutputArgs{
* Input: certKey.PublicKeyPem,
* }, nil).ApplyT(func(invoke std.Base64encodeResult) (*string, error) {
* return invoke.Result, nil
* }).(pulumi.StringPtrOutput),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.tls.PrivateKey;
* import com.pulumi.tls.PrivateKeyArgs;
* import com.pulumi.gcp.certificateauthority.Certificate;
* import com.pulumi.gcp.certificateauthority.CertificateArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigNameConstraintsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .location("us-central1")
* .name("default")
* .tier("ENTERPRISE")
* .build());
* var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthorityId("my-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var certKey = new PrivateKey("certKey", PrivateKeyArgs.builder()
* .algorithm("RSA")
* .build());
* var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthority(defaultAuthority.certificateAuthorityId())
* .lifetime("86000s")
* .name("cert-1")
* .config(CertificateConfigArgs.builder()
* .subjectConfig(CertificateConfigSubjectConfigArgs.builder()
* .subject(CertificateConfigSubjectConfigSubjectArgs.builder()
* .commonName("san1.example.com")
* .countryCode("us")
* .organization("google")
* .organizationalUnit("enterprise")
* .locality("mountain view")
* .province("california")
* .streetAddress("1600 amphitheatre parkway")
* .build())
* .subjectAltName(CertificateConfigSubjectConfigSubjectAltNameArgs.builder()
* .emailAddresses("[email protected]")
* .ipAddresses("127.0.0.1")
* .uris("http://www.ietf.org/rfc/rfc3986.txt")
* .build())
* .build())
* .x509Config(CertificateConfigX509ConfigArgs.builder()
* .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .nameConstraints(CertificateConfigX509ConfigNameConstraintsArgs.builder()
* .critical(true)
* .permittedDnsNames("*.example.com")
* .excludedDnsNames("*.deny.example.com")
* .permittedIpRanges("10.0.0.0/8")
* .excludedIpRanges("10.1.1.0/24")
* .permittedEmailAddresses(".example.com")
* .excludedEmailAddresses(".deny.example.com")
* .permittedUris(".example.com")
* .excludedUris(".deny.example.com")
* .build())
* .build())
* .publicKey(CertificateConfigPublicKeyArgs.builder()
* .format("PEM")
* .key(StdFunctions.base64encode().applyValue(invoke -> invoke.result()))
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* location: us-central1
* name: default
* tier: ENTERPRISE
* defaultAuthority:
* type: gcp:certificateauthority:Authority
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthorityId: my-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* certKey:
* type: tls:PrivateKey
* name: cert_key
* properties:
* algorithm: RSA
* defaultCertificate:
* type: gcp:certificateauthority:Certificate
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthority: ${defaultAuthority.certificateAuthorityId}
* lifetime: 86000s
* name: cert-1
* config:
* subjectConfig:
* subject:
* commonName: san1.example.com
* countryCode: us
* organization: google
* organizationalUnit: enterprise
* locality: mountain view
* province: california
* streetAddress: 1600 amphitheatre parkway
* subjectAltName:
* emailAddresses:
* - [email protected]
* ipAddresses:
* - 127.0.0.1
* uris:
* - http://www.ietf.org/rfc/rfc3986.txt
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* nameConstraints:
* critical: true
* permittedDnsNames:
* - '*.example.com'
* excludedDnsNames:
* - '*.deny.example.com'
* permittedIpRanges:
* - 10.0.0.0/8
* excludedIpRanges:
* - 10.1.1.0/24
* permittedEmailAddresses:
* - .example.com
* excludedEmailAddresses:
* - .deny.example.com
* permittedUris:
* - .example.com
* excludedUris:
* - .deny.example.com
* publicKey:
* format: PEM
* key:
* fn::invoke:
* Function: std:base64encode
* Arguments:
* input: ${certKey.publicKeyPem}
* Return: result
* ```
*
* ### Privateca Certificate With Template
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const _default = new gcp.certificateauthority.CaPool("default", {
* location: "us-central1",
* name: "my-pool",
* tier: "ENTERPRISE",
* });
* const defaultCertificateTemplate = new gcp.certificateauthority.CertificateTemplate("default", {
* location: "us-central1",
* name: "my-certificate-template",
* description: "An updated sample certificate template",
* identityConstraints: {
* allowSubjectAltNamesPassthrough: true,
* allowSubjectPassthrough: true,
* celExpression: {
* description: "Always true",
* expression: "true",
* location: "any.file.anywhere",
* title: "Sample expression",
* },
* },
* passthroughExtensions: {
* additionalExtensions: [{
* objectIdPaths: [
* 1,
* 6,
* ],
* }],
* knownExtensions: ["EXTENDED_KEY_USAGE"],
* },
* predefinedValues: {
* additionalExtensions: [{
* objectId: {
* objectIdPaths: [
* 1,
* 6,
* ],
* },
* value: "c3RyaW5nCg==",
* critical: true,
* }],
* aiaOcspServers: ["string"],
* caOptions: {
* isCa: false,
* maxIssuerPathLength: 6,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: false,
* contentCommitment: true,
* crlSign: false,
* dataEncipherment: true,
* decipherOnly: true,
* digitalSignature: true,
* encipherOnly: true,
* keyAgreement: true,
* keyEncipherment: true,
* },
* extendedKeyUsage: {
* clientAuth: true,
* codeSigning: true,
* emailProtection: true,
* ocspSigning: true,
* serverAuth: true,
* timeStamping: true,
* },
* unknownExtendedKeyUsages: [{
* objectIdPaths: [
* 1,
* 6,
* ],
* }],
* },
* policyIds: [{
* objectIdPaths: [
* 1,
* 6,
* ],
* }],
* },
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthorityId: "my-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const defaultCertificate = new gcp.certificateauthority.Certificate("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthority: defaultAuthority.certificateAuthorityId,
* name: "my-certificate",
* lifetime: "860s",
* pemCsr: std.file({
* input: "test-fixtures/rsa_csr.pem",
* }).then(invoke => invoke.result),
* certificateTemplate: defaultCertificateTemplate.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* default = gcp.certificateauthority.CaPool("default",
* location="us-central1",
* name="my-pool",
* tier="ENTERPRISE")
* default_certificate_template = gcp.certificateauthority.CertificateTemplate("default",
* location="us-central1",
* name="my-certificate-template",
* description="An updated sample certificate template",
* identity_constraints=gcp.certificateauthority.CertificateTemplateIdentityConstraintsArgs(
* allow_subject_alt_names_passthrough=True,
* allow_subject_passthrough=True,
* cel_expression=gcp.certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs(
* description="Always true",
* expression="true",
* location="any.file.anywhere",
* title="Sample expression",
* ),
* ),
* passthrough_extensions=gcp.certificateauthority.CertificateTemplatePassthroughExtensionsArgs(
* additional_extensions=[gcp.certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs(
* object_id_paths=[
* 1,
* 6,
* ],
* )],
* known_extensions=["EXTENDED_KEY_USAGE"],
* ),
* predefined_values=gcp.certificateauthority.CertificateTemplatePredefinedValuesArgs(
* additional_extensions=[gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs(
* object_id=gcp.certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs(
* object_id_paths=[
* 1,
* 6,
* ],
* ),
* value="c3RyaW5nCg==",
* critical=True,
* )],
* aia_ocsp_servers=["string"],
* ca_options=gcp.certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs(
* is_ca=False,
* max_issuer_path_length=6,
* ),
* key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs(
* cert_sign=False,
* content_commitment=True,
* crl_sign=False,
* data_encipherment=True,
* decipher_only=True,
* digital_signature=True,
* encipher_only=True,
* key_agreement=True,
* key_encipherment=True,
* ),
* extended_key_usage=gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs(
* client_auth=True,
* code_signing=True,
* email_protection=True,
* ocsp_signing=True,
* server_auth=True,
* time_stamping=True,
* ),
* unknown_extended_key_usages=[gcp.certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs(
* object_id_paths=[
* 1,
* 6,
* ],
* )],
* ),
* policy_ids=[gcp.certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs(
* object_id_paths=[
* 1,
* 6,
* ],
* )],
* ))
* default_authority = gcp.certificateauthority.Authority("default",
* location="us-central1",
* pool=default.name,
* certificate_authority_id="my-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* default_certificate = gcp.certificateauthority.Certificate("default",
* location="us-central1",
* pool=default.name,
* certificate_authority=default_authority.certificate_authority_id,
* name="my-certificate",
* lifetime="860s",
* pem_csr=std.file(input="test-fixtures/rsa_csr.pem").result,
* certificate_template=default_certificate_template.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Location = "us-central1",
* Name = "my-pool",
* Tier = "ENTERPRISE",
* });
* var defaultCertificateTemplate = new Gcp.CertificateAuthority.CertificateTemplate("default", new()
* {
* Location = "us-central1",
* Name = "my-certificate-template",
* Description = "An updated sample certificate template",
* IdentityConstraints = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsArgs
* {
* AllowSubjectAltNamesPassthrough = true,
* AllowSubjectPassthrough = true,
* CelExpression = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs
* {
* Description = "Always true",
* Expression = "true",
* Location = "any.file.anywhere",
* Title = "Sample expression",
* },
* },
* PassthroughExtensions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsArgs
* {
* AdditionalExtensions = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 6,
* },
* },
* },
* KnownExtensions = new[]
* {
* "EXTENDED_KEY_USAGE",
* },
* },
* PredefinedValues = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesArgs
* {
* AdditionalExtensions = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionArgs
* {
* ObjectId = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 6,
* },
* },
* Value = "c3RyaW5nCg==",
* Critical = true,
* },
* },
* AiaOcspServers = new[]
* {
* "string",
* },
* CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesCaOptionsArgs
* {
* IsCa = false,
* MaxIssuerPathLength = 6,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs
* {
* CertSign = false,
* ContentCommitment = true,
* CrlSign = false,
* DataEncipherment = true,
* DecipherOnly = true,
* DigitalSignature = true,
* EncipherOnly = true,
* KeyAgreement = true,
* KeyEncipherment = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs
* {
* ClientAuth = true,
* CodeSigning = true,
* EmailProtection = true,
* OcspSigning = true,
* ServerAuth = true,
* TimeStamping = true,
* },
* UnknownExtendedKeyUsages = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 6,
* },
* },
* },
* },
* PolicyIds = new[]
* {
* new Gcp.CertificateAuthority.Inputs.CertificateTemplatePredefinedValuesPolicyIdArgs
* {
* ObjectIdPaths = new[]
* {
* 1,
* 6,
* },
* },
* },
* },
* });
* var defaultAuthority = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthorityId = "my-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var defaultCertificate = new Gcp.CertificateAuthority.Certificate("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthority = defaultAuthority.CertificateAuthorityId,
* Name = "my-certificate",
* Lifetime = "860s",
* PemCsr = Std.File.Invoke(new()
* {
* Input = "test-fixtures/rsa_csr.pem",
* }).Apply(invoke => invoke.Result),
* CertificateTemplate = defaultCertificateTemplate.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Location: pulumi.String("us-central1"),
* Name: pulumi.String("my-pool"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* defaultCertificateTemplate, err := certificateauthority.NewCertificateTemplate(ctx, "default", &certificateauthority.CertificateTemplateArgs{
* Location: pulumi.String("us-central1"),
* Name: pulumi.String("my-certificate-template"),
* Description: pulumi.String("An updated sample certificate template"),
* IdentityConstraints: &certificateauthority.CertificateTemplateIdentityConstraintsArgs{
* AllowSubjectAltNamesPassthrough: pulumi.Bool(true),
* AllowSubjectPassthrough: pulumi.Bool(true),
* CelExpression: &certificateauthority.CertificateTemplateIdentityConstraintsCelExpressionArgs{
* Description: pulumi.String("Always true"),
* Expression: pulumi.String("true"),
* Location: pulumi.String("any.file.anywhere"),
* Title: pulumi.String("Sample expression"),
* },
* },
* PassthroughExtensions: &certificateauthority.CertificateTemplatePassthroughExtensionsArgs{
* AdditionalExtensions: certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArray{
* &certificateauthority.CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(6),
* },
* },
* },
* KnownExtensions: pulumi.StringArray{
* pulumi.String("EXTENDED_KEY_USAGE"),
* },
* },
* PredefinedValues: &certificateauthority.CertificateTemplatePredefinedValuesArgs{
* AdditionalExtensions: certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArray{
* &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionArgs{
* ObjectId: &certificateauthority.CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(6),
* },
* },
* Value: pulumi.String("c3RyaW5nCg=="),
* Critical: pulumi.Bool(true),
* },
* },
* AiaOcspServers: pulumi.StringArray{
* pulumi.String("string"),
* },
* CaOptions: &certificateauthority.CertificateTemplatePredefinedValuesCaOptionsArgs{
* IsCa: pulumi.Bool(false),
* MaxIssuerPathLength: pulumi.Int(6),
* },
* KeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(false),
* ContentCommitment: pulumi.Bool(true),
* CrlSign: pulumi.Bool(false),
* DataEncipherment: pulumi.Bool(true),
* DecipherOnly: pulumi.Bool(true),
* DigitalSignature: pulumi.Bool(true),
* EncipherOnly: pulumi.Bool(true),
* KeyAgreement: pulumi.Bool(true),
* KeyEncipherment: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs{
* ClientAuth: pulumi.Bool(true),
* CodeSigning: pulumi.Bool(true),
* EmailProtection: pulumi.Bool(true),
* OcspSigning: pulumi.Bool(true),
* ServerAuth: pulumi.Bool(true),
* TimeStamping: pulumi.Bool(true),
* },
* UnknownExtendedKeyUsages: certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArray{
* &certificateauthority.CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(6),
* },
* },
* },
* },
* PolicyIds: certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArray{
* &certificateauthority.CertificateTemplatePredefinedValuesPolicyIdArgs{
* ObjectIdPaths: pulumi.IntArray{
* pulumi.Int(1),
* pulumi.Int(6),
* },
* },
* },
* },
* })
* if err != nil {
* return err
* }
* defaultAuthority, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthorityId: pulumi.String("my-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/rsa_csr.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthority: defaultAuthority.CertificateAuthorityId,
* Name: pulumi.String("my-certificate"),
* Lifetime: pulumi.String("860s"),
* PemCsr: invokeFile.Result,
* CertificateTemplate: defaultCertificateTemplate.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.CertificateTemplate;
* import com.pulumi.gcp.certificateauthority.CertificateTemplateArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIdentityConstraintsCelExpressionArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePassthroughExtensionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.Certificate;
* import com.pulumi.gcp.certificateauthority.CertificateArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .location("us-central1")
* .name("my-pool")
* .tier("ENTERPRISE")
* .build());
* var defaultCertificateTemplate = new CertificateTemplate("defaultCertificateTemplate", CertificateTemplateArgs.builder()
* .location("us-central1")
* .name("my-certificate-template")
* .description("An updated sample certificate template")
* .identityConstraints(CertificateTemplateIdentityConstraintsArgs.builder()
* .allowSubjectAltNamesPassthrough(true)
* .allowSubjectPassthrough(true)
* .celExpression(CertificateTemplateIdentityConstraintsCelExpressionArgs.builder()
* .description("Always true")
* .expression("true")
* .location("any.file.anywhere")
* .title("Sample expression")
* .build())
* .build())
* .passthroughExtensions(CertificateTemplatePassthroughExtensionsArgs.builder()
* .additionalExtensions(CertificateTemplatePassthroughExtensionsAdditionalExtensionArgs.builder()
* .objectIdPaths(
* 1,
* 6)
* .build())
* .knownExtensions("EXTENDED_KEY_USAGE")
* .build())
* .predefinedValues(CertificateTemplatePredefinedValuesArgs.builder()
* .additionalExtensions(CertificateTemplatePredefinedValuesAdditionalExtensionArgs.builder()
* .objectId(CertificateTemplatePredefinedValuesAdditionalExtensionObjectIdArgs.builder()
* .objectIdPaths(
* 1,
* 6)
* .build())
* .value("c3RyaW5nCg==")
* .critical(true)
* .build())
* .aiaOcspServers("string")
* .caOptions(CertificateTemplatePredefinedValuesCaOptionsArgs.builder()
* .isCa(false)
* .maxIssuerPathLength(6)
* .build())
* .keyUsage(CertificateTemplatePredefinedValuesKeyUsageArgs.builder()
* .baseKeyUsage(CertificateTemplatePredefinedValuesKeyUsageBaseKeyUsageArgs.builder()
* .certSign(false)
* .contentCommitment(true)
* .crlSign(false)
* .dataEncipherment(true)
* .decipherOnly(true)
* .digitalSignature(true)
* .encipherOnly(true)
* .keyAgreement(true)
* .keyEncipherment(true)
* .build())
* .extendedKeyUsage(CertificateTemplatePredefinedValuesKeyUsageExtendedKeyUsageArgs.builder()
* .clientAuth(true)
* .codeSigning(true)
* .emailProtection(true)
* .ocspSigning(true)
* .serverAuth(true)
* .timeStamping(true)
* .build())
* .unknownExtendedKeyUsages(CertificateTemplatePredefinedValuesKeyUsageUnknownExtendedKeyUsageArgs.builder()
* .objectIdPaths(
* 1,
* 6)
* .build())
* .build())
* .policyIds(CertificateTemplatePredefinedValuesPolicyIdArgs.builder()
* .objectIdPaths(
* 1,
* 6)
* .build())
* .build())
* .build());
* var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthorityId("my-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthority(defaultAuthority.certificateAuthorityId())
* .name("my-certificate")
* .lifetime("860s")
* .pemCsr(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/rsa_csr.pem")
* .build()).result())
* .certificateTemplate(defaultCertificateTemplate.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* location: us-central1
* name: my-pool
* tier: ENTERPRISE
* defaultCertificateTemplate:
* type: gcp:certificateauthority:CertificateTemplate
* name: default
* properties:
* location: us-central1
* name: my-certificate-template
* description: An updated sample certificate template
* identityConstraints:
* allowSubjectAltNamesPassthrough: true
* allowSubjectPassthrough: true
* celExpression:
* description: Always true
* expression: 'true'
* location: any.file.anywhere
* title: Sample expression
* passthroughExtensions:
* additionalExtensions:
* - objectIdPaths:
* - 1
* - 6
* knownExtensions:
* - EXTENDED_KEY_USAGE
* predefinedValues:
* additionalExtensions:
* - objectId:
* objectIdPaths:
* - 1
* - 6
* value: c3RyaW5nCg==
* critical: true
* aiaOcspServers:
* - string
* caOptions:
* isCa: false
* maxIssuerPathLength: 6
* keyUsage:
* baseKeyUsage:
* certSign: false
* contentCommitment: true
* crlSign: false
* dataEncipherment: true
* decipherOnly: true
* digitalSignature: true
* encipherOnly: true
* keyAgreement: true
* keyEncipherment: true
* extendedKeyUsage:
* clientAuth: true
* codeSigning: true
* emailProtection: true
* ocspSigning: true
* serverAuth: true
* timeStamping: true
* unknownExtendedKeyUsages:
* - objectIdPaths:
* - 1
* - 6
* policyIds:
* - objectIdPaths:
* - 1
* - 6
* defaultAuthority:
* type: gcp:certificateauthority:Authority
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthorityId: my-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* defaultCertificate:
* type: gcp:certificateauthority:Certificate
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthority: ${defaultAuthority.certificateAuthorityId}
* name: my-certificate
* lifetime: 860s
* pemCsr:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/rsa_csr.pem
* Return: result
* certificateTemplate: ${defaultCertificateTemplate.id}
* ```
*
* ### Privateca Certificate Csr
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const _default = new gcp.certificateauthority.CaPool("default", {
* location: "us-central1",
* name: "my-pool",
* tier: "ENTERPRISE",
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthorityId: "my-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: false,
* },
* },
* },
* },
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const defaultCertificate = new gcp.certificateauthority.Certificate("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthority: defaultAuthority.certificateAuthorityId,
* name: "my-certificate",
* lifetime: "860s",
* pemCsr: std.file({
* input: "test-fixtures/rsa_csr.pem",
* }).then(invoke => invoke.result),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* default = gcp.certificateauthority.CaPool("default",
* location="us-central1",
* name="my-pool",
* tier="ENTERPRISE")
* default_authority = gcp.certificateauthority.Authority("default",
* location="us-central1",
* pool=default.name,
* certificate_authority_id="my-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=False,
* ),
* ),
* ),
* ),
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* default_certificate = gcp.certificateauthority.Certificate("default",
* location="us-central1",
* pool=default.name,
* certificate_authority=default_authority.certificate_authority_id,
* name="my-certificate",
* lifetime="860s",
* pem_csr=std.file(input="test-fixtures/rsa_csr.pem").result)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Location = "us-central1",
* Name = "my-pool",
* Tier = "ENTERPRISE",
* });
* var defaultAuthority = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthorityId = "my-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = false,
* },
* },
* },
* },
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var defaultCertificate = new Gcp.CertificateAuthority.Certificate("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthority = defaultAuthority.CertificateAuthorityId,
* Name = "my-certificate",
* Lifetime = "860s",
* PemCsr = Std.File.Invoke(new()
* {
* Input = "test-fixtures/rsa_csr.pem",
* }).Apply(invoke => invoke.Result),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Location: pulumi.String("us-central1"),
* Name: pulumi.String("my-pool"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* defaultAuthority, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthorityId: pulumi.String("my-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(false),
* },
* },
* },
* },
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* invokeFile, err := std.File(ctx, &std.FileArgs{
* Input: "test-fixtures/rsa_csr.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthority: defaultAuthority.CertificateAuthorityId,
* Name: pulumi.String("my-certificate"),
* Lifetime: pulumi.String("860s"),
* PemCsr: invokeFile.Result,
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.Certificate;
* import com.pulumi.gcp.certificateauthority.CertificateArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .location("us-central1")
* .name("my-pool")
* .tier("ENTERPRISE")
* .build());
* var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthorityId("my-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(false)
* .build())
* .build())
* .build())
* .build())
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthority(defaultAuthority.certificateAuthorityId())
* .name("my-certificate")
* .lifetime("860s")
* .pemCsr(StdFunctions.file(FileArgs.builder()
* .input("test-fixtures/rsa_csr.pem")
* .build()).result())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* location: us-central1
* name: my-pool
* tier: ENTERPRISE
* defaultAuthority:
* type: gcp:certificateauthority:Authority
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthorityId: my-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: false
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* defaultCertificate:
* type: gcp:certificateauthority:Certificate
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthority: ${defaultAuthority.certificateAuthorityId}
* name: my-certificate
* lifetime: 860s
* pemCsr:
* fn::invoke:
* Function: std:file
* Arguments:
* input: test-fixtures/rsa_csr.pem
* Return: result
* ```
*
* ### Privateca Certificate No Authority
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const _default = new gcp.certificateauthority.CaPool("default", {
* location: "us-central1",
* name: "my-pool",
* tier: "ENTERPRISE",
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthorityId: "my-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const defaultCertificate = new gcp.certificateauthority.Certificate("default", {
* location: "us-central1",
* pool: _default.name,
* name: "my-certificate",
* lifetime: "860s",
* config: {
* subjectConfig: {
* subject: {
* commonName: "san1.example.com",
* countryCode: "us",
* organization: "google",
* organizationalUnit: "enterprise",
* locality: "mountain view",
* province: "california",
* streetAddress: "1600 amphitheatre parkway",
* postalCode: "94109",
* },
* },
* x509Config: {
* caOptions: {
* isCa: false,
* },
* keyUsage: {
* baseKeyUsage: {
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* publicKey: {
* format: "PEM",
* key: std.filebase64({
* input: "test-fixtures/rsa_public.pem",
* }).then(invoke => invoke.result),
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* default = gcp.certificateauthority.CaPool("default",
* location="us-central1",
* name="my-pool",
* tier="ENTERPRISE")
* default_authority = gcp.certificateauthority.Authority("default",
* location="us-central1",
* pool=default.name,
* certificate_authority_id="my-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* default_certificate = gcp.certificateauthority.Certificate("default",
* location="us-central1",
* pool=default.name,
* name="my-certificate",
* lifetime="860s",
* config=gcp.certificateauthority.CertificateConfigArgs(
* subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
* common_name="san1.example.com",
* country_code="us",
* organization="google",
* organizational_unit="enterprise",
* locality="mountain view",
* province="california",
* street_address="1600 amphitheatre parkway",
* postal_code="94109",
* ),
* ),
* x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
* is_ca=False,
* ),
* key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
* format="PEM",
* key=std.filebase64(input="test-fixtures/rsa_public.pem").result,
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Location = "us-central1",
* Name = "my-pool",
* Tier = "ENTERPRISE",
* });
* var defaultAuthority = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthorityId = "my-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var defaultCertificate = new Gcp.CertificateAuthority.Certificate("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* Name = "my-certificate",
* Lifetime = "860s",
* Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs
* {
* CommonName = "san1.example.com",
* CountryCode = "us",
* Organization = "google",
* OrganizationalUnit = "enterprise",
* Locality = "mountain view",
* Province = "california",
* StreetAddress = "1600 amphitheatre parkway",
* PostalCode = "94109",
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs
* {
* IsCa = false,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs
* {
* Format = "PEM",
* Key = Std.Filebase64.Invoke(new()
* {
* Input = "test-fixtures/rsa_public.pem",
* }).Apply(invoke => invoke.Result),
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Location: pulumi.String("us-central1"),
* Name: pulumi.String("my-pool"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthorityId: pulumi.String("my-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
* Input: "test-fixtures/rsa_public.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* Name: pulumi.String("my-certificate"),
* Lifetime: pulumi.String("860s"),
* Config: &certificateauthority.CertificateConfigArgs{
* SubjectConfig: &certificateauthority.CertificateConfigSubjectConfigArgs{
* Subject: &certificateauthority.CertificateConfigSubjectConfigSubjectArgs{
* CommonName: pulumi.String("san1.example.com"),
* CountryCode: pulumi.String("us"),
* Organization: pulumi.String("google"),
* OrganizationalUnit: pulumi.String("enterprise"),
* Locality: pulumi.String("mountain view"),
* Province: pulumi.String("california"),
* StreetAddress: pulumi.String("1600 amphitheatre parkway"),
* PostalCode: pulumi.String("94109"),
* },
* },
* X509Config: &certificateauthority.CertificateConfigX509ConfigArgs{
* CaOptions: &certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(false),
* },
* KeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* PublicKey: &certificateauthority.CertificateConfigPublicKeyArgs{
* Format: pulumi.String("PEM"),
* Key: invokeFilebase64.Result,
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.Certificate;
* import com.pulumi.gcp.certificateauthority.CertificateArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .location("us-central1")
* .name("my-pool")
* .tier("ENTERPRISE")
* .build());
* var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthorityId("my-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .name("my-certificate")
* .lifetime("860s")
* .config(CertificateConfigArgs.builder()
* .subjectConfig(CertificateConfigSubjectConfigArgs.builder()
* .subject(CertificateConfigSubjectConfigSubjectArgs.builder()
* .commonName("san1.example.com")
* .countryCode("us")
* .organization("google")
* .organizationalUnit("enterprise")
* .locality("mountain view")
* .province("california")
* .streetAddress("1600 amphitheatre parkway")
* .postalCode("94109")
* .build())
* .build())
* .x509Config(CertificateConfigX509ConfigArgs.builder()
* .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()
* .isCa(false)
* .build())
* .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .crlSign(true)
* .build())
* .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .publicKey(CertificateConfigPublicKeyArgs.builder()
* .format("PEM")
* .key(StdFunctions.filebase64(Filebase64Args.builder()
* .input("test-fixtures/rsa_public.pem")
* .build()).result())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* location: us-central1
* name: my-pool
* tier: ENTERPRISE
* defaultAuthority:
* type: gcp:certificateauthority:Authority
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthorityId: my-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* lifetime: 86400s
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* defaultCertificate:
* type: gcp:certificateauthority:Certificate
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* name: my-certificate
* lifetime: 860s
* config:
* subjectConfig:
* subject:
* commonName: san1.example.com
* countryCode: us
* organization: google
* organizationalUnit: enterprise
* locality: mountain view
* province: california
* streetAddress: 1600 amphitheatre parkway
* postalCode: '94109'
* x509Config:
* caOptions:
* isCa: false
* keyUsage:
* baseKeyUsage:
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* publicKey:
* format: PEM
* key:
* fn::invoke:
* Function: std:filebase64
* Arguments:
* input: test-fixtures/rsa_public.pem
* Return: result
* ```
*
* ### Privateca Certificate Custom Ski
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
* const _default = new gcp.certificateauthority.CaPool("default", {
* location: "us-central1",
* name: "my-pool",
* tier: "ENTERPRISE",
* });
* const defaultAuthority = new gcp.certificateauthority.Authority("default", {
* location: "us-central1",
* pool: _default.name,
* certificateAuthorityId: "my-authority",
* config: {
* subjectConfig: {
* subject: {
* organization: "HashiCorp",
* commonName: "my-certificate-authority",
* },
* subjectAltName: {
* dnsNames: ["hashicorp.com"],
* },
* },
* x509Config: {
* caOptions: {
* isCa: true,
* },
* keyUsage: {
* baseKeyUsage: {
* digitalSignature: true,
* certSign: true,
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* },
* lifetime: "86400s",
* keySpec: {
* algorithm: "RSA_PKCS1_4096_SHA256",
* },
* deletionProtection: false,
* skipGracePeriod: true,
* ignoreActiveCertificatesOnDeletion: true,
* });
* const defaultCertificate = new gcp.certificateauthority.Certificate("default", {
* location: "us-central1",
* pool: _default.name,
* name: "my-certificate",
* lifetime: "860s",
* config: {
* subjectConfig: {
* subject: {
* commonName: "san1.example.com",
* countryCode: "us",
* organization: "google",
* organizationalUnit: "enterprise",
* locality: "mountain view",
* province: "california",
* streetAddress: "1600 amphitheatre parkway",
* postalCode: "94109",
* },
* },
* subjectKeyId: {
* keyId: "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* x509Config: {
* caOptions: {
* isCa: false,
* },
* keyUsage: {
* baseKeyUsage: {
* crlSign: true,
* },
* extendedKeyUsage: {
* serverAuth: true,
* },
* },
* },
* publicKey: {
* format: "PEM",
* key: std.filebase64({
* input: "test-fixtures/rsa_public.pem",
* }).then(invoke => invoke.result),
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_std as std
* default = gcp.certificateauthority.CaPool("default",
* location="us-central1",
* name="my-pool",
* tier="ENTERPRISE")
* default_authority = gcp.certificateauthority.Authority("default",
* location="us-central1",
* pool=default.name,
* certificate_authority_id="my-authority",
* config=gcp.certificateauthority.AuthorityConfigArgs(
* subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
* organization="HashiCorp",
* common_name="my-certificate-authority",
* ),
* subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
* dns_names=["hashicorp.com"],
* ),
* ),
* x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
* is_ca=True,
* ),
* key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* digital_signature=True,
* cert_sign=True,
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* ),
* lifetime="86400s",
* key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
* algorithm="RSA_PKCS1_4096_SHA256",
* ),
* deletion_protection=False,
* skip_grace_period=True,
* ignore_active_certificates_on_deletion=True)
* default_certificate = gcp.certificateauthority.Certificate("default",
* location="us-central1",
* pool=default.name,
* name="my-certificate",
* lifetime="860s",
* config=gcp.certificateauthority.CertificateConfigArgs(
* subject_config=gcp.certificateauthority.CertificateConfigSubjectConfigArgs(
* subject=gcp.certificateauthority.CertificateConfigSubjectConfigSubjectArgs(
* common_name="san1.example.com",
* country_code="us",
* organization="google",
* organizational_unit="enterprise",
* locality="mountain view",
* province="california",
* street_address="1600 amphitheatre parkway",
* postal_code="94109",
* ),
* ),
* subject_key_id=gcp.certificateauthority.CertificateConfigSubjectKeyIdArgs(
* key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* ),
* x509_config=gcp.certificateauthority.CertificateConfigX509ConfigArgs(
* ca_options=gcp.certificateauthority.CertificateConfigX509ConfigCaOptionsArgs(
* is_ca=False,
* ),
* key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageArgs(
* base_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs(
* crl_sign=True,
* ),
* extended_key_usage=gcp.certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
* server_auth=True,
* ),
* ),
* ),
* public_key=gcp.certificateauthority.CertificateConfigPublicKeyArgs(
* format="PEM",
* key=std.filebase64(input="test-fixtures/rsa_public.pem").result,
* ),
* ))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Std = Pulumi.Std;
* return await Deployment.RunAsync(() =>
* {
* var @default = new Gcp.CertificateAuthority.CaPool("default", new()
* {
* Location = "us-central1",
* Name = "my-pool",
* Tier = "ENTERPRISE",
* });
* var defaultAuthority = new Gcp.CertificateAuthority.Authority("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* CertificateAuthorityId = "my-authority",
* Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
* {
* Organization = "HashiCorp",
* CommonName = "my-certificate-authority",
* },
* SubjectAltName = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs
* {
* DnsNames = new[]
* {
* "hashicorp.com",
* },
* },
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
* {
* IsCa = true,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* DigitalSignature = true,
* CertSign = true,
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* },
* Lifetime = "86400s",
* KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
* {
* Algorithm = "RSA_PKCS1_4096_SHA256",
* },
* DeletionProtection = false,
* SkipGracePeriod = true,
* IgnoreActiveCertificatesOnDeletion = true,
* });
* var defaultCertificate = new Gcp.CertificateAuthority.Certificate("default", new()
* {
* Location = "us-central1",
* Pool = @default.Name,
* Name = "my-certificate",
* Lifetime = "860s",
* Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigArgs
* {
* SubjectConfig = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigArgs
* {
* Subject = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectConfigSubjectArgs
* {
* CommonName = "san1.example.com",
* CountryCode = "us",
* Organization = "google",
* OrganizationalUnit = "enterprise",
* Locality = "mountain view",
* Province = "california",
* StreetAddress = "1600 amphitheatre parkway",
* PostalCode = "94109",
* },
* },
* SubjectKeyId = new Gcp.CertificateAuthority.Inputs.CertificateConfigSubjectKeyIdArgs
* {
* KeyId = "4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
* },
* X509Config = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigArgs
* {
* CaOptions = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigCaOptionsArgs
* {
* IsCa = false,
* },
* KeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageArgs
* {
* BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs
* {
* CrlSign = true,
* },
* ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs
* {
* ServerAuth = true,
* },
* },
* },
* PublicKey = new Gcp.CertificateAuthority.Inputs.CertificateConfigPublicKeyArgs
* {
* Format = "PEM",
* Key = Std.Filebase64.Invoke(new()
* {
* Input = "test-fixtures/rsa_public.pem",
* }).Apply(invoke => invoke.Result),
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority"
* "github.com/pulumi/pulumi-std/sdk/go/std"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
* Location: pulumi.String("us-central1"),
* Name: pulumi.String("my-pool"),
* Tier: pulumi.String("ENTERPRISE"),
* })
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* CertificateAuthorityId: pulumi.String("my-authority"),
* Config: &certificateauthority.AuthorityConfigArgs{
* SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
* Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
* Organization: pulumi.String("HashiCorp"),
* CommonName: pulumi.String("my-certificate-authority"),
* },
* SubjectAltName: &certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs{
* DnsNames: pulumi.StringArray{
* pulumi.String("hashicorp.com"),
* },
* },
* },
* X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
* CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(true),
* },
* KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* DigitalSignature: pulumi.Bool(true),
* CertSign: pulumi.Bool(true),
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* },
* Lifetime: pulumi.String("86400s"),
* KeySpec: &certificateauthority.AuthorityKeySpecArgs{
* Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
* },
* DeletionProtection: pulumi.Bool(false),
* SkipGracePeriod: pulumi.Bool(true),
* IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* invokeFilebase64, err := std.Filebase64(ctx, &std.Filebase64Args{
* Input: "test-fixtures/rsa_public.pem",
* }, nil)
* if err != nil {
* return err
* }
* _, err = certificateauthority.NewCertificate(ctx, "default", &certificateauthority.CertificateArgs{
* Location: pulumi.String("us-central1"),
* Pool: _default.Name,
* Name: pulumi.String("my-certificate"),
* Lifetime: pulumi.String("860s"),
* Config: &certificateauthority.CertificateConfigArgs{
* SubjectConfig: &certificateauthority.CertificateConfigSubjectConfigArgs{
* Subject: &certificateauthority.CertificateConfigSubjectConfigSubjectArgs{
* CommonName: pulumi.String("san1.example.com"),
* CountryCode: pulumi.String("us"),
* Organization: pulumi.String("google"),
* OrganizationalUnit: pulumi.String("enterprise"),
* Locality: pulumi.String("mountain view"),
* Province: pulumi.String("california"),
* StreetAddress: pulumi.String("1600 amphitheatre parkway"),
* PostalCode: pulumi.String("94109"),
* },
* },
* SubjectKeyId: &certificateauthority.CertificateConfigSubjectKeyIdArgs{
* KeyId: pulumi.String("4cf3372289b1d411b999dbb9ebcd44744b6b2fca"),
* },
* X509Config: &certificateauthority.CertificateConfigX509ConfigArgs{
* CaOptions: &certificateauthority.CertificateConfigX509ConfigCaOptionsArgs{
* IsCa: pulumi.Bool(false),
* },
* KeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageArgs{
* BaseKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs{
* CrlSign: pulumi.Bool(true),
* },
* ExtendedKeyUsage: &certificateauthority.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
* ServerAuth: pulumi.Bool(true),
* },
* },
* },
* PublicKey: &certificateauthority.CertificateConfigPublicKeyArgs{
* Format: pulumi.String("PEM"),
* Key: invokeFilebase64.Result,
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.certificateauthority.CaPool;
* import com.pulumi.gcp.certificateauthority.CaPoolArgs;
* import com.pulumi.gcp.certificateauthority.Authority;
* import com.pulumi.gcp.certificateauthority.AuthorityArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectAltNameArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
* import com.pulumi.gcp.certificateauthority.Certificate;
* import com.pulumi.gcp.certificateauthority.CertificateArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectConfigSubjectArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigSubjectKeyIdArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigCaOptionsArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
* import com.pulumi.gcp.certificateauthority.inputs.CertificateConfigPublicKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var default_ = new CaPool("default", CaPoolArgs.builder()
* .location("us-central1")
* .name("my-pool")
* .tier("ENTERPRISE")
* .build());
* var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .certificateAuthorityId("my-authority")
* .config(AuthorityConfigArgs.builder()
* .subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
* .subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
* .organization("HashiCorp")
* .commonName("my-certificate-authority")
* .build())
* .subjectAltName(AuthorityConfigSubjectConfigSubjectAltNameArgs.builder()
* .dnsNames("hashicorp.com")
* .build())
* .build())
* .x509Config(AuthorityConfigX509ConfigArgs.builder()
* .caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
* .isCa(true)
* .build())
* .keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .digitalSignature(true)
* .certSign(true)
* .crlSign(true)
* .build())
* .extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .build())
* .lifetime("86400s")
* .keySpec(AuthorityKeySpecArgs.builder()
* .algorithm("RSA_PKCS1_4096_SHA256")
* .build())
* .deletionProtection(false)
* .skipGracePeriod(true)
* .ignoreActiveCertificatesOnDeletion(true)
* .build());
* var defaultCertificate = new Certificate("defaultCertificate", CertificateArgs.builder()
* .location("us-central1")
* .pool(default_.name())
* .name("my-certificate")
* .lifetime("860s")
* .config(CertificateConfigArgs.builder()
* .subjectConfig(CertificateConfigSubjectConfigArgs.builder()
* .subject(CertificateConfigSubjectConfigSubjectArgs.builder()
* .commonName("san1.example.com")
* .countryCode("us")
* .organization("google")
* .organizationalUnit("enterprise")
* .locality("mountain view")
* .province("california")
* .streetAddress("1600 amphitheatre parkway")
* .postalCode("94109")
* .build())
* .build())
* .subjectKeyId(CertificateConfigSubjectKeyIdArgs.builder()
* .keyId("4cf3372289b1d411b999dbb9ebcd44744b6b2fca")
* .build())
* .x509Config(CertificateConfigX509ConfigArgs.builder()
* .caOptions(CertificateConfigX509ConfigCaOptionsArgs.builder()
* .isCa(false)
* .build())
* .keyUsage(CertificateConfigX509ConfigKeyUsageArgs.builder()
* .baseKeyUsage(CertificateConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
* .crlSign(true)
* .build())
* .extendedKeyUsage(CertificateConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
* .serverAuth(true)
* .build())
* .build())
* .build())
* .publicKey(CertificateConfigPublicKeyArgs.builder()
* .format("PEM")
* .key(StdFunctions.filebase64(Filebase64Args.builder()
* .input("test-fixtures/rsa_public.pem")
* .build()).result())
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* default:
* type: gcp:certificateauthority:CaPool
* properties:
* location: us-central1
* name: my-pool
* tier: ENTERPRISE
* defaultAuthority:
* type: gcp:certificateauthority:Authority
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* certificateAuthorityId: my-authority
* config:
* subjectConfig:
* subject:
* organization: HashiCorp
* commonName: my-certificate-authority
* subjectAltName:
* dnsNames:
* - hashicorp.com
* x509Config:
* caOptions:
* isCa: true
* keyUsage:
* baseKeyUsage:
* digitalSignature: true
* certSign: true
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* lifetime: 86400s
* keySpec:
* algorithm: RSA_PKCS1_4096_SHA256
* deletionProtection: false
* skipGracePeriod: true
* ignoreActiveCertificatesOnDeletion: true
* defaultCertificate:
* type: gcp:certificateauthority:Certificate
* name: default
* properties:
* location: us-central1
* pool: ${default.name}
* name: my-certificate
* lifetime: 860s
* config:
* subjectConfig:
* subject:
* commonName: san1.example.com
* countryCode: us
* organization: google
* organizationalUnit: enterprise
* locality: mountain view
* province: california
* streetAddress: 1600 amphitheatre parkway
* postalCode: '94109'
* subjectKeyId:
* keyId: 4cf3372289b1d411b999dbb9ebcd44744b6b2fca
* x509Config:
* caOptions:
* isCa: false
* keyUsage:
* baseKeyUsage:
* crlSign: true
* extendedKeyUsage:
* serverAuth: true
* publicKey:
* format: PEM
* key:
* fn::invoke:
* Function: std:filebase64
* Arguments:
* input: test-fixtures/rsa_public.pem
* Return: result
* ```
*
* ## Import
* Certificate can be imported using any of these accepted formats:
* * `projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}`
* * `{{project}}/{{location}}/{{pool}}/{{name}}`
* * `{{location}}/{{pool}}/{{name}}`
* When using the `pulumi import` command, Certificate can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:certificateauthority/certificate:Certificate default projects/{{project}}/locations/{{location}}/caPools/{{pool}}/certificates/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/certificate:Certificate default {{project}}/{{location}}/{{pool}}/{{name}}
* ```
* ```sh
* $ pulumi import gcp:certificateauthority/certificate:Certificate default {{location}}/{{pool}}/{{name}}
* ```
* @property certificateAuthority The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from
* a Certificate Authority with resource name `projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca`,
* argument `pool` should be set to `projects/my-project/locations/us-central1/caPools/my-pool`, argument `certificate_authority`
* should be set to `my-ca`.
* @property certificateTemplate The resource name for a CertificateTemplate used to issue this certificate,
* in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified,
* the caller must have the necessary permission to use this template. If this is
* omitted, no template will be used. This template must be in the same location
* as the Certificate.
* @property config The config used to create a self-signed X.509 certificate or CSR.
* Structure is documented below.
* @property labels Labels with user-defined metadata to apply to this resource.
* **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
* Please refer to the field `effective_labels` for all of the labels present on the resource.
* @property lifetime The desired lifetime of the CA certificate. Used to create the "notBeforeTime" and
* "notAfterTime" fields inside an X.509 certificate. A duration in seconds with up to nine
* fractional digits, terminated by 's'. Example: "3.5s".
* @property location Location of the Certificate. A full list of valid locations can be found by
* running `gcloud privateca locations list`.
* - - -
* @property name The name for this Certificate.
* @property pemCsr Immutable. A pem-encoded X.509 certificate signing request (CSR).
* @property pool The name of the CaPool this Certificate belongs to.
* @property project The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
* */*/*/
*/
public data class CertificateArgs(
public val certificateAuthority: Output? = null,
public val certificateTemplate: Output? = null,
public val config: Output? = null,
public val labels: Output
© 2015 - 2025 Weber Informatics LLC | Privacy Policy